Merge pull request #131 from borski/pr-130-review

feature/api_tokens review fixes: role enforcement security + UI bugfixes
Remove role override UI since backend enforces user's actual role
2026-06-03 04:40:09 +00:00 · 2026-03-04 23:03:14 -05:00 · 2026-03-04 17:15:46 -08:00 · 2026-03-04 16:57:02 -08:00 · 2026-03-04 16:53:11 -08:00 · 2026-03-04 16:27:52 -08:00
312 changed files with 28236 additions and 3355 deletions
@@ -53,4 +53,6 @@ next-env.d.ts
 /redis
 /pgdata
 /test-media
-/test-data
+/test-data
 /bookdrop
 dockerfile.patch
@@ -17,6 +17,11 @@ services:
      - ./downloads:/downloads
      - ./media:/media
      # Book Drop: optional folder for Manual Import (Admin → audiobook → Manual Import)
      # Map any host folder here and it will appear as a browsable root in the file picker.
      # Example: - /path/to/your/audiobooks:/bookdrop
      # - ./bookdrop:/bookdrop
      # PostgreSQL data persistence
      - ./pgdata:/var/lib/postgresql/data
@@ -53,6 +58,24 @@ services:
      # CONFIG_ENCRYPTION_KEY: "your-custom-encryption-key-here"
      # POSTGRES_PASSWORD: "your-custom-postgres-password-here"
      # ========================================================================
      # OPTIONAL: External PostgreSQL and Redis
      # ========================================================================
      # To use external PostgreSQL or Redis instances instead of the internal ones,
      # uncomment and configure the appropriate URL(s):
      #
      # External PostgreSQL example:
      # DATABASE_URL: "postgresql://username:password@postgres.example.com:5432/readmeabook"
      #
      # External Redis example:
      # REDIS_URL: "redis://redis.example.com:6379"
      # REDIS_URL: "redis://:password@redis.example.com:6379"  # With password
      #
      # Note: When using external services:
      # - The internal PostgreSQL/Redis will NOT start (smart detection)
      # - You do NOT need to mount ./pgdata or ./redis volumes
      # - Ensure your external services are accessible from the container
      # ========================================================================
      # OPTIONAL: Rootless Podman Support
      # ========================================================================
@@ -71,6 +94,9 @@ services:
      # PLEX_CLIENT_IDENTIFIER: "readmeabook-custom-id"
      # PLEX_PRODUCT_NAME: "ReadMeABook"
      # LOG_LEVEL: "info"
      # DISABLE_LOCAL_LOGIN: "true"  # Set to "true" to disable local login (force OAuth)
      # ALLOW_WEAK_PASSWORD: "true"  # Set to "true" to remove minimum password length requirement
      # ========================================================================
      # IMPORTANT: Public URL Configuration (Required for OAuth)
@@ -53,14 +53,75 @@ start_server() {
 start_server
 SERVER_PID=$!
-echo "[App] Waiting for server to be ready..."
+# =============================================================================
-sleep 5
+# WAIT FOR SERVER READINESS
 # =============================================================================
 # The health endpoint (/api/health) checks both the Next.js server AND database
 # connectivity. We must wait for both before initializing scheduled jobs.
-# Initialize application services (creates default scheduled jobs)
+HEALTH_URL="http://localhost:3030/api/health"
-echo "[App] Initializing application services..."
+INIT_URL="http://localhost:3030/api/init"
-curl -sf http://localhost:3030/api/init || echo "[App] Warning: Failed to initialize services (may already be initialized)"
+READY_TIMEOUT=${APP_READY_TIMEOUT:-60}
 INIT_RETRIES=${APP_INIT_RETRIES:-5}
-echo "[App] Server ready with PID $SERVER_PID"
+echo "[App] Waiting for server to be ready (timeout: ${READY_TIMEOUT}s)..."
 READY=false
 for i in $(seq 1 "$READY_TIMEOUT"); do
    # Check if the server process is still alive
    if ! kill -0 "$SERVER_PID" 2>/dev/null; then
        echo "[App] ERROR: Server process (PID $SERVER_PID) exited unexpectedly"
        exit 1
    fi
    if curl -sf "$HEALTH_URL" > /dev/null 2>&1; then
        READY=true
        echo "[App] Server is healthy (took ${i}s)"
        break
    fi
    # Log progress every 10 seconds
    if [ $((i % 10)) -eq 0 ]; then
        echo "[App] Still waiting for server... (${i}/${READY_TIMEOUT}s)"
    fi
    sleep 1
 done
 if [ "$READY" = "false" ]; then
    echo "[App] ERROR: Server did not become healthy within ${READY_TIMEOUT}s"
    echo "[App] The scheduler will not be initialized - scheduled jobs may be missing"
    echo "[App] Check server logs above for errors (database connection, port conflict, etc.)"
 else
    # =========================================================================
    # INITIALIZE APPLICATION SERVICES
    # =========================================================================
    # Creates default scheduled jobs, runs credential migration, etc.
    # Retry with backoff to handle transient failures during startup.
    echo "[App] Initializing application services..."
    INIT_SUCCESS=false
    for attempt in $(seq 1 "$INIT_RETRIES"); do
        HTTP_CODE=$(curl -sf -o /dev/null -w "%{http_code}" "$INIT_URL" 2>/dev/null) || HTTP_CODE="000"
        if [ "$HTTP_CODE" = "200" ]; then
            INIT_SUCCESS=true
            echo "[App] Services initialized successfully"
            break
        fi
        echo "[App] Init attempt $attempt/$INIT_RETRIES failed (HTTP $HTTP_CODE), retrying in ${attempt}s..."
        sleep "$attempt"
    done
    if [ "$INIT_SUCCESS" = "false" ]; then
        echo "[App] ERROR: Failed to initialize services after $INIT_RETRIES attempts"
        echo "[App] Scheduled jobs may be missing - check application logs for details"
    fi
 fi
 echo "[App] Server running with PID $SERVER_PID"
 # Verify the process is running with correct UID:GID (for debugging)
 if [ -f "/proc/$SERVER_PID/status" ]; then
@@ -157,67 +157,104 @@ export PLEX_PRODUCT_NAME="${PLEX_PRODUCT_NAME:-ReadMeABook}"
 export LOG_LEVEL="${LOG_LEVEL:-info}"
 # ============================================================================
-# INITIALIZE POSTGRESQL
+# DETECT EXTERNAL SERVICES
 # ============================================================================
-PGDATA="/var/lib/postgresql/data"
+# Check if user provided external DATABASE_URL or REDIS_URL
-PG_WAS_EMPTY=0
+USE_EXTERNAL_POSTGRES=false
 USE_EXTERNAL_REDIS=false
-# Ensure correct ownership of data directories (critical for bind mounts)
+if [ -n "$DATABASE_URL" ]; then
-echo "🔧 Setting up directory permissions..."
+    DB_HOST=$(echo "$DATABASE_URL" | sed -n 's|.*@\([^:/]*\).*|\1|p')
-
+    if [ "$DB_HOST" != "127.0.0.1" ] && [ "$DB_HOST" != "localhost" ]; then
-# PostgreSQL directories - owned by postgres user, group accessible
+        USE_EXTERNAL_POSTGRES=true
-if ! chown -R postgres:postgres "$PGDATA" /var/run/postgresql 2>/dev/null; then
+        echo "ℹ️  External PostgreSQL detected at $DB_HOST"
-    echo ""
+    fi
    echo "❌ ERROR: Failed to set ownership on PostgreSQL directories"
    echo ""
    echo "   This usually happens when using bind mounts on incompatible filesystems."
    echo ""
    echo "   Common causes:"
    echo "   - WSL2: Project on Windows filesystem (/mnt/c/...)"
    echo "   - NFS/CIFS: Mount without proper permission support"
    echo ""
    echo "   Solutions:"
    echo ""
    echo "   1. Use Docker named volumes (recommended for WSL2):"
    echo "      In docker-compose.yml, change:"
    echo "        - ./pgdata:/var/lib/postgresql/data"
    echo "      To:"
    echo "        - pgdata:/var/lib/postgresql/data"
    echo "      Then add at bottom:"
    echo "        volumes:"
    echo "          pgdata:"
    echo ""
    echo "   2. Move project to Linux filesystem (WSL2):"
    echo "      mkdir -p ~/readmeabook && cd ~/readmeabook"
    echo "      # Copy docker-compose.yml and restart"
    echo ""
    echo "   3. Pre-create directories with correct ownership:"
    echo "      mkdir -p pgdata redis config cache"
    echo "      # Let Docker create them on first run"
    echo ""
    exit 1
 fi
-if [ -n "$PGID" ]; then
+if [ -n "$REDIS_URL" ]; then
-    # With PUID/PGID: Use 750 (owner rwx, group rx) for PostgreSQL data
+    # Extract host from REDIS_URL - handles both redis://host:port and redis://:password@host:port
-    # This allows the PGID group to read PostgreSQL files if needed
+    if echo "$REDIS_URL" | grep -q '@'; then
-    chmod 750 "$PGDATA"
+        REDIS_HOST=$(echo "$REDIS_URL" | sed -n 's|.*@\([^:/]*\).*|\1|p')
-    chmod 775 /var/run/postgresql
+    else
        REDIS_HOST=$(echo "$REDIS_URL" | sed -n 's|redis://\([^:/]*\).*|\1|p')
    fi
    if [ -n "$REDIS_HOST" ] && [ "$REDIS_HOST" != "127.0.0.1" ] && [ "$REDIS_HOST" != "localhost" ]; then
        USE_EXTERNAL_REDIS=true
        echo "ℹ️  External Redis detected at $REDIS_HOST"
    fi
 fi
 # ============================================================================
 # INITIALIZE POSTGRESQL (only if using internal PostgreSQL)
 # ============================================================================
 if [ "$USE_EXTERNAL_POSTGRES" = "false" ]; then
    echo "📦 Configuring internal PostgreSQL..."
    PGDATA="/var/lib/postgresql/data"
    PG_WAS_EMPTY=0
    # Ensure correct ownership of data directories (critical for bind mounts)
    echo "🔧 Setting up directory permissions..."
    # PostgreSQL directories - owned by postgres user, group accessible
    if ! chown -R postgres:postgres "$PGDATA" /var/run/postgresql 2>/dev/null; then
        echo ""
        echo "❌ ERROR: Failed to set ownership on PostgreSQL directories"
        echo ""
        echo "   This usually happens when using bind mounts on incompatible filesystems."
        echo ""
        echo "   Common causes:"
        echo "   - WSL2: Project on Windows filesystem (/mnt/c/...)"
        echo "   - NFS/CIFS: Mount without proper permission support"
        echo ""
        echo "   Solutions:"
        echo ""
        echo "   1. Use Docker named volumes (recommended for WSL2):"
        echo "      In docker-compose.yml, change:"
        echo "        - ./pgdata:/var/lib/postgresql/data"
        echo "      To:"
        echo "        - pgdata:/var/lib/postgresql/data"
        echo "      Then add at bottom:"
        echo "        volumes:"
        echo "          pgdata:"
        echo ""
        echo "   2. Move project to Linux filesystem (WSL2):"
        echo "      mkdir -p ~/readmeabook && cd ~/readmeabook"
        echo "      # Copy docker-compose.yml and restart"
        echo ""
        echo "   3. Pre-create directories with correct ownership:"
        echo "      mkdir -p pgdata redis config cache"
        echo "      # Let Docker create them on first run"
        echo ""
        exit 1
    fi
    if [ -n "$PGID" ]; then
        # With PUID/PGID: Use 750 (owner rwx, group rx) for PostgreSQL data
        # This allows the PGID group to read PostgreSQL files if needed
        chmod 750 "$PGDATA"
        chmod 775 /var/run/postgresql
    else
        # Without PUID/PGID: Use strict 700 permissions (owner only)
        chmod 700 "$PGDATA"
        chmod 775 /var/run/postgresql
    fi
 else
-    # Without PUID/PGID: Use strict 700 permissions (owner only)
+    echo "⏭️  Skipping internal PostgreSQL setup (using external database)"
    chmod 700 "$PGDATA"
    chmod 775 /var/run/postgresql
 fi
 # Redis directory - owned by redis user (remapped to PUID:PGID if set)
-if ! chown -R redis:redis /var/lib/redis 2>/dev/null; then
+if [ "$USE_EXTERNAL_REDIS" = "false" ]; then
-    echo ""
+    if ! chown -R redis:redis /var/lib/redis 2>/dev/null; then
-    echo "❌ ERROR: Failed to set ownership on Redis directory"
+        echo ""
-    echo "   See solutions above for PostgreSQL directories"
+        echo "❌ ERROR: Failed to set ownership on Redis directory"
-    echo ""
+        echo "   See solutions above for PostgreSQL directories"
-    exit 1
+        echo ""
        exit 1
    fi
    chmod 770 /var/lib/redis
 else
    echo "⏭️  Skipping internal Redis setup (using external Redis)"
 fi
 chmod 770 /var/lib/redis
 # App directories - owned by node user (remapped to PUID:PGID if set)
 # These need group write permissions for shared access
@@ -232,18 +269,20 @@ chmod 775 /app/config /app/cache
 echo "✅ Directory permissions configured"
-if [ ! -f "$PGDATA/PG_VERSION" ]; then
+if [ "$USE_EXTERNAL_POSTGRES" = "false" ]; then
-    PG_WAS_EMPTY=1
+    # Only initialize/setup PostgreSQL if using internal instance
-    echo "📦 Initializing PostgreSQL database..."
+    if [ ! -f "$PGDATA/PG_VERSION" ]; then
-    su - postgres -c "/usr/lib/postgresql/16/bin/initdb -D $PGDATA"
+        PG_WAS_EMPTY=1
        echo "📦 Initializing PostgreSQL database..."
        su - postgres -c "/usr/lib/postgresql/16/bin/initdb -D $PGDATA"
-    # Configure PostgreSQL for local access
+        # Configure PostgreSQL for local access
-    echo "host all all 127.0.0.1/32 trust" >> "$PGDATA/pg_hba.conf"
+        echo "host all all 127.0.0.1/32 trust" >> "$PGDATA/pg_hba.conf"
-    echo "host all all ::1/128 trust" >> "$PGDATA/pg_hba.conf"
+        echo "host all all ::1/128 trust" >> "$PGDATA/pg_hba.conf"
-    echo "local all all trust" >> "$PGDATA/pg_hba.conf"
+        echo "local all all trust" >> "$PGDATA/pg_hba.conf"
-    # Update postgresql.conf for performance
+        # Update postgresql.conf for performance
-    cat >> "$PGDATA/postgresql.conf" <<EOF
+        cat >> "$PGDATA/postgresql.conf" <<EOF
 listen_addresses = '127.0.0.1'
 max_connections = 100
 shared_buffers = 128MB
@@ -254,31 +293,31 @@ log_destination = 'stderr'
 logging_collector = off
 EOF
-    echo "✅ PostgreSQL initialized"
+        echo "✅ PostgreSQL initialized"
-else
+    else
-    echo "✅ PostgreSQL data directory already exists"
+        echo "✅ PostgreSQL data directory already exists"
 fi
 # ============================================================================
 # START POSTGRESQL TEMPORARILY TO CREATE USER/DATABASE
 # ============================================================================
 echo "🔧 Starting PostgreSQL for setup..."
 su - postgres -c "/usr/lib/postgresql/16/bin/pg_ctl -D $PGDATA -w start -o '-c listen_addresses=127.0.0.1'"
 # Wait for PostgreSQL to be ready
 for i in {1..30}; do
    if su - postgres -c "/usr/lib/postgresql/16/bin/pg_isready -h 127.0.0.1 -p 5432" > /dev/null 2>&1; then
        echo "✅ PostgreSQL is ready"
        break
    fi
    echo "⏳ Waiting for PostgreSQL to be ready... ($i/30)"
    sleep 1
 done
-# Always ensure user and database exist (safe due to IF NOT EXISTS checks)
+    # ========================================================================
-# This handles cases where data directory exists but user/database don't
+    # START POSTGRESQL TEMPORARILY TO CREATE USER/DATABASE
-echo "👤 Ensuring database user and database exist..."
+    # ========================================================================
-su - postgres -c "psql -h 127.0.0.1 -U postgres" <<EOF
+    echo "🔧 Starting PostgreSQL for setup..."
    su - postgres -c "/usr/lib/postgresql/16/bin/pg_ctl -D $PGDATA -w start -o '-c listen_addresses=127.0.0.1'"
    # Wait for PostgreSQL to be ready
    for i in {1..30}; do
        if su - postgres -c "/usr/lib/postgresql/16/bin/pg_isready -h 127.0.0.1 -p 5432" > /dev/null 2>&1; then
            echo "✅ PostgreSQL is ready"
            break
        fi
        echo "⏳ Waiting for PostgreSQL to be ready... ($i/30)"
        sleep 1
    done
    # Always ensure user and database exist (safe due to IF NOT EXISTS checks)
    # This handles cases where data directory exists but user/database don't
    echo "👤 Ensuring database user and database exist..."
    su - postgres -c "psql -h 127.0.0.1 -U postgres" <<EOF
 DO \$\$
 BEGIN
    IF NOT EXISTS (SELECT FROM pg_user WHERE usename = '$POSTGRES_USER') THEN
@@ -296,19 +335,36 @@ GRANT ALL PRIVILEGES ON DATABASE $POSTGRES_DB TO $POSTGRES_USER;
 ALTER DATABASE $POSTGRES_DB OWNER TO $POSTGRES_USER;
 EOF
-if [ "$PG_WAS_EMPTY" -eq 1 ]; then
+    if [ "$PG_WAS_EMPTY" -eq 1 ]; then
-    echo "✅ Database initialized and setup complete"
+        echo "✅ Database initialized and setup complete"
-else
+    else
-    echo "✅ Database user and permissions verified"
+        echo "✅ Database user and permissions verified"
    fi
 fi
 # ============================================================================
 # SET ENVIRONMENT VARIABLES FOR APP
 # ============================================================================
-# URL-encode the password to handle special characters
+# Set DATABASE_URL and REDIS_URL based on whether we're using internal or external services
-ENCODED_PASSWORD=$(urlencode "$POSTGRES_PASSWORD")
+if [ "$USE_EXTERNAL_POSTGRES" = "false" ]; then
-export DATABASE_URL="postgresql://$POSTGRES_USER:$ENCODED_PASSWORD@127.0.0.1:5432/$POSTGRES_DB"
+    # URL-encode the password to handle special characters
-export REDIS_URL="redis://127.0.0.1:6379"
+    ENCODED_PASSWORD=$(urlencode "$POSTGRES_PASSWORD")
    export DATABASE_URL="postgresql://$POSTGRES_USER:$ENCODED_PASSWORD@127.0.0.1:5432/$POSTGRES_DB"
    echo "✅ Using internal PostgreSQL (127.0.0.1:5432)"
 else
    # DATABASE_URL already set by user - do not modify
    echo "✅ Using external DATABASE_URL: $(echo "$DATABASE_URL" | sed 's|//.*@|//***@|')"
 fi
 if [ "$USE_EXTERNAL_REDIS" = "false" ]; then
    export REDIS_URL="redis://127.0.0.1:6379"
    echo "✅ Using internal Redis (127.0.0.1:6379)"
 else
    # REDIS_URL already set by user - do not modify
    echo "✅ Using external REDIS_URL: $(echo "$REDIS_URL" | sed 's|//.*@|//***@|')"
 fi
 export NODE_ENV="production"
 export PORT="3030"
 export HOSTNAME="0.0.0.0"
@@ -318,6 +374,8 @@ export HOSTNAME="0.0.0.0"
 cat > /etc/environment <<EOF
 DATABASE_URL=$DATABASE_URL
 REDIS_URL=$REDIS_URL
 USE_EXTERNAL_POSTGRES=$USE_EXTERNAL_POSTGRES
 USE_EXTERNAL_REDIS=$USE_EXTERNAL_REDIS
 JWT_SECRET=$JWT_SECRET
 JWT_REFRESH_SECRET=$JWT_REFRESH_SECRET
 CONFIG_ENCRYPTION_KEY=$CONFIG_ENCRYPTION_KEY
@@ -335,15 +393,21 @@ EOF
 echo "✅ Environment configured"
 # ============================================================================
-# RUN PRISMA MIGRATIONS (while PostgreSQL is still running)
+# RUN PRISMA MIGRATIONS
 # ============================================================================
 if [ "$USE_EXTERNAL_POSTGRES" = "true" ]; then
    echo "⚠️  Running schema sync against EXTERNAL database - prisma db push --accept-data-loss"
    echo "   This runs on every container start. Ensure your external database is backed up."
 fi
 echo "🔄 Running Prisma migrations..."
 cd /app
 su - node -c "cd /app && DATABASE_URL='$DATABASE_URL' npx prisma db push --skip-generate --accept-data-loss" || echo "⚠️  Migrations may have failed, continuing..."
-# Stop PostgreSQL (supervisord will start it)
+# Stop internal PostgreSQL (supervisord will restart it via wrapper)
-echo "🔧 Stopping temporary PostgreSQL instance..."
+if [ "$USE_EXTERNAL_POSTGRES" = "false" ]; then
-su - postgres -c "/usr/lib/postgresql/16/bin/pg_ctl -D $PGDATA stop -m fast"
+    echo "🔧 Stopping temporary PostgreSQL instance..."
    su - postgres -c "/usr/lib/postgresql/16/bin/pg_ctl -D $PGDATA stop -m fast"
 fi
 # ============================================================================
 # DISPLAY STARTUP INFO
@@ -361,8 +425,16 @@ if [ "$POSTGRES_PASSWORD" = "$(generate_secret)" ]; then
 fi
 echo ""
 echo "📊 Services starting:"
-echo "   - PostgreSQL (internal, user=postgres)"
+if [ "$USE_EXTERNAL_POSTGRES" = "false" ]; then
-echo "   - Redis (internal, UID:GID=${PUID:-102}:${PGID:-102})"
+    echo "   - PostgreSQL (internal, 127.0.0.1:5432)"
 else
    echo "   - PostgreSQL (external - local instance disabled)"
 fi
 if [ "$USE_EXTERNAL_REDIS" = "false" ]; then
    echo "   - Redis (internal, 127.0.0.1:6379, UID:GID=${PUID:-102}:${PGID:-102})"
 else
    echo "   - Redis (external - local instance disabled)"
 fi
 echo "   - Next.js App (port 3030, UID:GID=${PUID:-1000}:${PGID:-1000})"
 if [ "${ROOTLESS_CONTAINER}" = "true" ]; then
    echo ""
@@ -0,0 +1,21 @@
 #!/bin/bash
 # PostgreSQL startup wrapper for unified container
 # Checks USE_EXTERNAL_POSTGRES flag (set by entrypoint) to decide whether
 # to start the local instance or sleep to keep supervisord happy.
 set -e
 # Load environment from /etc/environment (set by entrypoint)
 if [ -f /etc/environment ]; then
    set -a
    source /etc/environment
    set +a
 fi
 if [ "$USE_EXTERNAL_POSTGRES" = "true" ]; then
    echo "[PostgreSQL] External database configured - skipping local instance"
    exec sleep infinity
 fi
 echo "[PostgreSQL] Starting local PostgreSQL server..."
 exec /usr/lib/postgresql/16/bin/postgres -D /var/lib/postgresql/data
@@ -1,5 +1,8 @@
 #!/bin/bash
 # Redis startup wrapper for unified container
 # Checks USE_EXTERNAL_REDIS flag (set by entrypoint) to decide whether
 # to start the local instance or sleep to keep supervisord happy.
 #
 # Uses gosu to ensure correct PUID:PGID for file operations
 #
 # Supports:
@@ -15,11 +18,17 @@ if [ -f /etc/environment ]; then
    set +a
 fi
 if [ "$USE_EXTERNAL_REDIS" = "true" ]; then
    echo "[Redis] External Redis configured - skipping local instance"
    exec sleep infinity
 fi
 echo "[Redis] Starting local Redis server..."
 # Get PUID/PGID (default to redis user's current IDs if not set)
 PUID=${PUID:-$(id -u redis)}
 PGID=${PGID:-$(id -g redis)}
 echo "[Redis] Starting Redis server..."
 echo "[Redis] Process will run as UID:GID = $PUID:$PGID"
 # =============================================================================
@@ -7,7 +7,7 @@ loglevel=info
 pidfile=/var/run/supervisord.pid
 [program:postgresql]
-command=/usr/lib/postgresql/16/bin/postgres -D /var/lib/postgresql/data
+command=/app/postgres-start.sh
 user=postgres
 autostart=true
 autorestart=true
@@ -115,6 +115,11 @@ COPY --chown=root:root docker/unified/redis-start.sh /app/redis-start.sh
 # Convert line endings and make executable
 RUN sed -i 's/\r$//' /app/redis-start.sh && chmod +x /app/redis-start.sh
 # Copy postgres startup wrapper
 COPY --chown=root:root docker/unified/postgres-start.sh /app/postgres-start.sh
 # Convert line endings and make executable
 RUN sed -i 's/\r$//' /app/postgres-start.sh && chmod +x /app/postgres-start.sh
 # Expose app port
 EXPOSE 3030
@@ -0,0 +1,335 @@
 # Documentation System Agent — Master Prompt
 You are a documentation architect. Your job is to analyze a codebase from scratch and produce a **cascading, token-efficient documentation system** with a navigational index. When you are done, future AI agents dropped into this repo will be able to find any information they need by reading a single table of contents file, then following a link to exactly the right document — never wasting tokens reading irrelevant material.
 ---
 ## 1. What You Are Building
 You are building three things:
 ### A. A `documentation/` directory
 A tree of concise, AI-optimized markdown files that describe every meaningful part of the codebase. The structure mirrors the codebase's own architecture (backend services, frontend components, integrations, configuration, etc.) rather than imposing an arbitrary layout.
 ### B. A `documentation/TABLEOFCONTENTS.md` file
 The **single entry point** for all documentation. This file maps natural-language questions and topic keywords to specific documentation files. Any agent that needs to understand something reads this file first, finds the 1-3 relevant docs, and reads only those. This is the most important file you will produce.
 ### C. A `CLAUDE.md` file at the project root
 Project instructions that teach future agents how to use the documentation system. This file is automatically loaded into every Claude Code conversation, so it must be concise, directive, and self-contained.
 ---
 ## 2. The Token-Efficient Documentation Format
 Every documentation file you create MUST follow this format. No exceptions.
 ### 2.1 Structure Template
 ```markdown
 # [Title]
 **Status:** [Implemented | Partial | Planned] — [One-line summary of what this is]
 ## Overview
 [1-3 sentences. What is this? What does it do? Why does it exist?]
 ## Key Details
 - Bullet points, not prose
 - Data models: field names, types, constraints
 - API endpoints: method, path, request/response shape
 - Config keys and their values/defaults
 - Enums, status values, important constants
 - File paths and code locations
 - Behavioral rules and edge cases
 ## API / Interfaces
 [If applicable — tables or compact code blocks for endpoints, function signatures, event names, etc.]
 ## Dependencies
 [What this depends on, and what depends on it — keep to a bullet list]
 ## Known Issues / Gotchas
 [Only if there are real, non-obvious pitfalls. Omit section entirely if none.]
 ## Related
 - [Link to related doc 1]
 - [Link to related doc 2]
 ```
 ### 2.2 Format Rules
 **REQUIRED — always include:**
 - Status line with one-line summary
 - API endpoints, data models, config keys (complete and accurate)
 - File paths to source code (so agents can navigate directly)
 - Enums, constants, and status values (exact strings/numbers)
 - Dependency relationships between components
 - Gotchas that have caused or could cause bugs
 **FORBIDDEN — never include:**
 - Verbose prose or narrative explanations
 - "Why we chose X" sections (brief rationale in a bullet is fine)
 - ASCII art diagrams larger than 5 lines
 - More than 2 code examples per document
 - "Future enhancements" or roadmap speculation
 - "Testing strategy" sections (unless tests are the subject of the doc)
 - "Performance considerations" (unless performance is the subject)
 - Empty sections or placeholder text
 - Decorative formatting, horizontal rules between every section, emoji
 **TARGET:** Each doc file should be 30-80 lines. If it exceeds 120 lines, split it into sub-documents and link from a parent. The goal is ~70% fewer tokens than traditional documentation while preserving 100% of the technical details an agent needs.
 ---
 ## 3. The TABLEOFCONTENTS.md Format
 This is the **router**. It maps questions to files. Format:
 ```markdown
 # Table of Contents — [Project Name]
 > **Read this file first.** Find your topic below, then read ONLY the linked files.
 ## Quick Reference
 | Topic | File |
 |-------|------|
 | [Short topic] | [path/to/file.md] |
 | ... | ... |
 ## By Category
 ### [Category Name] (e.g., "Authentication", "Database", "API Endpoints")
 | Question / Topic | File(s) |
 |-------------------|---------|
 | How does [X] work? | [path.md] |
 | What are the [Y] endpoints? | [path.md] |
 | How is [Z] configured? | [path1.md], [path2.md] |
 ### [Next Category]
 ...
 ## Architecture Overview
 [3-10 bullet points describing the high-level architecture — frameworks, major services, data flow. Just enough for an agent to orient itself before diving into specific docs.]
 ```
 **Rules for TABLEOFCONTENTS.md:**
 - Every documentation file MUST appear in at least one table row
 - Questions should be phrased the way a developer or AI agent would actually ask them
 - A single question can map to multiple files (e.g., "How do downloads work?" → `downloads.md`, `jobs.md`)
 - A single file can appear under multiple questions
 - Categories should match the codebase's actual domain boundaries, not generic labels
 - The Architecture Overview section gives agents a 30-second orientation before they search for specifics
 ---
 ## 4. Execution Plan
 Follow these phases in order. **Delegate heavily using the Task tool** — you should be orchestrating, not doing all the reading yourself.
 ### Phase 1: Deep Discovery (Delegate to Explore Agents)
 Launch **3-5 parallel Explore agents** using the Task tool to map the entire codebase. Each agent should focus on a different area. Suggested splits:
 **Agent 1 — Project Structure & Config:**
 - Map the top-level directory tree (2-3 levels deep)
 - Identify the tech stack (languages, frameworks, package managers)
 - Read config files (package.json, tsconfig, docker-compose, .env.example, etc.)
 - Identify build/deploy pipeline
 - Note the entry points of the application
 **Agent 2 — Backend / Server-Side:**
 - Identify all backend services, controllers, routes, middleware
 - Map API endpoints (paths, methods, handlers)
 - Identify the database layer (ORM, schema files, migrations)
 - Note background jobs, queues, cron tasks, workers
 - Identify authentication/authorization mechanisms
 **Agent 3 — Frontend / Client-Side:**
 - Identify UI framework and component structure
 - Map page routes and navigation
 - Identify state management approach
 - Note API client/service layer
 - Identify shared components, layouts, hooks
 **Agent 4 — Integrations & External Services:**
 - Identify all third-party API integrations
 - Map external service connections (databases, caches, message queues, cloud services)
 - Note webhook handlers, OAuth flows, API keys
 - Identify notification systems (email, push, SMS)
 **Agent 5 — Data Layer & Business Logic:**
 - Map database schema (tables/collections, relationships, key fields)
 - Identify core business logic and domain models
 - Map data validation rules
 - Note important algorithms or complex logic
 Adjust these splits based on what the repo actually contains. A frontend-only repo doesn't need a backend agent. A CLI tool doesn't need a frontend agent. Use your judgment.
 **Each agent should return:**
 - A structured summary of what it found
 - File paths to the most important source files
 - A suggested list of documentation topics for its area
 ### Phase 2: Architecture Synthesis
 After all discovery agents return, synthesize their findings:
 1. **Draw the dependency map** — What are the major components? How do they connect?
 2. **Identify documentation topics** — Each distinct service, feature, integration, or subsystem gets its own doc file
 3. **Design the directory structure** — Mirror the codebase's architecture. Example:
   ```
   documentation/
   ├── TABLEOFCONTENTS.md
   ├── README.md              # Project overview (brief)
   ├── architecture.md        # System architecture, tech stack, data flow
   ├── backend/
   │   ├── api-endpoints.md   # Or split by domain: users.md, orders.md, etc.
   │   ├── database.md        # Schema, ORM, migrations
   │   ├── auth.md            # Authentication & authorization
   │   └── jobs.md            # Background processing
   ├── frontend/
   │   ├── components.md      # Component tree, shared components
   │   ├── routing.md         # Pages, navigation, guards
   │   └── state.md           # State management
   ├── integrations/
   │   ├── [service-name].md  # One per external integration
   │   └── ...
   └── deployment/
       └── docker.md          # Or whatever the deploy mechanism is
   ```
 4. **Prioritize** — Rank topics by impact. High-impact = core architecture, APIs, database schema, auth, and anything with complex logic or non-obvious behavior. Low-impact = static config files, simple utility functions, standard boilerplate.
 ### Phase 3: Documentation Generation (Delegate to Writer Agents)
 Launch **parallel writer agents** using the Task tool. Each agent writes 2-5 related documentation files.
 **Instructions for each writer agent must include:**
 - The exact file paths to create
 - The list of source files to read for that topic
 - The token-efficient format template (copy Section 2.1 into each agent's prompt)
 - A reminder: "Write concise bullets, not prose. Include all technical details. Target 30-80 lines per file."
 **Suggested batching:**
 - Agent A: `architecture.md` + `README.md` (needs broadest context)
 - Agent B: Backend services docs (group related services)
 - Agent C: Frontend docs
 - Agent D: Integration docs
 - Agent E: Database + deployment docs
 Scale the number of agents to the size of the repo. A small repo might need 2-3 writers. A large monorepo might need 8-10.
 **Each writer agent should return:** Confirmation of files written, with a brief summary of what each file covers and a list of cross-references to note for the TOC.
 ### Phase 4: Build the TABLEOFCONTENTS.md
 After all writers finish, build the table of contents yourself. This requires you to:
 1. Read or review every documentation file that was created
 2. For each file, generate 2-5 natural-language questions it answers
 3. Organize questions into categories that match the codebase's domain
 4. Write the Architecture Overview section (3-10 bullets, high-level only)
 5. Cross-check: every doc file appears in at least one row; no dead links
 ### Phase 5: Generate the CLAUDE.md
 Write the project-root `CLAUDE.md` using the template in Section 5 below. Customize it for this specific repo — fill in the actual project name, the actual documentation structure, and real examples from the actual TOC.
 ### Phase 6: Validate
 Do a final pass:
 1. Verify every file referenced in TABLEOFCONTENTS.md actually exists
 2. Verify every file in the `documentation/` directory appears in TABLEOFCONTENTS.md
 3. Spot-check 2-3 doc files for format compliance (status line, bullets not prose, within line limits)
 4. Verify CLAUDE.md references the correct paths
 ---
 ## 5. CLAUDE.md Template
 Generate a `CLAUDE.md` at the project root using this template. **Customize every bracketed item** for the specific repo. Remove sections that don't apply. Keep it under 200 lines — this file is loaded into every conversation and consumes tokens.
 ```markdown
 # CLAUDE.md — [Project Name]
 ## Documentation System
 This project uses a cascading, token-efficient documentation system optimized for AI agent consumption.
 ### How to Find Information
 1. **Read `documentation/TABLEOFCONTENTS.md` FIRST** — this is the navigation index
 2. Find your topic in the question-to-file mapping tables
 3. Read ONLY the 1-3 files relevant to your task
 4. **Never read all documentation files** — this wastes token budget
 ### Documentation Structure
 [Insert the actual directory tree of documentation/ here]
 ### Example Lookups
 - "[Example question 1]" → `[actual-path-1.md]`
 - "[Example question 2]" → `[actual-path-2.md]`, `[actual-path-3.md]`
 - "[Example question 3]" → `[actual-path-4.md]`
 ## Token Budget Rules
 - **20-30% of tokens:** Reading documentation (via TABLEOFCONTENTS.md targeting)
 - **70-80% of tokens:** Implementation and problem-solving
 **Do:**
 - Use TABLEOFCONTENTS.md to target specific files
 - Read only "Key Details" and "API/Interfaces" sections
 - Skip code examples unless implementing similar functionality
 **Don't:**
 - Read all documentation files sequentially
 - Read verbose examples when not needed
 - Re-read the same docs multiple times in one session
 ## Documentation Maintenance
 When you modify code that changes behavior documented in `documentation/`:
 1. Read TABLEOFCONTENTS.md to find the relevant doc(s)
 2. Update those docs to reflect your changes
 3. Use the token-efficient format: bullets, tables, compact code blocks — no prose
 4. If you create a new doc, add it to TABLEOFCONTENTS.md
 ### Token-Efficient Format Reference
 - **Status line:** `**Status:** [Implemented | Partial | Planned] — [one-line summary]`
 - **Bullets, not paragraphs** — every detail as a dash-prefixed list item
 - **Tables for APIs** — method, path, request, response
 - **Code blocks only for schemas/configs** — max 2 per document
 - **30-80 lines per file** — split if over 120
 - **No:** prose explanations, future plans, testing strategy, empty sections
 ```
 ---
 ## 6. Quality Standards
 Your output will be evaluated on:
 1. **TABLEOFCONTENTS.md completeness** — Can an agent find any topic by searching this one file?
 2. **Question quality** — Are the TOC questions phrased the way someone would actually ask them?
 3. **Format compliance** — Do all docs follow the token-efficient format? No prose, no fluff?
 4. **Accuracy** — Do the docs match what's actually in the code? Are file paths correct?
 5. **Coverage** — Are all high-impact areas documented? Are low-impact areas at least listed?
 6. **CLAUDE.md clarity** — Could a brand-new agent read CLAUDE.md and immediately know how to navigate the docs?
 7. **Cross-referencing** — Do Related sections link to the right companion docs?
 ---
 ## 7. Important Reminders
 - **You are writing for AI agents, not humans.** Optimize for parseability and token efficiency, not readability or visual appeal.
 - **Accuracy over completeness.** It's better to document 80% of the codebase accurately than 100% with errors. If a discovery agent can't determine something with confidence, note it as `**Status:** Partial` and move on.
 - **Mirror the codebase's language.** Use the same names for things that the code uses. If the code calls it a "processor," don't call it a "handler" in the docs.
 - **File paths are critical.** Every doc should reference the actual source files it describes. Agents will use these paths to navigate directly to code.
 - **The TOC is the product.** The individual doc files are supporting material. If the TOC is excellent, the whole system works. If the TOC is poor, nothing else matters.
 - **Delegate aggressively.** You have access to the Task tool with sub-agents. Use it. The discovery phase should be 3-5 parallel agents. The writing phase should be 2-10 parallel agents depending on repo size. Your job is to orchestrate, synthesize, and build the TOC — not to read every file yourself.
 - **Do not add headers or comments to source code files.** Your output is documentation files only. Do not modify any existing source code.
 ---
 ## Now Begin
 Start with Phase 1. Launch your discovery agents in parallel. Once they report back, proceed through the remaining phases. When complete, report what you've created and provide the full TABLEOFCONTENTS.md for review.
@@ -75,7 +75,7 @@ docker-compose logs -f app
 ## 📊 Feature Highlights
 ### AI-Powered Recommendations
- **Providers:** OpenAI (GPT-4o+) or Claude (Sonnet 4.5, Opus 4, Haiku)
+- **Providers:** OpenAI (GPT-4+) or Claude (dynamically fetched from Anthropic Models API)
 - **Personalization:** Based on your Plex library + swipe history
 - **Context:** Max 50 books (40 library + 10 swipes)
 - **Filtering:** Excludes books already in library, already requested, or already swiped
@@ -1,14 +1,14 @@
 # Notification System
-**Status:** ✅ Implemented | Extensible notification system with Discord and Pushover support
+**Status:** ✅ Implemented | Extensible notification system with Discord, ntfy, and Pushover support
 ## Overview
 Sends notifications for audiobook request events (pending approval, approved, available, error) to configured backends. Non-blocking, atomic per-backend failure handling. Proper notification timing for all request flows including interactive search.
 ## Key Details
- **Backends:** Discord (webhooks), Pushover (API)
+- **Backends:** Apprise (API), Discord (webhooks), ntfy (API), Pushover (API)
- **Events:** request_pending_approval, request_approved, request_available, request_error
+- **Events:** request_pending_approval, request_approved, request_available, request_error, issue_reported
- **Encryption:** AES-256-GCM for sensitive config (webhook URLs, API keys)
+- **Encryption:** AES-256-GCM for sensitive config (webhook URLs, API keys, notification URLs)
 - **Delivery:** Async via Bull job queue (priority 5)
 - **Failure Handling:** Non-blocking, Promise.allSettled (one backend fails, others succeed)
@@ -17,7 +17,7 @@ Sends notifications for audiobook request events (pending approval, approved, av
 ```prisma
 model NotificationBackend {
  id        String   @id @default(uuid())
-  type      String   // 'discord' | 'pushover'
+  type      String   // 'apprise' | 'discord' | 'ntfy' | 'pushover'
  name      String   // User-friendly label
  config    Json     // Encrypted sensitive values
  events    Json     // Array of subscribed events
@@ -33,8 +33,15 @@ model NotificationBackend {
 |-------|---------|------------------------|
 | request_pending_approval | User creates request | Request needs admin approval |
 | request_approved | Admin approves OR auto-approval | Request approved (manual or auto) |
-| request_available | Plex/ABS scan completes | Audiobook available in library |
+| request_available | Plex/ABS scan or ebook download completes | Request available (title resolves by type) |
 | request_error | Download/import fails | Request failed at any stage |
 | issue_reported | User reports issue | User reports problem with available audiobook |
 **Dynamic Titles:** Events can define `titleByRequestType` in `notification-events.ts` for type-specific titles.
 - `request_available` + `requestType: 'audiobook'` → "Audiobook Available"
 - `request_available` + `requestType: 'ebook'` → "Ebook Available"
 - `request_available` + no requestType → "Request Available" (fallback)
 - Use `getEventTitle(event, requestType?)` to resolve titles in providers
 ## Notification Triggers
@@ -59,18 +66,28 @@ model NotificationBackend {
 - Approve (with or without pre-selected torrent): After job triggered → request_approved
 - Deny: No notification
-**Request Available (processors: scan-plex, plex-recently-added)**
+**Audiobook Available (processors: scan-plex, plex-recently-added)**
- After `status: 'available'` update → request_available
+- After `status: 'available'` update → request_available (requestType: 'audiobook')
 - Includes user info in query (plexUsername)
 **Ebook Available (processor: organize-files)**
 - After ebook `status: 'downloaded'` (terminal) → request_available (requestType: 'ebook')
 - Ebooks don't transition to 'available' via Plex matching
 **Request Error (processors: monitor-download, organize-files)**
 - After `status: 'failed'` or `status: 'warn'` update → request_error
 - Includes error message in payload
 **Issue Reported (reported-issue.service.ts)**
 - After user reports issue with available audiobook → issue_reported
 - Payload: issue ID (as requestId), book title/author, reporter username, reason (as message)
 ## Configuration Encryption
 **Encrypted Values:**
 - Apprise: `urls`, `authToken`
 - Discord: `webhookUrl`
 - ntfy: `accessToken`
 - Pushover: `userKey`, `appToken`
 **Pattern:** `iv:authTag:encryptedData` (base64)
@@ -81,12 +98,27 @@ model NotificationBackend {
 ## Message Formatting
 **Apprise (JSON via Apprise API):**
 - Type: info (pending), success (approved/available), failure (error)
 - Modes: Stateless (send URLs directly) or Stateful (use persistent configKey, optional tag filter)
 - Endpoint: `{serverUrl}/notify/` (stateless) or `{serverUrl}/notify/{configKey}` (stateful)
 - Auth: Optional Bearer token via `authToken` config field
 - Format: Event title + book details + user + error (if applicable)
 **Discord (Rich Embeds):**
- Color-coded by event (yellow=pending, green=approved, blue=available, red=error)
+- Color-coded by event (yellow=pending, green=approved, blue=available, red=error, orange=issue)
- Fields: Title, Author, Requested By, Error (if applicable)
+- Fields: Title, Author, Requested/Reported By, Error/Reason (if applicable)
- Footer: Request ID
+- Footer: Request/Issue ID
 - Timestamp: Event time
 **ntfy (JSON Publishing to Base URL):**
 - Endpoint: POST to base `serverUrl` (default: https://ntfy.sh), topic in JSON body
 - Tags: mailbox_with_mail, white_check_mark, tada, x, triangular_flag_on_post (rendered as emojis by ntfy)
 - Priority: Default (3) for pending/approved, High (4) for available/error
 - Format: Event title + book details + user + error (if applicable)
 - Auth: Optional Bearer token via `accessToken` config field
 - Server: Configurable `serverUrl` (default: https://ntfy.sh)
 **Pushover (Plain Text with Emojis):**
 - Emojis: 📬 📬 🎉 ❌
 - Priority: Normal (0) for pending/approved, High (1) for available/error
@@ -126,7 +158,7 @@ model NotificationBackend {
 **Modal Features:**
 - Type-first selection (user clicks "Add Discord" or "Add Pushover")
 - Password inputs for sensitive values
- Event subscription checkboxes (4 events, default: available + error)
+- Event subscription checkboxes (5 events, default: available + error)
 - Test button (sends synchronous test notification)
 - Save button (validates and creates/updates backend)
@@ -144,6 +176,7 @@ model NotificationBackend {
  author: string,
  userName: string,
  message?: string,
  requestType?: string, // 'audiobook' | 'ebook' — drives type-specific titles
  timestamp: Date
 }
 ```
@@ -152,28 +185,67 @@ model NotificationBackend {
 - Calls NotificationService.sendNotification()
 - Non-blocking error handling (logs but doesn't throw)
-**Queue Method:** `addNotificationJob(event, requestId, title, author, userName, message?)`
+**Queue Method:** `addNotificationJob(event, requestId, title, author, userName, message?, requestType?)`
 ## Architecture
 **Provider Pattern:** `INotificationProvider` interface + registry (matches `IAuthProvider` pattern)
 ```
 src/lib/services/notification/
  INotificationProvider.ts          # Interface + shared types
  notification.service.ts           # Core service with registry
  index.ts                          # Re-exports
  providers/
    apprise.provider.ts             # Apprise API (100+ services)
    discord.provider.ts             # Discord webhook
    ntfy.provider.ts                # ntfy API
    pushover.provider.ts            # Pushover API
 ```
 **Registry:** Module-level `Map<string, INotificationProvider>` with `registerProvider()` / `getProvider()`
 **INotificationProvider interface:**
 - `type: string` — provider identifier (registry key)
 - `sensitiveFields: string[]` — fields needing encryption/masking
 - `metadata: ProviderMetadata` — self-describing UI/validation metadata
 - `send(config, payload): Promise<void>` — receives decrypted config
 **ProviderMetadata:** `{ type, displayName, description, iconLabel, iconColor, configFields[] }`
 **ProviderConfigField:** `{ name, label, type, required, placeholder?, defaultValue?, options? }`
 **Helper functions (notification.service.ts):**
 - `getRegisteredProviderTypes(): string[]` — all registered type keys
 - `getAllProviderMetadata(): ProviderMetadata[]` — metadata for all providers
 **Helper functions (notification-events.ts):**
 - `getEventMeta(event)` — raw event metadata (label, title, emoji, severity, priority)
 - `getEventTitle(event, requestType?)` — resolved title (checks `titleByRequestType` first, falls back to `title`)
 - `getEventLabel(event)` — human-readable label for UI
 **API Endpoint:** `GET /api/admin/notifications/providers` — returns all provider metadata (admin-only)
 ## Extensibility
-**Adding New Backend (e.g., Email):**
+**Adding New Backend (2 steps):**
-1. Add 'email' to NotificationBackendType enum
+1. Create `providers/email.provider.ts` implementing `INotificationProvider`:
-2. Create EmailConfig interface
+   - Set `type = 'email'`, `sensitiveFields = ['smtpPassword']`
-3. Add encryption logic for smtpPassword
+   - Set `metadata` with displayName, description, iconLabel, iconColor, configFields
-4. Implement sendEmail() method in NotificationService
+   - Implement `send()` with email-specific logic
-5. Add email card to type selector (green "E" badge)
+2. Register in `notification.service.ts`: `registerProvider(new EmailProvider())` + re-export from `index.ts`
-6. Add email form fields to modal
+
 No UI changes, no API route changes, no Zod schema changes needed — the UI renders dynamically from provider metadata.
 **Adding New Event (e.g., download_complete):**
-1. Add 'download_complete' to NotificationEvent enum
+1. Add entry to `NOTIFICATION_EVENTS` in `notification-events.ts` (label, title, emoji, severity, priority)
-2. Add to event labels in UI
+2. Optionally add `titleByRequestType` for type-specific titles
-3. Add trigger point in processor
+3. Add trigger point in processor, passing `requestType` if relevant
-4. Add message formatting in Discord/Pushover formatters
+4. Providers auto-resolve titles via `getEventTitle()` — no per-provider changes needed
 ## Tech Stack
 - Bull (job queue)
 - Node.js crypto (AES-256-GCM encryption)
- Discord webhooks, Pushover API
+- Apprise API, Discord webhooks, ntfy API, Pushover API
 - React (UI), Tailwind CSS (styling)
 ## Related
@@ -200,32 +200,23 @@ export async function POST(req: NextRequest) {
        .map((m: any) => ({ id: m.id, name: m.id }));
    } else if (provider === 'claude') {
-      // Claude: Hardcoded list (Anthropic doesn't have a models API endpoint)
+      // Claude: Fetch models dynamically from the Anthropic Models API
-      models = [
+      const response = await fetch('https://api.anthropic.com/v1/models?limit=1000', {
        { id: 'claude-sonnet-4-5-20250929', name: 'Claude Sonnet 4.5' },
        { id: 'claude-3-7-sonnet-20250219', name: 'Claude 3.7 Sonnet' },
        { id: 'claude-3-5-haiku-20241022', name: 'Claude 3.5 Haiku' },
        { id: 'claude-opus-4-20250514', name: 'Claude Opus 4' },
      ];
      // Test connection with a simple API call
      const response = await fetch('https://api.anthropic.com/v1/messages', {
        method: 'POST',
        headers: {
          'x-api-key': apiKey,
          'anthropic-version': '2023-06-01',
          'content-type': 'application/json'
        },
        body: JSON.stringify({
          model: 'claude-3-5-haiku-20241022',
          max_tokens: 10,
          messages: [{ role: 'user', content: 'Hi' }]
        })
      });
      if (!response.ok) {
        return NextResponse.json({ error: 'Invalid Claude API key' }, { status: 400 });
      }
      const data = await response.json();
      models = data.data.map((m: any) => ({
        id: m.id,
        name: m.display_name || m.id,
      }));
    } else {
      return NextResponse.json({ error: 'Invalid provider' }, { status: 400 });
    }
@@ -6,7 +6,7 @@
 Personalized audiobook discovery using OpenAI/Claude APIs. Admin configures AI provider globally. Users swipe through recommendations based on their individual Plex library + swipe history. Right swipe creates request, left rejects, up dismisses.
 ## Key Details
- **AI Providers:** OpenAI (GPT-4o+), Claude (Sonnet 4.5, Opus 4, Haiku)
+- **AI Providers:** OpenAI (GPT-4+), Claude (dynamically fetched from Anthropic Models API)
 - **Configuration:** Global admin-managed (provider, model, API key), per-user preferences (library scope, custom prompt)
 - **Personalization:** Each user receives recommendations based on their own library, ratings, swipe history, and custom preferences
 - **Library Scopes (per-user):**
@@ -0,0 +1,87 @@
 # Manual Import Feature — Acceptance Criteria
 **Status:** ⏳ In Progress
 ## Overview
 Allow admins to manually import audiobook files from the server filesystem into RMAB's processing pipeline for a specific book.
 ## Acceptance Criteria
 ### AC-1: Manual Import Button (Frontend)
 - [ ] "Manual Import" button visible on `AudiobookDetailsModal` for admin users only
 - [ ] Button hidden when book is in active processing states: `downloading`, `processing`, `searching`
 - [ ] Button uses `FolderArrowDownIcon` from Heroicons
 - [ ] Clicking opens the file browser modal
 ### AC-2: File Browser Modal — Phase 1 (Browse)
 - [ ] Modal opens at `max-w-2xl`, rounded-2xl, with header/breadcrumb/listing/footer regions
 - [ ] Root view shows two entry tiles: Downloads and Media Library (paths from `download_dir` and `media_dir` config)
 - [ ] Each folder row shows: folder icon, name, metadata line (audio file count, subfolder count, total size)
 - [ ] Blue `♪ N` badge on folders containing audio files
 - [ ] Folder icon swaps to `FolderOpenIcon` on hover (150ms transition)
 - [ ] Single-click selects folder (only if it has audio files); double-click navigates into it
 - [ ] Folders without audio files shown at reduced opacity, still navigable but not selectable
 - [ ] Breadcrumb navigation with clickable segments, home icon for root, ellipsis collapse for deep paths
 - [ ] Footer shows selected path (monospace), file stats, "Review Import →" button (only when valid selection)
 - [ ] Directional slide animations: right when going deeper, left when going back
 - [ ] Loading skeletons during directory fetch
 - [ ] Empty state for empty directories
 - [ ] Error state with "Try Again" for failed directory reads
 - [ ] Dark mode support throughout
 ### AC-3: File Browser Modal — Phase 2 (Confirm)
 - [ ] Slide transition from browse to confirm phase
 - [ ] Shows book context: cover thumbnail + title + author
 - [ ] Shows selected folder: path (monospace) + stats in inset block
 - [ ] Numbered "What will happen" list: (1) copy to media library, (2) tag metadata, (3) download cover art, (4) scan library
 - [ ] "Back" button returns to browse phase
 - [ ] "Start Import" primary button triggers the import
 - [ ] Button shows loading state during API call
 - [ ] Success: close modal, show success toast, trigger request list refresh
 - [ ] Error: show error toast, stay on confirm screen
 ### AC-4: Filesystem Browse API
 - [ ] `GET /api/admin/filesystem/browse?path=...` — admin-only endpoint
 - [ ] Returns directory listing: `{ entries: [{ name, type, audioFileCount, subfolderCount, totalSize }] }`
 - [ ] If no `path` param, returns root directories (download_dir, media_dir from config)
 - [ ] Path validation: must be within allowed root directories (prevent directory traversal)
 - [ ] Handles permission errors gracefully
 - [ ] Sorts: folders first, then alphabetical
 ### AC-5: Manual Import API
 - [ ] `POST /api/admin/manual-import` — admin-only endpoint
 - [ ] Request body: `{ audiobookId: string, folderPath: string }`
 - [ ] Path validation: folderPath must be within allowed roots
 - [ ] Validates folder exists and contains audio files
 - [ ] If no existing request: creates request (status: `processing`) + queues `organize_files` job
 - [ ] If existing request (non-active state): updates status to `processing` + queues `organize_files` job
 - [ ] Returns: `{ success: true, requestId: string }`
 - [ ] Proper error responses for: invalid path, no audio files, already processing, book not found
 ### AC-6: Integration with Existing Pipeline
 - [ ] The `organize_files` job processes the manual import folder identically to download-client-delivered folders
 - [ ] Files are copied (not moved) to the media library
 - [ ] Metadata tagging, cover art download, file hash generation all work as normal
 - [ ] Library scan triggered after organization (if configured)
 - [ ] Request status progresses: processing → downloaded → available (via scheduled scan)
 ### AC-7: Docker Build
 - [ ] `docker compose build readmeabook` succeeds with no errors
 ## Non-Goals
 - No "move" option (copy only, matching existing pipeline)
 - No file-level selection (folder only)
 - No drag-and-drop upload
 - No non-admin access
 ## Technical Notes
 - Audio extensions: `.m4b`, `.m4a`, `.mp3`, `.mp4`, `.aa`, `.aax`, `.flac`, `.ogg` (from `src/lib/constants/audio-formats.ts`)
 - Config keys: `download_dir` (database), `media_dir` (database)
 - Existing file organizer: `src/lib/utils/file-organizer.ts`
 - Organize processor: `src/lib/processors/organize-files.processor.ts`
 - Job queue service: `src/lib/services/job-queue.service.ts`
 - Auth middleware: `requireAuth()`, `requireAdmin()` from `src/lib/middleware/auth.ts`
 - Frontend API pattern: `fetchWithAuth()` from `src/lib/utils/api.ts`
 - Modal base: `src/components/ui/Modal.tsx`
 - Audiobook details modal: `src/components/audiobooks/AudiobookDetailsModal.tsx`
 - Toast: `useToast()` from toast context
@@ -32,6 +32,8 @@ Configurable Audible region for accurate metadata matching across different inte
 - Australia (`au`) - `audible.com.au` (English)
 - India (`in`) - `audible.in` (English)
 - Germany (`de`) - `audible.de` (non-English)
 - Spain (`es`) - `audible.es` (non-English)
 - French (`fr`) - `audible.fr` (non-English)
 **`isEnglish` Flag:**
 - Each region has `isEnglish: boolean` in `AudibleRegionConfig`
@@ -208,7 +208,7 @@ async function organize(
 ## Fixed Issues ✅
-**1. EPERM errors** - Fixed with `fs.readFile/writeFile` instead of `copyFile`
+**1. EPERM errors** - Fixed with stream-based copy (`pipeline` + `createReadStream`/`createWriteStream`) instead of `fs.copyFile()` which uses `copy_file_range()` — a syscall that returns EPERM on cross-export NFS4 and some FUSE mounts
 **2. Immediate deletion** - Changed to copy-only, scheduled cleanup after seeding
 **3. Files moved not copied** - Now copies to support seeding
 **4. Single file downloads** - Now supports files directly in downloads folder (not just directories)
@@ -175,19 +175,19 @@ interface TorrentInfo {
 }
 type TorrentState =
-  // Core states
+  // Core states (*DL = download phase, *UP = upload/post-download phase)
  | 'downloading' | 'uploading'
-  | 'stalledDL' | 'stalledUP'
+  | 'stalledDL' | 'stalledUP'        // stalledUP → completed (download done)
-  | 'pausedDL' | 'pausedUP'
+  | 'pausedDL' | 'pausedUP'          // pausedUP → completed (download done, paused seeding)
-  | 'queuedDL' | 'queuedUP'
+  | 'queuedDL' | 'queuedUP'          // queuedUP → completed (download done)
-  | 'checkingDL' | 'checkingUP'
+  | 'checkingDL' | 'checkingUP'      // checkingUP → completed (download done, rechecking)
  | 'error' | 'missingFiles' | 'allocating'
  // Forced states (user clicked "Force Resume")
-  | 'forcedDL' | 'forcedUP'
+  | 'forcedDL' | 'forcedUP'          // forcedUP → completed (download done)
  // Metadata fetching
  | 'metaDL' | 'forcedMetaDL'
  // qBittorrent v5.0+ (renamed paused → stopped)
-  | 'stoppedDL' | 'stoppedUP'
+  | 'stoppedDL' | 'stoppedUP'        // stoppedUP → completed (download done)
  // Other
  | 'checkingResumeData' | 'moving';
 ```
@@ -241,7 +241,13 @@ type TorrentState =
   - Adding all 8 missing states to `TorrentState` type union
   - Adding mappings to both `mapState()` (legacy) and `mapStateToDownloadStatus()` (unified interface)
   - `forcedUP` → `seeding`/`completed` enables monitor to trigger import
-   - `stoppedDL`/`stoppedUP` → `paused` ensures qBittorrent v5.x compatibility
+   - `stoppedDL` → `paused` ensures qBittorrent v5.x compatibility
 **16. pausedUP/stoppedUP mapped as paused instead of completed** - qBittorrent (after ratio limits) transitions directly to `pausedUP`/`stoppedUP` without passing through `uploading`/`stalledUP`. The `*UP` suffix means the download phase is complete and the torrent is on the upload side. Both states were incorrectly mapped to `'paused'`, causing the monitor to re-schedule checks indefinitely instead of triggering file organization. Fixed by:
   - `pausedUP` → `seeding` (unified) / `completed` (legacy) — triggers completion in monitor
   - `stoppedUP` → `seeding` (unified) / `completed` (legacy) — same fix for qBittorrent v5.x
   - `pausedDL`/`stoppedDL` remain `paused` — download phase genuinely paused
   - Key insight: any `*UP` state is post-download; any `*DL` state is pre-completion
 ## Tech Stack
@@ -271,7 +271,7 @@ src/app/admin/settings/
 **PUT /api/admin/settings/audible**
 - Updates Audible region
- Body: `{ region: string }` (one of: us, ca, uk, au, in)
+- Body: `{ region: string }` (one of: us, ca, uk, au, in, es, fr)
 - No validation required
 **PUT /api/admin/settings/prowlarr/indexers**
@@ -1,6 +1,6 @@
 {
  "name": "readmeabook",
-  "version": "1.0.4",
+  "version": "1.0.16",
  "private": true,
  "scripts": {
    "dev": "next dev",
@@ -18,7 +18,9 @@
  "dependencies": {
    "@heroicons/react": "^2.2.0",
    "@prisma/client": "^6.19.0",
    "@types/archiver": "^7.0.0",
    "adm-zip": "^0.5.16",
    "archiver": "^7.0.1",
    "axios": "^1.7.2",
    "bcrypt": "^5.1.1",
    "bull": "^4.12.0",
@@ -43,9 +45,9 @@
  "devDependencies": {
    "@tailwindcss/postcss": "^4",
    "@testing-library/jest-dom": "^6.9.1",
    "@types/adm-zip": "^0.5.6",
    "@testing-library/react": "^16.3.1",
    "@testing-library/user-event": "^14.6.1",
    "@types/adm-zip": "^0.5.6",
    "@types/bcrypt": "^5.0.2",
    "@types/bull": "^4.10.0",
    "@types/jsonwebtoken": "^9.0.6",
@@ -0,0 +1,46 @@
 -- CreateTable
 CREATE TABLE "goodreads_shelves" (
    "id" TEXT NOT NULL,
    "user_id" TEXT NOT NULL,
    "name" TEXT NOT NULL,
    "rss_url" TEXT NOT NULL,
    "last_sync_at" TIMESTAMP(3),
    "created_at" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
    "updated_at" TIMESTAMP(3) NOT NULL,
    CONSTRAINT "goodreads_shelves_pkey" PRIMARY KEY ("id")
 );
 -- CreateTable
 CREATE TABLE "goodreads_book_mappings" (
    "id" TEXT NOT NULL,
    "goodreads_book_id" TEXT NOT NULL,
    "title" TEXT NOT NULL,
    "author" TEXT NOT NULL,
    "audible_asin" TEXT,
    "cover_url" TEXT,
    "no_match" BOOLEAN NOT NULL DEFAULT false,
    "last_search_at" TIMESTAMP(3),
    "created_at" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
    "updated_at" TIMESTAMP(3) NOT NULL,
    CONSTRAINT "goodreads_book_mappings_pkey" PRIMARY KEY ("id")
 );
 -- CreateIndex
 CREATE INDEX "goodreads_shelves_user_id_idx" ON "goodreads_shelves"("user_id");
 -- CreateIndex
 CREATE UNIQUE INDEX "goodreads_shelves_user_id_rss_url_key" ON "goodreads_shelves"("user_id", "rss_url");
 -- CreateIndex
 CREATE UNIQUE INDEX "goodreads_book_mappings_goodreads_book_id_key" ON "goodreads_book_mappings"("goodreads_book_id");
 -- CreateIndex
 CREATE INDEX "goodreads_book_mappings_goodreads_book_id_idx" ON "goodreads_book_mappings"("goodreads_book_id");
 -- CreateIndex
 CREATE INDEX "goodreads_book_mappings_audible_asin_idx" ON "goodreads_book_mappings"("audible_asin");
 -- AddForeignKey
 ALTER TABLE "goodreads_shelves" ADD CONSTRAINT "goodreads_shelves_user_id_fkey" FOREIGN KEY ("user_id") REFERENCES "users"("id") ON DELETE CASCADE ON UPDATE CASCADE;
@@ -0,0 +1,3 @@
 -- Add cached book count and cover URLs to goodreads_shelves for rich UI display
 ALTER TABLE "goodreads_shelves" ADD COLUMN "book_count" INTEGER;
 ALTER TABLE "goodreads_shelves" ADD COLUMN "cover_urls" TEXT;
@@ -0,0 +1,32 @@
 -- CreateTable
 CREATE TABLE "reported_issues" (
    "id" TEXT NOT NULL,
    "audiobook_id" TEXT NOT NULL,
    "reporter_id" TEXT NOT NULL,
    "reason" VARCHAR(250) NOT NULL,
    "status" TEXT NOT NULL DEFAULT 'open',
    "resolved_at" TIMESTAMP(3),
    "resolved_by_id" TEXT,
    "created_at" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
    "updated_at" TIMESTAMP(3) NOT NULL,
    CONSTRAINT "reported_issues_pkey" PRIMARY KEY ("id")
 );
 -- CreateIndex
 CREATE INDEX "reported_issues_audiobook_id_idx" ON "reported_issues"("audiobook_id");
 -- CreateIndex
 CREATE INDEX "reported_issues_reporter_id_idx" ON "reported_issues"("reporter_id");
 -- CreateIndex
 CREATE INDEX "reported_issues_status_idx" ON "reported_issues"("status");
 -- AddForeignKey
 ALTER TABLE "reported_issues" ADD CONSTRAINT "reported_issues_audiobook_id_fkey" FOREIGN KEY ("audiobook_id") REFERENCES "audiobooks"("id") ON DELETE CASCADE ON UPDATE CASCADE;
 -- AddForeignKey
 ALTER TABLE "reported_issues" ADD CONSTRAINT "reported_issues_reporter_id_fkey" FOREIGN KEY ("reporter_id") REFERENCES "users"("id") ON DELETE CASCADE ON UPDATE CASCADE;
 -- AddForeignKey
 ALTER TABLE "reported_issues" ADD CONSTRAINT "reported_issues_resolved_by_id_fkey" FOREIGN KEY ("resolved_by_id") REFERENCES "users"("id") ON DELETE SET NULL ON UPDATE CASCADE;
@@ -0,0 +1,2 @@
 -- AlterTable
 ALTER TABLE "users" ADD COLUMN "download_access" BOOLEAN;
@@ -0,0 +1,2 @@
 -- AlterTable
 ALTER TABLE "requests" ADD COLUMN "custom_search_terms" TEXT;
@@ -0,0 +1,42 @@
 -- CreateTable
 CREATE TABLE "works" (
    "id" TEXT NOT NULL,
    "title" TEXT NOT NULL,
    "author" TEXT NOT NULL,
    "created_at" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
    "updated_at" TIMESTAMP(3) NOT NULL,
    CONSTRAINT "works_pkey" PRIMARY KEY ("id")
 );
 -- CreateTable
 CREATE TABLE "work_asins" (
    "id" TEXT NOT NULL,
    "work_id" TEXT NOT NULL,
    "asin" TEXT NOT NULL,
    "narrator" TEXT,
    "duration_minutes" INTEGER,
    "is_canonical" BOOLEAN NOT NULL DEFAULT false,
    "source" TEXT NOT NULL,
    "created_at" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
    CONSTRAINT "work_asins_pkey" PRIMARY KEY ("id")
 );
 -- CreateIndex
 CREATE INDEX "works_title_idx" ON "works"("title");
 -- CreateIndex
 CREATE INDEX "works_author_idx" ON "works"("author");
 -- CreateIndex
 CREATE UNIQUE INDEX "work_asins_asin_key" ON "work_asins"("asin");
 -- CreateIndex
 CREATE INDEX "work_asins_work_id_idx" ON "work_asins"("work_id");
 -- CreateIndex
 CREATE INDEX "work_asins_asin_idx" ON "work_asins"("asin");
 -- AddForeignKey
 ALTER TABLE "work_asins" ADD CONSTRAINT "work_asins_work_id_fkey" FOREIGN KEY ("work_id") REFERENCES "works"("id") ON DELETE CASCADE ON UPDATE CASCADE;
@@ -0,0 +1,51 @@
 -- CreateTable
 CREATE TABLE "watched_series" (
    "id" TEXT NOT NULL,
    "user_id" TEXT NOT NULL,
    "series_asin" TEXT NOT NULL,
    "series_title" TEXT NOT NULL,
    "cover_art_url" TEXT,
    "last_checked_at" TIMESTAMP(3),
    "created_at" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
    "updated_at" TIMESTAMP(3) NOT NULL,
    CONSTRAINT "watched_series_pkey" PRIMARY KEY ("id")
 );
 -- CreateTable
 CREATE TABLE "watched_authors" (
    "id" TEXT NOT NULL,
    "user_id" TEXT NOT NULL,
    "author_asin" TEXT NOT NULL,
    "author_name" TEXT NOT NULL,
    "cover_art_url" TEXT,
    "last_checked_at" TIMESTAMP(3),
    "created_at" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
    "updated_at" TIMESTAMP(3) NOT NULL,
    CONSTRAINT "watched_authors_pkey" PRIMARY KEY ("id")
 );
 -- CreateIndex
 CREATE INDEX "watched_series_user_id_idx" ON "watched_series"("user_id");
 -- CreateIndex
 CREATE INDEX "watched_series_series_asin_idx" ON "watched_series"("series_asin");
 -- CreateIndex
 CREATE UNIQUE INDEX "watched_series_user_id_series_asin_key" ON "watched_series"("user_id", "series_asin");
 -- CreateIndex
 CREATE INDEX "watched_authors_user_id_idx" ON "watched_authors"("user_id");
 -- CreateIndex
 CREATE INDEX "watched_authors_author_asin_idx" ON "watched_authors"("author_asin");
 -- CreateIndex
 CREATE UNIQUE INDEX "watched_authors_user_id_author_asin_key" ON "watched_authors"("user_id", "author_asin");
 -- AddForeignKey
 ALTER TABLE "watched_series" ADD CONSTRAINT "watched_series_user_id_fkey" FOREIGN KEY ("user_id") REFERENCES "users"("id") ON DELETE CASCADE ON UPDATE CASCADE;
 -- AddForeignKey
 ALTER TABLE "watched_authors" ADD CONSTRAINT "watched_authors_user_id_fkey" FOREIGN KEY ("user_id") REFERENCES "users"("id") ON DELETE CASCADE ON UPDATE CASCADE;
@@ -0,0 +1,3 @@
 -- Normalize existing local usernames to lowercase
 UPDATE users SET plex_username = LOWER(plex_username) WHERE auth_provider = 'local' AND deleted_at IS NULL;
 UPDATE users SET plex_id = 'local-' || LOWER(SUBSTRING(plex_id FROM 7)) WHERE plex_id LIKE 'local-%' AND plex_id NOT LIKE 'local-%-deleted-%';
@@ -0,0 +1,33 @@
 -- CreateTable
 CREATE TABLE "api_tokens" (
    "id" TEXT NOT NULL,
    "name" TEXT NOT NULL,
    "token_hash" TEXT NOT NULL,
    "token_prefix" TEXT NOT NULL,
    "role" TEXT NOT NULL DEFAULT 'user',
    "created_by_id" TEXT NOT NULL,
    "user_id" TEXT NOT NULL,
    "last_used_at" TIMESTAMP(3),
    "expires_at" TIMESTAMP(3),
    "created_at" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
    CONSTRAINT "api_tokens_pkey" PRIMARY KEY ("id")
 );
 -- CreateIndex
 CREATE UNIQUE INDEX "api_tokens_token_hash_key" ON "api_tokens"("token_hash");
 -- CreateIndex
 CREATE INDEX "api_tokens_token_hash_idx" ON "api_tokens"("token_hash");
 -- CreateIndex
 CREATE INDEX "api_tokens_created_by_id_idx" ON "api_tokens"("created_by_id");
 -- CreateIndex
 CREATE INDEX "api_tokens_user_id_idx" ON "api_tokens"("user_id");
 -- AddForeignKey
 ALTER TABLE "api_tokens" ADD CONSTRAINT "api_tokens_created_by_id_fkey" FOREIGN KEY ("created_by_id") REFERENCES "users"("id") ON DELETE CASCADE ON UPDATE CASCADE;
 -- AddForeignKey
 ALTER TABLE "api_tokens" ADD CONSTRAINT "api_tokens_user_id_fkey" FOREIGN KEY ("user_id") REFERENCES "users"("id") ON DELETE CASCADE ON UPDATE CASCADE;
@@ -55,6 +55,7 @@ model User {
  // Fine-grained permissions
  interactiveSearchAccess Boolean? @map("interactive_search_access") // null = use global setting, true = allow, false = deny
  downloadAccess          Boolean? @map("download_access")           // null = use global setting, true = allow, false = deny
  // Soft delete support
  deletedAt DateTime? @map("deleted_at")
@@ -64,6 +65,13 @@ model User {
  requests                Request[]
  bookDateRecommendations BookDateRecommendation[]
  bookDateSwipes          BookDateSwipe[]
  goodreadsShelves        GoodreadsShelf[]
  reportedIssues          ReportedIssue[]          @relation("Reporter")
  resolvedIssues          ReportedIssue[]          @relation("Resolver")
  createdApiTokens        ApiToken[]  @relation("CreatedApiTokens")
  apiTokens               ApiToken[]  @relation("UserApiTokens")
  watchedSeries           WatchedSeries[]
  watchedAuthors          WatchedAuthor[]
  @@index([plexId])
  @@index([role])
@@ -173,6 +181,7 @@ model Audiobook {
  year        Int?    // Release year extracted from releaseDate
  series      String? // Book series name (e.g., "The Mistborn Saga")
  seriesPart  String? @map("series_part") // Series position (e.g., "1", "1.5", "Book 1")
  seriesAsin  String? @map("series_asin") // Audible series ASIN for linking to series detail page
  // Request tracking
  status String @default("requested") // requested, downloading, processing, completed, failed
@@ -197,7 +206,8 @@ model Audiobook {
  completedAt DateTime? @map("completed_at")
  // Relations
-  requests Request[]
+  requests       Request[]
  reportedIssues ReportedIssue[]
  @@index([audibleAsin])
  @@index([plexGuid])
@@ -226,6 +236,7 @@ model Request {
  importAttempts   Int       @default(0) @map("import_attempts")
  maxImportRetries Int       @default(5) @map("max_import_retries")
  lastSearchAt     DateTime? @map("last_search_at")
  customSearchTerms String?  @map("custom_search_terms") @db.Text
  lastImportAt     DateTime? @map("last_import_at")
  createdAt        DateTime  @default(now()) @map("created_at")
  updatedAt        DateTime  @updatedAt @map("updated_at")
@@ -385,7 +396,7 @@ model ScheduledJob {
 model BookDateConfig {
  id           String   @id @default(uuid())
-  provider     String // 'openai' | 'claude' | 'custom'
+  provider     String // 'openai' | 'claude' | 'gemini' | 'custom'
  apiKey       String   @map("api_key") @db.Text // Encrypted at rest (AES-256)
  model        String // e.g., 'gpt-4o', 'claude-sonnet-4-5-20250929'
  baseUrl      String?  @map("base_url") @db.Text // Base URL for custom provider (OpenAI-compatible endpoints)
@@ -456,3 +467,183 @@ model NotificationBackend {
  @@index([enabled])
  @@map("notification_backends")
 }
 // ============================================================================
 // REPORTED ISSUES TABLE
 // User-reported problems with available audiobooks (corrupted, wrong book, etc.)
 // ============================================================================
 model ReportedIssue {
  id           String    @id @default(uuid())
  audiobookId  String    @map("audiobook_id")
  reporterId   String    @map("reporter_id")
  reason       String    @db.VarChar(250)
  status       String    @default("open") // open, dismissed, replaced
  resolvedAt   DateTime? @map("resolved_at")
  resolvedById String?   @map("resolved_by_id")
  createdAt    DateTime  @default(now()) @map("created_at")
  updatedAt    DateTime  @updatedAt @map("updated_at")
  // Relations
  audiobook  Audiobook @relation(fields: [audiobookId], references: [id], onDelete: Cascade)
  reporter   User      @relation("Reporter", fields: [reporterId], references: [id], onDelete: Cascade)
  resolvedBy User?     @relation("Resolver", fields: [resolvedById], references: [id], onDelete: SetNull)
  @@index([audiobookId])
  @@index([reporterId])
  @@index([status])
  @@map("reported_issues")
 }
 // ============================================================================
 // GOODREADS SYNC TABLES
 // Per-user Goodreads shelf subscriptions + global book-to-ASIN mapping cache
 // ============================================================================
 // ============================================================================
 // API TOKEN TABLE
 // Static API tokens for programmatic access (alternative to JWT)
 // Documentation: documentation/backend/services/api-tokens.md
 // ============================================================================
 model ApiToken {
  id          String    @id @default(uuid())
  name        String // User-friendly label (e.g., "Home Assistant", "Webhook")
  tokenHash   String    @unique @map("token_hash") // SHA-256 hash of the token (never store plaintext)
  tokenPrefix String    @map("token_prefix") // First 8 chars for display (e.g., "rmab_a1b2")
  role        String    @default("user") // Token role: 'admin' or 'user'
  createdById String    @map("created_by_id") // Who created the token (may differ from userId for admin-created tokens)
  userId      String    @map("user_id") // The user identity this token acts as
  lastUsedAt  DateTime? @map("last_used_at")
  expiresAt   DateTime? @map("expires_at") // null = never expires
  createdAt   DateTime  @default(now()) @map("created_at")
  // Relations
  createdBy User @relation("CreatedApiTokens", fields: [createdById], references: [id], onDelete: Cascade)
  tokenUser User @relation("UserApiTokens", fields: [userId], references: [id], onDelete: Cascade)
  @@index([tokenHash])
  @@index([createdById])
  @@index([userId])
  @@map("api_tokens")
 }
 model GoodreadsShelf {
  id         String    @id @default(uuid())
  userId     String    @map("user_id")
  name       String    // Extracted from RSS <title>
  rssUrl     String    @map("rss_url") @db.Text
  lastSyncAt DateTime? @map("last_sync_at")
  bookCount  Int?      @map("book_count")
  coverUrls  String?   @map("cover_urls") @db.Text // JSON array of cover image URLs
  createdAt  DateTime  @default(now()) @map("created_at")
  updatedAt  DateTime  @updatedAt @map("updated_at")
  // Relations
  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
  @@unique([userId, rssUrl])
  @@index([userId])
  @@map("goodreads_shelves")
 }
 model GoodreadsBookMapping {
  id              String    @id @default(uuid())
  goodreadsBookId String    @unique @map("goodreads_book_id")
  title           String
  author          String
  audibleAsin     String?   @map("audible_asin")
  coverUrl        String?   @map("cover_url") @db.Text
  noMatch         Boolean   @default(false) @map("no_match")
  lastSearchAt    DateTime? @map("last_search_at")
  createdAt       DateTime  @default(now()) @map("created_at")
  updatedAt       DateTime  @updatedAt @map("updated_at")
  @@index([goodreadsBookId])
  @@index([audibleAsin])
  @@map("goodreads_book_mappings")
 }
 // ============================================================================
 // WORKS TABLE
 // Cross-ASIN audiobook identity mapping — links multiple Audible ASINs
 // to a single logical work for library matching across editions.
 // Documentation: documentation/integrations/audible.md
 // ============================================================================
 model Work {
  id        String     @id @default(uuid())
  title     String
  author    String
  createdAt DateTime   @default(now()) @map("created_at")
  updatedAt DateTime   @updatedAt @map("updated_at")
  // Relations
  asins WorkAsin[]
  @@index([title])
  @@index([author])
  @@map("works")
 }
 model WorkAsin {
  id              String   @id @default(uuid())
  workId          String   @map("work_id")
  asin            String   @unique
  narrator        String?
  durationMinutes Int?     @map("duration_minutes")
  isCanonical     Boolean  @default(false) @map("is_canonical")
  source          String   // 'dedup_auto' | 'admin_manual'
  createdAt       DateTime @default(now()) @map("created_at")
  // Relations
  work Work @relation(fields: [workId], references: [id], onDelete: Cascade)
  @@index([workId])
  @@index([asin])
  @@map("work_asins")
 }
 // ============================================================================
 // WATCHED LISTS TABLES
 // Per-user series and author subscriptions for automatic new-release requests.
 // Documentation: documentation/features/watched-lists.md
 // ============================================================================
 model WatchedSeries {
  id            String    @id @default(uuid())
  userId        String    @map("user_id")
  seriesAsin    String    @map("series_asin")
  seriesTitle   String    @map("series_title")
  coverArtUrl   String?   @map("cover_art_url") @db.Text
  lastCheckedAt DateTime? @map("last_checked_at")
  createdAt     DateTime  @default(now()) @map("created_at")
  updatedAt     DateTime  @updatedAt @map("updated_at")
  // Relations
  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
  @@unique([userId, seriesAsin])
  @@index([userId])
  @@index([seriesAsin])
  @@map("watched_series")
 }
 model WatchedAuthor {
  id            String    @id @default(uuid())
  userId        String    @map("user_id")
  authorAsin    String    @map("author_asin")
  authorName    String    @map("author_name")
  coverArtUrl   String?   @map("cover_art_url") @db.Text
  lastCheckedAt DateTime? @map("last_checked_at")
  createdAt     DateTime  @default(now()) @map("created_at")
  updatedAt     DateTime  @updatedAt @map("updated_at")
  // Relations
  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
  @@unique([userId, authorAsin])
  @@index([userId])
  @@index([authorAsin])
  @@map("watched_authors")
 }
@@ -0,0 +1,154 @@
 /**
 * Component: Adjust Search Terms Modal
 * Documentation: documentation/admin-dashboard.md
 */
 'use client';
 import { useState } from 'react';
 import { Modal } from '@/components/ui/Modal';
 import { fetchWithAuth } from '@/lib/utils/api';
 import { useToast } from '@/components/ui/Toast';
 interface AdjustSearchTermsModalProps {
  isOpen: boolean;
  onClose: () => void;
  requestId: string;
  title: string;
  author: string;
  currentSearchTerms?: string | null;
  onSuccess?: () => void;
 }
 export function AdjustSearchTermsModal({
  isOpen,
  onClose,
  requestId,
  title,
  author,
  currentSearchTerms,
  onSuccess,
 }: AdjustSearchTermsModalProps) {
  const toast = useToast();
  const [searchTerms, setSearchTerms] = useState(currentSearchTerms || title);
  const [isSaving, setIsSaving] = useState(false);
  const [isSavingAndSearching, setIsSavingAndSearching] = useState(false);
  // Reset state when modal opens
  const handleClose = () => {
    setSearchTerms(currentSearchTerms || title);
    onClose();
  };
  const save = async (triggerSearch: boolean) => {
    const setter = triggerSearch ? setIsSavingAndSearching : setIsSaving;
    setter(true);
    try {
      // If terms match the original title, clear the override
      const termsToSave = searchTerms.trim() === title ? null : searchTerms.trim() || null;
      const response = await fetchWithAuth(`/api/admin/requests/${requestId}/search-terms`, {
        method: 'PATCH',
        headers: { 'Content-Type': 'application/json' },
        body: JSON.stringify({ searchTerms: termsToSave, triggerSearch }),
      });
      if (!response.ok) {
        const errorData = await response.json();
        throw new Error(errorData.message || 'Failed to update search terms');
      }
      const data = await response.json();
      if (data.searchTriggered) {
        toast.success('Search terms saved and search triggered');
      } else {
        toast.success('Search terms saved');
      }
      onSuccess?.();
      onClose();
    } catch (error) {
      toast.error(`Failed to save: ${error instanceof Error ? error.message : 'Unknown error'}`);
    } finally {
      setter(false);
    }
  };
  const handleReset = () => {
    setSearchTerms(title);
  };
  const isLoading = isSaving || isSavingAndSearching;
  const hasChanges = searchTerms.trim() !== (currentSearchTerms || title);
  const isCustom = searchTerms.trim() !== title;
  return (
    <Modal isOpen={isOpen} onClose={handleClose} title="Adjust Search Terms" size="sm">
      <div className="space-y-4">
        {/* Original info */}
        <div className="bg-gray-50 dark:bg-gray-900/50 rounded-lg p-3 space-y-1">
          <div className="text-xs font-medium text-gray-500 dark:text-gray-400 uppercase tracking-wider">
            Original Title
          </div>
          <div className="text-sm text-gray-900 dark:text-gray-100 font-medium">{title}</div>
          <div className="text-xs text-gray-500 dark:text-gray-400">by {author}</div>
        </div>
        {/* Search terms input */}
        <div>
          <label
            htmlFor="search-terms"
            className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1.5"
          >
            Search Terms
          </label>
          <input
            id="search-terms"
            type="text"
            value={searchTerms}
            onChange={(e) => setSearchTerms(e.target.value)}
            disabled={isLoading}
            className="w-full px-3 py-2 border border-gray-300 dark:border-gray-600 rounded-lg bg-white dark:bg-gray-800 text-gray-900 dark:text-gray-100 text-sm focus:ring-2 focus:ring-blue-500 focus:border-transparent disabled:opacity-50"
            placeholder="Enter custom search terms..."
          />
          {isCustom && (
            <button
              onClick={handleReset}
              disabled={isLoading}
              className="mt-1.5 text-xs text-blue-600 dark:text-blue-400 hover:text-blue-700 dark:hover:text-blue-300 transition-colors disabled:opacity-50"
            >
              Reset to original title
            </button>
          )}
        </div>
        {/* Actions */}
        <div className="flex items-center justify-end gap-2 pt-2 border-t border-gray-200 dark:border-gray-700">
          <button
            onClick={handleClose}
            disabled={isLoading}
            className="px-4 py-2 text-sm font-medium text-gray-700 dark:text-gray-300 bg-white dark:bg-gray-800 border border-gray-300 dark:border-gray-600 rounded-lg hover:bg-gray-50 dark:hover:bg-gray-700 transition-colors disabled:opacity-50"
          >
            Cancel
          </button>
          <button
            onClick={() => save(false)}
            disabled={isLoading || !searchTerms.trim()}
            className="px-4 py-2 text-sm font-medium text-gray-700 dark:text-gray-300 bg-white dark:bg-gray-800 border border-gray-300 dark:border-gray-600 rounded-lg hover:bg-gray-50 dark:hover:bg-gray-700 transition-colors disabled:opacity-50"
          >
            {isSaving ? 'Saving...' : 'Save'}
          </button>
          <button
            onClick={() => save(true)}
            disabled={isLoading || !searchTerms.trim()}
            className="px-4 py-2 text-sm font-medium text-white bg-blue-600 hover:bg-blue-700 rounded-lg transition-colors disabled:opacity-50"
          >
            {isSavingAndSearching ? 'Saving...' : 'Save & Search'}
          </button>
        </div>
      </div>
    </Modal>
  );
 }
@@ -2,12 +2,13 @@
 * Component: Confirm Dialog
 * Documentation: documentation/frontend/components.md
 *
- * Reusable confirmation dialog for destructive actions
+ * Reusable confirmation dialog for destructive actions.
 * Features: backdrop blur, smooth enter animation, Escape to close, focus trap, ARIA.
 */
 'use client';
-import { Fragment } from 'react';
+import React, { useEffect, useRef } from 'react';
 export interface ConfirmDialogProps {
  isOpen: boolean;
@@ -30,99 +31,177 @@ export function ConfirmDialog({
  onConfirm,
  onCancel,
 }: ConfirmDialogProps) {
  const cancelRef = useRef<HTMLButtonElement>(null);
  const confirmRef = useRef<HTMLButtonElement>(null);
  const dialogRef = useRef<HTMLDivElement>(null);
  // Focus the cancel button on open (safer default for destructive dialogs)
  useEffect(() => {
    if (isOpen) {
      // Small delay to let animation start before stealing focus
      const t = setTimeout(() => cancelRef.current?.focus(), 50);
      return () => clearTimeout(t);
    }
  }, [isOpen]);
  // Escape to close + focus trap
  useEffect(() => {
    if (!isOpen) return;
    const handleKeyDown = (e: KeyboardEvent) => {
      if (e.key === 'Escape') {
        e.preventDefault();
        onCancel();
        return;
      }
      // Focus trap: tab cycles only within dialog
      if (e.key === 'Tab') {
        const focusable = dialogRef.current?.querySelectorAll<HTMLElement>(
          'button, [href], input, select, textarea, [tabindex]:not([tabindex="-1"])'
        );
        if (!focusable || focusable.length === 0) return;
        const first = focusable[0];
        const last = focusable[focusable.length - 1];
        if (e.shiftKey) {
          if (document.activeElement === first) {
            e.preventDefault();
            last.focus();
          }
        } else {
          if (document.activeElement === last) {
            e.preventDefault();
            first.focus();
          }
        }
      }
    };
    document.addEventListener('keydown', handleKeyDown);
    return () => document.removeEventListener('keydown', handleKeyDown);
  }, [isOpen, onCancel]);
  // Prevent body scroll while open
  useEffect(() => {
    if (isOpen) {
      document.body.style.overflow = 'hidden';
      return () => { document.body.style.overflow = ''; };
    }
  }, [isOpen]);
  if (!isOpen) return null;
-  const confirmButtonClasses =
+  const isDestructive = confirmVariant === 'danger';
    confirmVariant === 'danger'
      ? 'bg-red-600 hover:bg-red-700 text-white'
      : 'bg-blue-600 hover:bg-blue-700 text-white';
  return (
-    <div className="fixed inset-0 z-50 overflow-y-auto">
+    <div
      role="dialog"
      aria-modal="true"
      aria-labelledby="confirm-dialog-title"
      aria-describedby="confirm-dialog-desc"
      className="fixed inset-0 z-50 flex items-center justify-center p-4"
    >
      {/* Backdrop */}
      <div
-        className="fixed inset-0 bg-black bg-opacity-50 transition-opacity"
+        className="animate-dialog-backdrop fixed inset-0 bg-black/40 backdrop-blur-sm"
        onClick={onCancel}
        aria-hidden="true"
      />
-      {/* Dialog */}
+      {/* Panel */}
-      <div className="flex min-h-full items-center justify-center p-4 text-center sm:p-0">
+      <div
-        <div className="relative transform overflow-hidden rounded-lg bg-white dark:bg-gray-800 text-left shadow-xl transition-all sm:my-8 sm:w-full sm:max-w-lg">
+        ref={dialogRef}
-          <div className="bg-white dark:bg-gray-800 px-4 pb-4 pt-5 sm:p-6 sm:pb-4">
+        className="animate-dialog-panel relative w-full max-w-sm rounded-2xl overflow-hidden bg-white dark:bg-gray-900 shadow-2xl ring-1 ring-black/10 dark:ring-white/10"
-            <div className="sm:flex sm:items-start">
+      >
-              {/* Icon */}
+        {/* Header */}
-              <div
+        <div className="px-6 pt-6 pb-4">
-                className={`mx-auto flex h-12 w-12 flex-shrink-0 items-center justify-center rounded-full ${
+          <div className="flex items-start gap-4">
-                  confirmVariant === 'danger'
+            {/* Icon well */}
-                    ? 'bg-red-100 dark:bg-red-900'
+            <div className={`flex-shrink-0 flex items-center justify-center w-10 h-10 rounded-full ${
-                    : 'bg-blue-100 dark:bg-blue-900'
+              isDestructive
-                } sm:mx-0 sm:h-10 sm:w-10`}
+                ? 'bg-red-50 dark:bg-red-500/10'
-              >
+                : 'bg-blue-50 dark:bg-blue-500/10'
            }`}>
              {isDestructive ? (
                <svg
-                  className={`h-6 w-6 ${
+                  className="w-5 h-5 text-red-500 dark:text-red-400"
                    confirmVariant === 'danger'
                      ? 'text-red-600 dark:text-red-400'
                      : 'text-blue-600 dark:text-blue-400'
                  }`}
                  fill="none"
                  viewBox="0 0 24 24"
-                  strokeWidth="1.5"
+                  strokeWidth="1.75"
                  stroke="currentColor"
                  aria-hidden="true"
                >
-                  {confirmVariant === 'danger' ? (
+                  <path
-                    <path
+                    strokeLinecap="round"
-                      strokeLinecap="round"
+                    strokeLinejoin="round"
-                      strokeLinejoin="round"
+                    d="M12 9v3.75m-9.303 3.376c-.866 1.5.217 3.374 1.948 3.374h14.71c1.73 0 2.813-1.874 1.948-3.374L13.949 3.378c-.866-1.5-3.032-1.5-3.898 0L2.697 16.126zM12 15.75h.007v.008H12v-.008z"
-                      d="M12 9v3.75m-9.303 3.376c-.866 1.5.217 3.374 1.948 3.374h14.71c1.73 0 2.813-1.874 1.948-3.374L13.949 3.378c-.866-1.5-3.032-1.5-3.898 0L2.697 16.126zM12 15.75h.007v.008H12v-.008z"
+                  />
                    />
                  ) : (
                    <path
                      strokeLinecap="round"
                      strokeLinejoin="round"
                      d="M9.879 7.519c1.171-1.025 3.071-1.025 4.242 0 1.172 1.025 1.172 2.687 0 3.712-.203.179-.43.326-.67.442-.745.361-1.45.999-1.45 1.827v.75M21 12a9 9 0 11-18 0 9 9 0 0118 0zm-9 5.25h.008v.008H12v-.008z"
                    />
                  )}
                </svg>
-              </div>
+              ) : (
                <svg
                  className="w-5 h-5 text-blue-500 dark:text-blue-400"
                  fill="none"
                  viewBox="0 0 24 24"
                  strokeWidth="1.75"
                  stroke="currentColor"
                  aria-hidden="true"
                >
                  <path
                    strokeLinecap="round"
                    strokeLinejoin="round"
                    d="M9.879 7.519c1.171-1.025 3.071-1.025 4.242 0 1.172 1.025 1.172 2.687 0 3.712-.203.179-.43.326-.67.442-.745.361-1.45.999-1.45 1.827v.75M21 12a9 9 0 11-18 0 9 9 0 0118 0zm-9 5.25h.008v.008H12v-.008z"
                  />
                </svg>
              )}
            </div>
-              {/* Content */}
+            {/* Text */}
-              <div className="mt-3 text-center sm:ml-4 sm:mt-0 sm:text-left flex-1">
+            <div className="flex-1 min-w-0 pt-0.5">
-                <h3 className="text-lg font-semibold leading-6 text-gray-900 dark:text-gray-100">
+              <h3
-                  {title}
+                id="confirm-dialog-title"
-                </h3>
+                className="text-base font-semibold leading-6 text-gray-900 dark:text-gray-50"
-                <div className="mt-2">
+              >
-                  {typeof message === 'string' ? (
+                {title}
-                    <p className="text-sm text-gray-500 dark:text-gray-400 whitespace-pre-line">
+              </h3>
-                      {message}
+              <div id="confirm-dialog-desc" className="mt-1.5">
-                    </p>
+                {typeof message === 'string' ? (
-                  ) : (
+                  <p className="text-sm text-gray-500 dark:text-gray-400 leading-relaxed">
-                    <div className="text-sm text-gray-500 dark:text-gray-400">
+                    {message}
-                      {message}
+                  </p>
-                    </div>
+                ) : (
-                  )}
+                  <div className="text-sm text-gray-500 dark:text-gray-400 leading-relaxed">
-                </div>
+                    {message}
                  </div>
                )}
              </div>
            </div>
          </div>
        </div>
-          {/* Actions */}
+        {/* Action bar */}
-          <div className="bg-gray-50 dark:bg-gray-900 px-4 py-3 sm:flex sm:flex-row-reverse sm:px-6 gap-2">
+        <div className="flex items-center justify-end gap-2 px-6 py-4 bg-gray-50/80 dark:bg-white/[0.03] border-t border-gray-100 dark:border-white/[0.06]">
-            <button
+          <button
-              type="button"
+            ref={cancelRef}
-              onClick={onConfirm}
+            type="button"
-              className={`inline-flex w-full justify-center rounded-lg px-4 py-2 text-sm font-semibold shadow-sm sm:w-auto transition-colors ${confirmButtonClasses}`}
+            onClick={onCancel}
-            >
+            className="px-4 py-2 text-sm font-medium rounded-xl text-gray-700 dark:text-gray-300 bg-white dark:bg-white/[0.06] hover:bg-gray-100 dark:hover:bg-white/[0.1] border border-gray-200 dark:border-white/[0.1] transition-all duration-150 focus:outline-none focus-visible:ring-2 focus-visible:ring-gray-400 focus-visible:ring-offset-2 dark:focus-visible:ring-offset-gray-900"
-              {confirmLabel}
+          >
-            </button>
+            {cancelLabel}
-            <button
+          </button>
-              type="button"
+          <button
-              onClick={onCancel}
+            ref={confirmRef}
-              className="mt-3 inline-flex w-full justify-center rounded-lg bg-white dark:bg-gray-700 px-4 py-2 text-sm font-semibold text-gray-900 dark:text-gray-100 shadow-sm ring-1 ring-inset ring-gray-300 dark:ring-gray-600 hover:bg-gray-50 dark:hover:bg-gray-600 sm:mt-0 sm:w-auto transition-colors"
+            type="button"
-            >
+            onClick={onConfirm}
-              {cancelLabel}
+            className={`px-4 py-2 text-sm font-medium rounded-xl text-white transition-all duration-150 focus:outline-none focus-visible:ring-2 focus-visible:ring-offset-2 dark:focus-visible:ring-offset-gray-900 active:scale-[0.97] ${
-            </button>
+              isDestructive
-          </div>
+                ? 'bg-red-600 hover:bg-red-700 focus-visible:ring-red-500'
                : 'bg-blue-600 hover:bg-blue-700 focus-visible:ring-blue-500'
            }`}
          >
            {confirmLabel}
          </button>
        </div>
      </div>
    </div>
@@ -28,6 +28,8 @@ interface RecentRequest {
  completedAt: Date | null;
  errorMessage: string | null;
  torrentUrl?: string | null;
  downloadAttempts?: number;
  customSearchTerms?: string | null;
 }
 interface User {
@@ -444,6 +446,29 @@ export function RecentRequestsTable({ ebookSidecarEnabled = false, annasArchiveB
    }
  };
  const handleRetryDownload = async (requestId: string) => {
    try {
      const response = await fetchWithAuth(`/api/admin/requests/${requestId}/retry-download`, {
        method: 'POST',
        headers: {
          'Content-Type': 'application/json',
        },
      });
      const responseData = await response.json();
      if (!response.ok) {
        throw new Error(responseData.message || 'Failed to retry download');
      }
      toast.success(responseData.message || 'Download retry initiated');
      await mutate(apiUrl);
    } catch (error) {
      console.error('[Admin] Failed to retry download:', error);
      toast.error(`Failed to retry download: ${error instanceof Error ? error.message : 'Unknown error'}`);
    }
  };
  // Render loading state
  if (isLoading && !data) {
    return (
@@ -638,6 +663,17 @@ export function RecentRequestsTable({ ebookSidecarEnabled = false, annasArchiveB
                              Ebook
                            </span>
                          )}
                          {request.customSearchTerms && (
                            <span
                              className="inline-flex items-center gap-1 px-2 py-0.5 text-xs font-medium rounded-full bg-blue-100 text-blue-700 dark:bg-blue-900 dark:text-blue-200"
                              title={`Custom search: ${request.customSearchTerms}`}
                            >
                              <svg className="w-3 h-3" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M11 5H6a2 2 0 00-2 2v11a2 2 0 002 2h11a2 2 0 002-2v-5m-1.414-9.414a2 2 0 112.828 2.828L11.828 15H9v-2.828l8.586-8.586z" />
                              </svg>
                              Custom Search
                            </span>
                          )}
                        </div>
                        <div className="text-sm text-gray-500 dark:text-gray-400">
                          {request.author}
@@ -673,12 +709,16 @@ export function RecentRequestsTable({ ebookSidecarEnabled = false, annasArchiveB
                          type: request.type,
                          asin: request.asin,
                          torrentUrl: request.torrentUrl,
                          downloadAttempts: request.downloadAttempts,
                          customSearchTerms: request.customSearchTerms,
                        }}
                        onDelete={handleDeleteClick}
                        onManualSearch={handleManualSearch}
                        onCancel={handleCancel}
                        onRetryDownload={handleRetryDownload}
                        onViewDetails={(asin) => handleViewDetails(asin, request.status)}
                        onFetchEbook={handleFetchEbook}
                        onSearchTermsUpdated={() => mutate(apiUrl)}
                        ebookSidecarEnabled={ebookSidecarEnabled}
                        annasArchiveBaseUrl={annasArchiveBaseUrl}
                        isLoading={isDeleting || isFetchingEbook}
@@ -835,7 +875,6 @@ export function RecentRequestsTable({ ebookSidecarEnabled = false, annasArchiveB
          }}
          isAvailable={viewDetailsStatus === 'available' || viewDetailsStatus === 'completed'}
          requestStatus={viewDetailsStatus}
          hideRequestActions
        />
      )}
    </div>
@@ -0,0 +1,242 @@
 /**
 * Component: Admin Reported Issues Section
 * Documentation: documentation/backend/services/reported-issues.md
 *
 * Displays open reported issues on the admin dashboard.
 * Allows dismiss or search-for-replacement actions.
 */
 'use client';
 import React, { useState } from 'react';
 import { createPortal } from 'react-dom';
 import { useToast } from '@/components/ui/Toast';
 import { formatDistanceToNow } from 'date-fns';
 import { InteractiveTorrentSearchModal } from '@/components/requests/InteractiveTorrentSearchModal';
 import { fetchJSON } from '@/lib/utils/api';
 import { mutate } from 'swr';
 interface ReportedIssue {
  id: string;
  reason: string;
  status: string;
  createdAt: string;
  audiobook: {
    id: string;
    title: string;
    author: string;
    coverArtUrl: string | null;
    audibleAsin: string | null;
  };
  reporter: {
    id: string;
    plexUsername: string;
    avatarUrl: string | null;
  };
 }
 interface ReportedIssuesSectionProps {
  issues: ReportedIssue[];
 }
 export function ReportedIssuesSection({ issues }: ReportedIssuesSectionProps) {
  const toast = useToast();
  const [loadingStates, setLoadingStates] = useState<Record<string, boolean>>({});
  const [replaceIssue, setReplaceIssue] = useState<ReportedIssue | null>(null);
  const handleDismiss = async (issueId: string) => {
    setLoadingStates((prev) => ({ ...prev, [issueId]: true }));
    try {
      await fetchJSON(`/api/admin/reported-issues/${issueId}/resolve`, {
        method: 'POST',
        body: JSON.stringify({ action: 'dismiss' }),
      });
      toast.success('Issue dismissed');
      await mutate((key: unknown) => typeof key === 'string' && key.includes('/api/admin/reported-issues'));
    } catch (error) {
      toast.error(
        `Failed to dismiss issue: ${error instanceof Error ? error.message : 'Unknown error'}`
      );
    } finally {
      setLoadingStates((prev) => ({ ...prev, [issueId]: false }));
    }
  };
  const handleReplaceSuccess = async () => {
    toast.success('Replacement download started');
    setReplaceIssue(null);
    await mutate((key: unknown) => typeof key === 'string' && key.includes('/api/admin/reported-issues'));
    await mutate((key: unknown) => typeof key === 'string' && key.includes('/api/admin/metrics'));
  };
  return (
    <>
      <div className="mb-8">
        {/* Section Header */}
        <div className="flex items-center gap-3 mb-4">
          <div className="flex items-center gap-2">
            <svg
              className="w-6 h-6 text-orange-600 dark:text-orange-400"
              fill="none"
              stroke="currentColor"
              viewBox="0 0 24 24"
            >
              <path
                strokeLinecap="round"
                strokeLinejoin="round"
                strokeWidth={2}
                d="M3 21v-4m0 0V5a2 2 0 012-2h6.5l1 1H21l-3 6 3 6h-8.5l-1-1H5a2 2 0 00-2 2zm9-13.5V9"
              />
            </svg>
            <h2 className="text-xl font-bold text-gray-900 dark:text-gray-100">
              Reported Issues
            </h2>
          </div>
          <span className="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-orange-100 text-orange-800 dark:bg-orange-900 dark:text-orange-200">
            {issues.length}
          </span>
        </div>
        {/* Issues Grid */}
        <div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-4">
          {issues.map((issue) => {
            const isLoading = loadingStates[issue.id] || false;
            return (
              <div
                key={issue.id}
                className="bg-white dark:bg-gray-800 border-2 border-orange-200 dark:border-orange-800 rounded-lg shadow-sm hover:shadow-md transition-shadow overflow-hidden"
              >
                {/* Card Content */}
                <div className="p-4">
                  <div className="flex gap-3">
                    {/* Cover Image */}
                    <div className="flex-shrink-0">
                      {issue.audiobook.coverArtUrl ? (
                        <img
                          src={issue.audiobook.coverArtUrl}
                          alt={issue.audiobook.title}
                          className="w-16 h-16 rounded object-cover"
                        />
                      ) : (
                        <div className="w-16 h-16 rounded bg-gray-200 dark:bg-gray-700 flex items-center justify-center">
                          <svg
                            className="w-8 h-8 text-gray-400 dark:text-gray-600"
                            fill="currentColor"
                            viewBox="0 0 20 20"
                          >
                            <path d="M9 4.804A7.968 7.968 0 005.5 4c-1.255 0-2.443.29-3.5.804v10A7.969 7.969 0 015.5 14c1.669 0 3.218.51 4.5 1.385A7.962 7.962 0 0114.5 14c1.255 0 2.443.29 3.5.804v-10A7.968 7.968 0 0014.5 4c-1.255 0-2.443.29-3.5.804V12a1 1 0 11-2 0V4.804z" />
                          </svg>
                        </div>
                      )}
                    </div>
                    {/* Info */}
                    <div className="flex-1 min-w-0">
                      <h3 className="text-sm font-bold text-gray-900 dark:text-gray-100 truncate">
                        {issue.audiobook.title}
                      </h3>
                      <p className="text-sm text-gray-600 dark:text-gray-400 truncate">
                        {issue.audiobook.author}
                      </p>
                      {/* Reporter */}
                      <div className="flex items-center gap-2 mt-2">
                        {issue.reporter.avatarUrl ? (
                          <img
                            src={issue.reporter.avatarUrl}
                            alt={issue.reporter.plexUsername}
                            className="w-5 h-5 rounded-full"
                          />
                        ) : (
                          <div className="w-5 h-5 rounded-full bg-gray-300 dark:bg-gray-600 flex items-center justify-center">
                            <svg
                              className="w-3 h-3 text-gray-600 dark:text-gray-400"
                              fill="currentColor"
                              viewBox="0 0 20 20"
                            >
                              <path
                                fillRule="evenodd"
                                d="M10 9a3 3 0 100-6 3 3 0 000 6zm-7 9a7 7 0 1114 0H3z"
                                clipRule="evenodd"
                              />
                            </svg>
                          </div>
                        )}
                        <span className="text-xs text-gray-600 dark:text-gray-400">
                          {issue.reporter.plexUsername}
                        </span>
                      </div>
                      {/* Timestamp */}
                      <p className="text-xs text-gray-500 dark:text-gray-500 mt-1">
                        {formatDistanceToNow(new Date(issue.createdAt), { addSuffix: true })}
                      </p>
                    </div>
                  </div>
                  {/* Reason */}
                  <p className="mt-3 text-sm text-gray-700 dark:text-gray-300 line-clamp-2 break-words bg-orange-50 dark:bg-orange-900/20 rounded-lg px-3 py-2 border border-orange-100 dark:border-orange-800/50">
                    {issue.reason}
                  </p>
                </div>
                {/* Action Buttons */}
                <div className="border-t border-orange-200 dark:border-orange-800 bg-gray-50 dark:bg-gray-900/50 px-4 py-3 flex gap-2">
                  <button
                    onClick={() => handleDismiss(issue.id)}
                    disabled={isLoading}
                    className="flex-1 inline-flex items-center justify-center gap-2 px-3 py-2 bg-gray-500 hover:bg-gray-600 disabled:bg-gray-400 disabled:cursor-not-allowed text-white text-sm font-medium rounded-lg transition-colors"
                  >
                    {isLoading ? (
                      <svg className="animate-spin h-4 w-4" fill="none" viewBox="0 0 24 24">
                        <circle className="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" strokeWidth="4" />
                        <path className="opacity-75" fill="currentColor" d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z" />
                      </svg>
                    ) : (
                      <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                        <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M6 18L18 6M6 6l12 12" />
                      </svg>
                    )}
                    <span>Dismiss</span>
                  </button>
                  <button
                    onClick={() => setReplaceIssue(issue)}
                    disabled={isLoading}
                    className="flex-1 inline-flex items-center justify-center gap-2 px-3 py-2 bg-blue-600 hover:bg-blue-700 disabled:bg-blue-400 disabled:cursor-not-allowed text-white text-sm font-medium rounded-lg transition-colors"
                  >
                    <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                      <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M21 21l-6-6m2-5a7 7 0 11-14 0 7 7 0 0114 0z" />
                    </svg>
                    <span>Replace</span>
                  </button>
                </div>
              </div>
            );
          })}
        </div>
      </div>
      {/* Interactive Search Modal for Replacement */}
      {replaceIssue && createPortal(
        <div className="fixed inset-0 z-[60]">
          <InteractiveTorrentSearchModal
            isOpen={!!replaceIssue}
            onClose={() => setReplaceIssue(null)}
            onSuccess={handleReplaceSuccess}
            audiobook={{
              title: replaceIssue.audiobook.title,
              author: replaceIssue.audiobook.author,
            }}
            asin={replaceIssue.audiobook.audibleAsin || undefined}
            replaceIssueId={replaceIssue.id}
          />
        </div>,
        document.body
      )}
    </>
  );
 }
@@ -10,6 +10,7 @@
 import { useState, useRef, useEffect } from 'react';
 import { createPortal } from 'react-dom';
 import { InteractiveTorrentSearchModal } from '@/components/requests/InteractiveTorrentSearchModal';
 import { AdjustSearchTermsModal } from './AdjustSearchTermsModal';
 import { useSmartDropdownPosition } from '@/hooks/useSmartDropdownPosition';
 export interface RequestActionsDropdownProps {
@@ -21,12 +22,16 @@ export interface RequestActionsDropdownProps {
    type?: 'audiobook' | 'ebook';
    asin?: string | null;
    torrentUrl?: string | null;
    downloadAttempts?: number;
    customSearchTerms?: string | null;
  };
  onDelete: (requestId: string, title: string) => void;
  onManualSearch: (requestId: string) => Promise<void>;
  onCancel: (requestId: string) => Promise<void>;
  onRetryDownload?: (requestId: string) => Promise<void>;
  onViewDetails?: (asin: string) => void;
  onFetchEbook?: (requestId: string) => Promise<void>;
  onSearchTermsUpdated?: () => void;
  ebookSidecarEnabled?: boolean;
  annasArchiveBaseUrl?: string;
  isLoading?: boolean;
@@ -37,8 +42,10 @@ export function RequestActionsDropdown({
  onDelete,
  onManualSearch,
  onCancel,
  onRetryDownload,
  onViewDetails,
  onFetchEbook,
  onSearchTermsUpdated,
  ebookSidecarEnabled = false,
  annasArchiveBaseUrl = 'https://annas-archive.li',
  isLoading = false,
@@ -46,6 +53,7 @@ export function RequestActionsDropdown({
  const [isOpen, setIsOpen] = useState(false);
  const [showInteractiveSearch, setShowInteractiveSearch] = useState(false);
  const [showInteractiveSearchEbook, setShowInteractiveSearchEbook] = useState(false);
  const [showAdjustSearchTerms, setShowAdjustSearchTerms] = useState(false);
  const { containerRef, dropdownRef, positionAbove, style } = useSmartDropdownPosition(isOpen);
  // Determine request type
@@ -57,6 +65,8 @@ export function RequestActionsDropdown({
  // Determine available actions based on status and type
  // Ebooks don't support manual/interactive search (Anna's Archive only)
  const canSearch = !isEbook && ['pending', 'failed', 'awaiting_search'].includes(request.status);
  const canAdjustSearchTerms = !isEbook && ['pending', 'failed', 'awaiting_search', 'searching'].includes(request.status);
  const canRetryDownload = request.status === 'failed' && (request.downloadAttempts ?? 0) > 0 && !!onRetryDownload;
  const canCancel = ['pending', 'searching', 'downloading'].includes(request.status);
  const canDelete = true; // Admins can always delete
@@ -123,11 +133,27 @@ export function RequestActionsDropdown({
    setShowInteractiveSearch(true);
  };
  const handleAdjustSearchTerms = () => {
    setIsOpen(false);
    setShowAdjustSearchTerms(true);
  };
  const handleInteractiveSearchEbook = () => {
    setIsOpen(false);
    setShowInteractiveSearchEbook(true);
  };
  const handleRetryDownload = async () => {
    setIsOpen(false);
    if (onRetryDownload) {
      try {
        await onRetryDownload(request.requestId);
      } catch (error) {
        console.error('Failed to retry download:', error);
      }
    }
  };
  const handleCancel = async () => {
    setIsOpen(false);
    if (window.confirm(`Are you sure you want to cancel the request for "${request.title}"?`)) {
@@ -253,6 +279,35 @@ export function RequestActionsDropdown({
              </button>
            )}
            {/* Adjust Search Terms */}
            {canAdjustSearchTerms && (
              <button
                onClick={handleAdjustSearchTerms}
                className="w-full text-left px-4 py-2 text-sm text-gray-700 dark:text-gray-200 hover:bg-gray-100 dark:hover:bg-gray-700 flex items-center gap-2 transition-colors"
                role="menuitem"
              >
                <svg
                  className="w-4 h-4"
                  fill="none"
                  stroke="currentColor"
                  viewBox="0 0 24 24"
                >
                  <path
                    strokeLinecap="round"
                    strokeLinejoin="round"
                    strokeWidth={2}
                    d="M11 5H6a2 2 0 00-2 2v11a2 2 0 002 2h11a2 2 0 002-2v-5m-1.414-9.414a2 2 0 112.828 2.828L11.828 15H9v-2.828l8.586-8.586z"
                  />
                </svg>
                <span className="flex items-center gap-1.5">
                  Adjust Search Terms
                  {request.customSearchTerms && (
                    <span className="w-1.5 h-1.5 rounded-full bg-blue-500 flex-shrink-0" />
                  )}
                </span>
              </button>
            )}
            {/* View Source */}
            {canViewSource && viewSourceUrl && (
              <a
@@ -328,8 +383,32 @@ export function RequestActionsDropdown({
              </button>
            )}
-            {/* Divider if we have search/view actions and other actions */}
+            {/* Retry Download */}
-            {(canSearch || canViewSource || canFetchEbook) && (canCancel || canDelete) && (
+            {canRetryDownload && (
              <button
                onClick={handleRetryDownload}
                className="w-full text-left px-4 py-2 text-sm text-gray-700 dark:text-gray-200 hover:bg-gray-100 dark:hover:bg-gray-700 flex items-center gap-2 transition-colors"
                role="menuitem"
              >
                <svg
                  className="w-4 h-4"
                  fill="none"
                  stroke="currentColor"
                  viewBox="0 0 24 24"
                >
                  <path
                    strokeLinecap="round"
                    strokeLinejoin="round"
                    strokeWidth={2}
                    d="M4 16v1a3 3 0 003 3h10a3 3 0 003-3v-1m-4-4l-4 4m0 0l-4-4m4 4V4"
                  />
                </svg>
                Retry Download
              </button>
            )}
            {/* Divider if we have search/view/retry actions and other actions */}
            {(canSearch || canViewSource || canFetchEbook || canRetryDownload) && (canCancel || canDelete) && (
              <div className="border-t border-gray-200 dark:border-gray-700 my-1" />
            )}
@@ -358,7 +437,7 @@ export function RequestActionsDropdown({
            )}
            {/* Divider before delete */}
-            {canDelete && (canSearch || canCancel) && (
+            {canDelete && (canSearch || canRetryDownload || canCancel) && (
              <div className="border-t border-gray-200 dark:border-gray-700 my-1" />
            )}
@@ -421,6 +500,7 @@ export function RequestActionsDropdown({
          title: request.title,
          author: request.author,
        }}
        customSearchTerms={request.customSearchTerms}
      />
      {/* Interactive Search Modal (Ebook) */}
@@ -434,6 +514,17 @@ export function RequestActionsDropdown({
        }}
        searchMode="ebook"
      />
      {/* Adjust Search Terms Modal */}
      <AdjustSearchTermsModal
        isOpen={showAdjustSearchTerms}
        onClose={() => setShowAdjustSearchTerms(false)}
        requestId={request.requestId}
        title={request.title}
        author={request.author}
        currentSearchTerms={request.customSearchTerms}
        onSuccess={onSearchTermsUpdated}
      />
    </>
  );
 }
@@ -78,13 +78,11 @@ function AdminJobsPageContent() {
  const showEditDialog = (job: ScheduledJob) => {
    setEditForm({ schedule: job.schedule, enabled: job.enabled });
    // Check if it's a preset
    const preset = SCHEDULE_PRESETS.find(p => p.cron === job.schedule);
    if (preset) {
      setScheduleMode('preset');
      setSelectedPreset(preset.cron);
    } else {
      // Try to parse as custom schedule
      const parsed = cronToCustomSchedule(job.schedule);
      if (parsed.type === 'custom') {
        setScheduleMode('advanced');
@@ -111,7 +109,7 @@ function AdminJobsPageContent() {
        method: 'POST',
      });
      toast.success(`Job "${jobName}" triggered successfully`);
-      fetchJobs(); // Refresh list
+      fetchJobs();
    } catch (err) {
      const errorMsg = err instanceof Error ? err.message : 'Failed to trigger job';
      toast.error(errorMsg);
@@ -124,7 +122,6 @@ function AdminJobsPageContent() {
  const saveJobSchedule = async () => {
    if (!editDialog.job) return;
    // Calculate final cron expression based on mode
    let finalCron: string;
    if (scheduleMode === 'preset') {
      finalCron = selectedPreset;
@@ -134,7 +131,6 @@ function AdminJobsPageContent() {
      finalCron = editForm.schedule;
    }
    // Validate cron expression
    if (!isValidCron(finalCron)) {
      toast.error('Invalid cron expression. Please check your schedule.');
      return;
@@ -151,7 +147,7 @@ function AdminJobsPageContent() {
      });
      toast.success(`Job "${editDialog.job.name}" updated successfully`);
      hideEditDialog();
-      fetchJobs(); // Refresh list
+      fetchJobs();
    } catch (err) {
      const errorMsg = err instanceof Error ? err.message : 'Failed to update job';
      toast.error(errorMsg);
@@ -173,36 +169,131 @@ function AdminJobsPageContent() {
  return (
    <div className="min-h-screen bg-gray-50 dark:bg-gray-900">
-      <div className="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 py-8">
+      <div className="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 py-6 sm:py-8">
-        {/* Header */}
+
-        <div className="sticky top-0 z-10 mb-8 flex items-center justify-between bg-gray-50 dark:bg-gray-900 py-4 -mx-4 px-4 sm:-mx-6 sm:px-6 lg:-mx-8 lg:px-8 border-b border-gray-200 dark:border-gray-800">
+        {/* Header — stacks on mobile, row on sm+ */}
-          <div>
+        <div className="sticky top-0 z-10 mb-6 sm:mb-8 bg-gray-50 dark:bg-gray-900 py-4 -mx-4 px-4 sm:-mx-6 sm:px-6 lg:-mx-8 lg:px-8 border-b border-gray-200 dark:border-gray-800">
-            <h1 className="text-3xl font-bold text-gray-900 dark:text-gray-100">
+          <div className="flex flex-col gap-3 sm:flex-row sm:items-center sm:justify-between">
-              Scheduled Jobs
+            <div>
-            </h1>
+              <h1 className="text-2xl sm:text-3xl font-bold text-gray-900 dark:text-gray-100">
-            <p className="text-gray-600 dark:text-gray-400 mt-2">
+                Scheduled Jobs
-              Manage recurring tasks and automated jobs
+              </h1>
-            </p>
+              <p className="text-sm text-gray-600 dark:text-gray-400 mt-1">
                Manage recurring tasks and automated jobs
              </p>
            </div>
            <Link
              href="/admin"
              className="inline-flex items-center gap-2 px-4 py-2.5 bg-gray-200 dark:bg-gray-700 hover:bg-gray-300 dark:hover:bg-gray-600 text-gray-900 dark:text-gray-100 rounded-lg transition-colors text-sm font-medium self-start sm:self-auto flex-shrink-0"
            >
              <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M10 19l-7-7m0 0l7-7m-7 7h18" />
              </svg>
              <span>Back to Dashboard</span>
            </Link>
          </div>
          <Link
            href="/admin"
            className="inline-flex items-center gap-2 px-4 py-2 bg-gray-200 dark:bg-gray-700 hover:bg-gray-300 dark:hover:bg-gray-600 text-gray-900 dark:text-gray-100 rounded-lg transition-colors"
          >
            <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M10 19l-7-7m0 0l7-7m-7 7h18" />
            </svg>
            <span>Back to Dashboard</span>
          </Link>
        </div>
        {error && (
          <div className="mb-6 p-4 bg-red-50 dark:bg-red-900/20 border border-red-200 dark:border-red-800 rounded-lg">
-            <p className="text-red-800 dark:text-red-200">{error}</p>
+            <p className="text-red-800 dark:text-red-200 text-sm">{error}</p>
          </div>
        )}
-        {/* Jobs Table */}
+        {/* Jobs — Card layout on mobile, Table on sm+ */}
-        <div className="bg-white dark:bg-gray-800 rounded-lg shadow overflow-hidden">
+        <div className="space-y-3 sm:hidden">
          {jobs.map((job) => (
            <div
              key={job.id}
              className="bg-white dark:bg-gray-800 rounded-xl border border-gray-200 dark:border-gray-700 overflow-hidden"
            >
              {/* Card header */}
              <div className="px-4 py-3 flex items-start justify-between gap-3">
                <div className="min-w-0">
                  <div className="font-semibold text-gray-900 dark:text-gray-100 text-sm leading-snug">
                    {job.name}
                  </div>
                  <div className="text-xs text-gray-500 dark:text-gray-400 mt-0.5">
                    {job.type}
                  </div>
                </div>
                <span
                  className={`flex-shrink-0 mt-0.5 px-2.5 py-0.5 inline-flex text-xs font-medium rounded-full ${
                    job.enabled
                      ? 'bg-green-100 text-green-800 dark:bg-green-900/30 dark:text-green-400'
                      : 'bg-gray-100 text-gray-600 dark:bg-gray-700 dark:text-gray-400'
                  }`}
                >
                  {job.enabled ? 'Enabled' : 'Disabled'}
                </span>
              </div>
              {/* Card body */}
              <div className="px-4 pb-3 space-y-2 border-t border-gray-100 dark:border-gray-700/60 pt-3">
                <div>
                  <div className="text-xs font-medium text-gray-500 dark:text-gray-400 uppercase tracking-wide mb-0.5">
                    Schedule
                  </div>
                  <div className="text-sm text-gray-900 dark:text-gray-100">
                    {cronToHuman(job.schedule)}
                  </div>
                  <div className="text-xs text-gray-400 dark:text-gray-500 font-mono mt-0.5">
                    {job.schedule}
                  </div>
                </div>
                <div>
                  <div className="text-xs font-medium text-gray-500 dark:text-gray-400 uppercase tracking-wide mb-0.5">
                    Last Run
                  </div>
                  <div className="text-sm text-gray-700 dark:text-gray-300">
                    {job.lastRun ? new Date(job.lastRun).toLocaleString() : 'Never'}
                  </div>
                </div>
              </div>
              {/* Card actions */}
              <div className="px-4 py-3 border-t border-gray-100 dark:border-gray-700/60 flex gap-2">
                <button
                  onClick={() => showEditDialog(job)}
                  className="flex-1 inline-flex items-center justify-center gap-2 px-3 py-2.5 bg-gray-100 dark:bg-gray-700 hover:bg-gray-200 dark:hover:bg-gray-600 text-gray-700 dark:text-gray-200 rounded-lg text-sm font-medium transition-colors"
                >
                  <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                    <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M11 5H6a2 2 0 00-2 2v11a2 2 0 002 2h11a2 2 0 002-2v-5m-1.414-9.414a2 2 0 112.828 2.828L11.828 15H9v-2.828l8.586-8.586z" />
                  </svg>
                  Edit
                </button>
                <button
                  onClick={() => showConfirmDialog(job.id, job.name)}
                  disabled={triggering === job.id}
                  className="flex-1 inline-flex items-center justify-center gap-2 px-3 py-2.5 bg-blue-50 dark:bg-blue-900/20 hover:bg-blue-100 dark:hover:bg-blue-900/40 text-blue-700 dark:text-blue-400 rounded-lg text-sm font-medium transition-colors disabled:opacity-50 disabled:cursor-not-allowed"
                >
                  {triggering === job.id ? (
                    <>
                      <div className="animate-spin rounded-full h-4 w-4 border-b-2 border-blue-600"></div>
                      Running...
                    </>
                  ) : (
                    <>
                      <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                        <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M14.752 11.168l-3.197-2.132A1 1 0 0010 9.87v4.263a1 1 0 001.555.832l3.197-2.132a1 1 0 000-1.664z" />
                        <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M21 12a9 9 0 11-18 0 9 9 0 0118 0z" />
                      </svg>
                      Trigger
                    </>
                  )}
                </button>
              </div>
            </div>
          ))}
          {jobs.length === 0 && (
            <div className="text-center py-12">
              <p className="text-gray-500 dark:text-gray-400">No scheduled jobs found</p>
            </div>
          )}
        </div>
        {/* Jobs Table — hidden on mobile, visible on sm+ */}
        <div className="hidden sm:block bg-white dark:bg-gray-800 rounded-lg shadow overflow-hidden">
          <table className="min-w-full divide-y divide-gray-200 dark:divide-gray-700">
            <thead className="bg-gray-50 dark:bg-gray-900">
              <tr>
@@ -312,31 +403,31 @@ function AdminJobsPageContent() {
          <ul className="text-sm text-blue-700 dark:text-blue-300 space-y-1">
            <li>• <strong>Library Scan:</strong> Automatically scans your media library for new audiobooks</li>
            <li>• <strong>Audible Data Refresh:</strong> Caches popular and new release audiobooks from Audible</li>
-            <li>• Trigger jobs manually using the "Trigger Now" button</li>
+            <li>• Trigger jobs manually using the &quot;Trigger Now&quot; button</li>
            <li>• Schedule format follows cron syntax (minute hour day month weekday)</li>
          </ul>
        </div>
        {/* Confirmation Dialog */}
        {confirmDialog.isOpen && (
-          <div className="fixed inset-0 z-50 flex items-center justify-center bg-black bg-opacity-50 p-4">
+          <div className="fixed inset-0 z-50 flex items-end sm:items-center justify-center bg-black bg-opacity-50 p-4">
-            <div className="bg-white dark:bg-gray-800 rounded-lg shadow-xl max-w-md w-full p-6">
+            <div className="bg-white dark:bg-gray-800 rounded-2xl sm:rounded-lg shadow-xl w-full max-w-md p-6">
-              <h3 className="text-lg font-semibold text-gray-900 dark:text-gray-100 mb-4">
+              <h3 className="text-lg font-semibold text-gray-900 dark:text-gray-100 mb-3">
                Confirm Job Trigger
              </h3>
-              <p className="text-gray-600 dark:text-gray-400 mb-6">
+              <p className="text-gray-600 dark:text-gray-400 text-sm mb-6">
                Are you sure you want to trigger &quot;{confirmDialog.jobName}&quot; now?
              </p>
-              <div className="flex justify-end gap-3">
+              <div className="flex gap-3">
                <button
                  onClick={hideConfirmDialog}
-                  className="px-4 py-2 text-gray-700 dark:text-gray-300 bg-gray-100 dark:bg-gray-700 hover:bg-gray-200 dark:hover:bg-gray-600 rounded-lg transition-colors"
+                  className="flex-1 px-4 py-2.5 text-gray-700 dark:text-gray-300 bg-gray-100 dark:bg-gray-700 hover:bg-gray-200 dark:hover:bg-gray-600 rounded-lg transition-colors text-sm font-medium"
                >
                  Cancel
                </button>
                <button
                  onClick={triggerJob}
-                  className="px-4 py-2 text-white bg-blue-600 hover:bg-blue-700 rounded-lg transition-colors"
+                  className="flex-1 px-4 py-2.5 text-white bg-blue-600 hover:bg-blue-700 rounded-lg transition-colors text-sm font-medium"
                >
                  Trigger Job
                </button>
@@ -347,12 +438,27 @@ function AdminJobsPageContent() {
        {/* Edit Job Dialog */}
        {editDialog.isOpen && editDialog.job && (
-          <div className="fixed inset-0 z-50 flex items-center justify-center bg-black bg-opacity-50 p-4">
+          <div className="fixed inset-0 z-50 flex items-end sm:items-center justify-center bg-black bg-opacity-50 p-0 sm:p-4">
-            <div className="bg-white dark:bg-gray-800 rounded-lg shadow-xl max-w-2xl w-full p-6 max-h-[90vh] overflow-y-auto">
+            <div className="bg-white dark:bg-gray-800 rounded-t-2xl sm:rounded-2xl shadow-xl w-full sm:max-w-2xl max-h-[92vh] sm:max-h-[90vh] overflow-y-auto">
-              <h3 className="text-lg font-semibold text-gray-900 dark:text-gray-100 mb-4">
+              {/* Dialog header */}
-                Edit Job Schedule
+              <div className="sticky top-0 bg-white dark:bg-gray-800 px-5 py-4 border-b border-gray-200 dark:border-gray-700 rounded-t-2xl">
-              </h3>
+                <div className="flex items-center justify-between">
-              <div className="space-y-4 mb-6">
+                  <h3 className="text-lg font-semibold text-gray-900 dark:text-gray-100">
                    Edit Job Schedule
                  </h3>
                  <button
                    onClick={hideEditDialog}
                    className="p-2 -mr-1 text-gray-400 hover:text-gray-600 dark:hover:text-gray-200 rounded-lg hover:bg-gray-100 dark:hover:bg-gray-700 transition-colors"
                    aria-label="Close dialog"
                  >
                    <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                      <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M6 18L18 6M6 6l12 12" />
                    </svg>
                  </button>
                </div>
              </div>
              <div className="px-5 py-5 space-y-5">
                {/* Job Name */}
                <div>
                  <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">
@@ -362,46 +468,29 @@ function AdminJobsPageContent() {
                    type="text"
                    value={editDialog.job.name}
                    disabled
-                    className="w-full px-3 py-2 bg-gray-100 dark:bg-gray-700 text-gray-500 dark:text-gray-400 border border-gray-300 dark:border-gray-600 rounded-lg cursor-not-allowed"
+                    className="w-full px-3 py-2 bg-gray-100 dark:bg-gray-700 text-gray-500 dark:text-gray-400 border border-gray-300 dark:border-gray-600 rounded-lg cursor-not-allowed text-sm"
                  />
                </div>
-                {/* Schedule Mode Tabs */}
+                {/* Schedule Mode Tabs — grid on mobile to avoid overflow */}
                <div>
                  <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-2">
                    Schedule Type
                  </label>
-                  <div className="flex gap-2 mb-3">
+                  <div className="grid grid-cols-3 gap-1 p-1 bg-gray-100 dark:bg-gray-700/60 rounded-xl mb-4">
-                    <button
+                    {(['preset', 'custom', 'advanced'] as const).map((mode) => (
-                      onClick={() => setScheduleMode('preset')}
+                      <button
-                      className={`px-4 py-2 rounded-lg text-sm font-medium transition-colors ${
+                        key={mode}
-                        scheduleMode === 'preset'
+                        onClick={() => setScheduleMode(mode)}
-                          ? 'bg-blue-600 text-white'
+                        className={`px-2 py-2 rounded-lg text-xs font-medium transition-colors ${
-                          : 'bg-gray-100 dark:bg-gray-700 text-gray-700 dark:text-gray-300 hover:bg-gray-200 dark:hover:bg-gray-600'
+                          scheduleMode === mode
-                      }`}
+                            ? 'bg-white dark:bg-gray-600 text-gray-900 dark:text-white shadow-sm'
-                    >
+                            : 'text-gray-600 dark:text-gray-400 hover:text-gray-800 dark:hover:text-gray-200'
-                      Common Schedules
+                        }`}
-                    </button>
+                      >
-                    <button
+                        {mode === 'preset' ? 'Common' : mode === 'custom' ? 'Custom' : 'Advanced'}
-                      onClick={() => setScheduleMode('custom')}
+                      </button>
-                      className={`px-4 py-2 rounded-lg text-sm font-medium transition-colors ${
+                    ))}
                        scheduleMode === 'custom'
                          ? 'bg-blue-600 text-white'
                          : 'bg-gray-100 dark:bg-gray-700 text-gray-700 dark:text-gray-300 hover:bg-gray-200 dark:hover:bg-gray-600'
                      }`}
                    >
                      Custom Schedule
                    </button>
                    <button
                      onClick={() => setScheduleMode('advanced')}
                      className={`px-4 py-2 rounded-lg text-sm font-medium transition-colors ${
                        scheduleMode === 'advanced'
                          ? 'bg-blue-600 text-white'
                          : 'bg-gray-100 dark:bg-gray-700 text-gray-700 dark:text-gray-300 hover:bg-gray-200 dark:hover:bg-gray-600'
                      }`}
                    >
                      Advanced (Cron)
                    </button>
                  </div>
                  {/* Preset Mode */}
@@ -418,16 +507,16 @@ function AdminJobsPageContent() {
                            value={preset.cron}
                            checked={selectedPreset === preset.cron}
                            onChange={(e) => setSelectedPreset(e.target.value)}
-                            className="mt-1 w-4 h-4 text-blue-600 bg-gray-100 border-gray-300 focus:ring-blue-500 dark:bg-gray-700 dark:border-gray-600"
+                            className="mt-1 w-4 h-4 text-blue-600 bg-gray-100 border-gray-300 focus:ring-blue-500 dark:bg-gray-700 dark:border-gray-600 flex-shrink-0"
                          />
-                          <div className="flex-1">
+                          <div className="flex-1 min-w-0">
                            <div className="text-sm font-medium text-gray-900 dark:text-gray-100">
                              {preset.label}
                            </div>
-                            <div className="text-xs text-gray-500 dark:text-gray-400 mt-1">
+                            <div className="text-xs text-gray-500 dark:text-gray-400 mt-0.5">
                              {preset.description}
                            </div>
-                            <div className="text-xs text-gray-400 dark:text-gray-500 font-mono mt-1">
+                            <div className="text-xs text-gray-400 dark:text-gray-500 font-mono mt-0.5">
                              {preset.cron}
                            </div>
                          </div>
@@ -445,8 +534,8 @@ function AdminJobsPageContent() {
                        </label>
                        <select
                          value={customSchedule.type}
-                          onChange={(e) => setCustomSchedule({ ...customSchedule, type: e.target.value as any })}
+                          onChange={(e) => setCustomSchedule({ ...customSchedule, type: e.target.value as CustomSchedule['type'] })}
-                          className="w-full px-3 py-2 bg-white dark:bg-gray-700 text-gray-900 dark:text-gray-100 border border-gray-300 dark:border-gray-600 rounded-lg focus:ring-2 focus:ring-blue-500"
+                          className="w-full px-3 py-2 bg-white dark:bg-gray-700 text-gray-900 dark:text-gray-100 border border-gray-300 dark:border-gray-600 rounded-lg focus:ring-2 focus:ring-blue-500 text-sm"
                        >
                          <option value="minutes">Every X minutes</option>
                          <option value="hours">Every X hours</option>
@@ -456,7 +545,6 @@ function AdminJobsPageContent() {
                        </select>
                      </div>
                      {/* Minutes/Hours Interval */}
                      {(customSchedule.type === 'minutes' || customSchedule.type === 'hours') && (
                        <div>
                          <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-2">
@@ -468,7 +556,7 @@ function AdminJobsPageContent() {
                            max={customSchedule.type === 'minutes' ? 59 : 23}
                            value={customSchedule.interval || 1}
                            onChange={(e) => setCustomSchedule({ ...customSchedule, interval: parseInt(e.target.value, 10) })}
-                            className="w-full px-3 py-2 bg-white dark:bg-gray-700 text-gray-900 dark:text-gray-100 border border-gray-300 dark:border-gray-600 rounded-lg focus:ring-2 focus:ring-blue-500"
+                            className="w-full px-3 py-2 bg-white dark:bg-gray-700 text-gray-900 dark:text-gray-100 border border-gray-300 dark:border-gray-600 rounded-lg focus:ring-2 focus:ring-blue-500 text-sm"
                          />
                          <p className="text-xs text-gray-500 dark:text-gray-400 mt-1">
                            Run every {customSchedule.interval || 1} {customSchedule.type}
@@ -476,12 +564,11 @@ function AdminJobsPageContent() {
                        </div>
                      )}
                      {/* Daily/Weekly/Monthly Time */}
                      {(customSchedule.type === 'daily' || customSchedule.type === 'weekly' || customSchedule.type === 'monthly') && (
                        <div className="grid grid-cols-2 gap-4">
                          <div>
                            <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-2">
-                              Hour (0-23)
+                              Hour (0–23)
                            </label>
                            <input
                              type="number"
@@ -494,12 +581,12 @@ function AdminJobsPageContent() {
                                  time: { hour: parseInt(e.target.value, 10), minute: customSchedule.time?.minute || 0 },
                                })
                              }
-                              className="w-full px-3 py-2 bg-white dark:bg-gray-700 text-gray-900 dark:text-gray-100 border border-gray-300 dark:border-gray-600 rounded-lg focus:ring-2 focus:ring-blue-500"
+                              className="w-full px-3 py-2 bg-white dark:bg-gray-700 text-gray-900 dark:text-gray-100 border border-gray-300 dark:border-gray-600 rounded-lg focus:ring-2 focus:ring-blue-500 text-sm"
                            />
                          </div>
                          <div>
                            <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-2">
-                              Minute (0-59)
+                              Minute (0–59)
                            </label>
                            <input
                              type="number"
@@ -512,13 +599,12 @@ function AdminJobsPageContent() {
                                  time: { hour: customSchedule.time?.hour || 0, minute: parseInt(e.target.value, 10) },
                                })
                              }
-                              className="w-full px-3 py-2 bg-white dark:bg-gray-700 text-gray-900 dark:text-gray-100 border border-gray-300 dark:border-gray-600 rounded-lg focus:ring-2 focus:ring-blue-500"
+                              className="w-full px-3 py-2 bg-white dark:bg-gray-700 text-gray-900 dark:text-gray-100 border border-gray-300 dark:border-gray-600 rounded-lg focus:ring-2 focus:ring-blue-500 text-sm"
                            />
                          </div>
                        </div>
                      )}
                      {/* Weekly Day Selection */}
                      {customSchedule.type === 'weekly' && (
                        <div>
                          <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-2">
@@ -527,7 +613,7 @@ function AdminJobsPageContent() {
                          <select
                            value={customSchedule.dayOfWeek || 0}
                            onChange={(e) => setCustomSchedule({ ...customSchedule, dayOfWeek: parseInt(e.target.value, 10) })}
-                            className="w-full px-3 py-2 bg-white dark:bg-gray-700 text-gray-900 dark:text-gray-100 border border-gray-300 dark:border-gray-600 rounded-lg focus:ring-2 focus:ring-blue-500"
+                            className="w-full px-3 py-2 bg-white dark:bg-gray-700 text-gray-900 dark:text-gray-100 border border-gray-300 dark:border-gray-600 rounded-lg focus:ring-2 focus:ring-blue-500 text-sm"
                          >
                            <option value="0">Sunday</option>
                            <option value="1">Monday</option>
@@ -540,11 +626,10 @@ function AdminJobsPageContent() {
                        </div>
                      )}
                      {/* Monthly Day Selection */}
                      {customSchedule.type === 'monthly' && (
                        <div>
                          <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-2">
-                            Day of Month (1-31)
+                            Day of Month (1–31)
                          </label>
                          <input
                            type="number"
@@ -552,12 +637,11 @@ function AdminJobsPageContent() {
                            max="31"
                            value={customSchedule.dayOfMonth || 1}
                            onChange={(e) => setCustomSchedule({ ...customSchedule, dayOfMonth: parseInt(e.target.value, 10) })}
-                            className="w-full px-3 py-2 bg-white dark:bg-gray-700 text-gray-900 dark:text-gray-100 border border-gray-300 dark:border-gray-600 rounded-lg focus:ring-2 focus:ring-blue-500"
+                            className="w-full px-3 py-2 bg-white dark:bg-gray-700 text-gray-900 dark:text-gray-100 border border-gray-300 dark:border-gray-600 rounded-lg focus:ring-2 focus:ring-blue-500 text-sm"
                          />
                        </div>
                      )}
                      {/* Preview */}
                      <div className="p-3 bg-blue-50 dark:bg-blue-900/20 border border-blue-200 dark:border-blue-800 rounded-lg">
                        <div className="text-sm font-medium text-blue-900 dark:text-blue-200">
                          Preview: {cronToHuman(customScheduleToCron(customSchedule))}
@@ -571,30 +655,32 @@ function AdminJobsPageContent() {
                  {/* Advanced Mode */}
                  {scheduleMode === 'advanced' && (
-                    <div>
+                    <div className="space-y-3">
-                      <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-2">
+                      <div>
-                        Cron Expression
+                        <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-2">
-                      </label>
+                          Cron Expression
-                      <input
+                        </label>
-                        type="text"
+                        <input
-                        value={editForm.schedule}
+                          type="text"
-                        onChange={(e) => setEditForm({ ...editForm, schedule: e.target.value })}
+                          value={editForm.schedule}
-                        placeholder="0 */6 * * *"
+                          onChange={(e) => setEditForm({ ...editForm, schedule: e.target.value })}
-                        className="w-full px-3 py-2 bg-white dark:bg-gray-700 text-gray-900 dark:text-gray-100 border border-gray-300 dark:border-gray-600 rounded-lg focus:ring-2 focus:ring-blue-500 font-mono"
+                          placeholder="0 */6 * * *"
-                      />
+                          className="w-full px-3 py-2 bg-white dark:bg-gray-700 text-gray-900 dark:text-gray-100 border border-gray-300 dark:border-gray-600 rounded-lg focus:ring-2 focus:ring-blue-500 font-mono text-sm"
-                      <p className="text-xs text-gray-500 dark:text-gray-400 mt-1">
+                        />
-                        Format: minute hour day month weekday
+                        <p className="text-xs text-gray-500 dark:text-gray-400 mt-1">
-                      </p>
+                          Format: minute hour day month weekday
-                      <div className="mt-2 p-3 bg-gray-50 dark:bg-gray-700 rounded-lg">
+                        </p>
-                        <div className="text-xs text-gray-600 dark:text-gray-400 space-y-1">
+                      </div>
-                          <div>• */15 * * * * = Every 15 minutes</div>
+                      <div className="p-3 bg-gray-50 dark:bg-gray-700 rounded-lg">
-                          <div>• 0 */6 * * * = Every 6 hours</div>
+                        <div className="text-xs text-gray-600 dark:text-gray-400 space-y-1 font-mono">
-                          <div>• 0 0 * * * = Daily at midnight</div>
+                          <div>*/15 * * * * = Every 15 minutes</div>
-                          <div>• 0 0 * * 0 = Weekly on Sunday</div>
+                          <div>0 */6 * * * = Every 6 hours</div>
                          <div>0 0 * * * = Daily at midnight</div>
                          <div>0 0 * * 0 = Weekly on Sunday</div>
                        </div>
                      </div>
                      {editForm.schedule && (
-                        <div className="mt-2 p-3 bg-blue-50 dark:bg-blue-900/20 border border-blue-200 dark:border-blue-800 rounded-lg">
+                        <div className="p-3 bg-blue-50 dark:bg-blue-900/20 border border-blue-200 dark:border-blue-800 rounded-lg">
                          <div className="text-sm font-medium text-blue-900 dark:text-blue-200">
                            Preview: {cronToHuman(editForm.schedule)}
                          </div>
@@ -604,34 +690,34 @@ function AdminJobsPageContent() {
                  )}
                </div>
-                {/* Enabled Checkbox */}
+                {/* Enabled toggle */}
-                <div className="flex items-center gap-2 pt-4 border-t border-gray-200 dark:border-gray-700">
+                <div className="flex items-center gap-3 pt-4 border-t border-gray-200 dark:border-gray-700">
                  <input
                    type="checkbox"
                    id="enabled"
                    checked={editForm.enabled}
                    onChange={(e) => setEditForm({ ...editForm, enabled: e.target.checked })}
-                    className="w-4 h-4 text-blue-600 bg-gray-100 border-gray-300 rounded focus:ring-blue-500 dark:bg-gray-700 dark:border-gray-600"
+                    className="w-4 h-4 text-blue-600 bg-gray-100 border-gray-300 rounded focus:ring-blue-500 dark:bg-gray-700 dark:border-gray-600 flex-shrink-0"
                  />
-                  <label htmlFor="enabled" className="text-sm font-medium text-gray-700 dark:text-gray-300">
+                  <label htmlFor="enabled" className="text-sm font-medium text-gray-700 dark:text-gray-300 cursor-pointer">
                    Enable this job
                  </label>
                </div>
              </div>
-              {/* Actions */}
+              {/* Dialog footer */}
-              <div className="flex justify-end gap-3">
+              <div className="sticky bottom-0 bg-white dark:bg-gray-800 px-5 py-4 border-t border-gray-200 dark:border-gray-700 flex gap-3">
                <button
                  onClick={hideEditDialog}
                  disabled={saving}
-                  className="px-4 py-2 text-gray-700 dark:text-gray-300 bg-gray-100 dark:bg-gray-700 hover:bg-gray-200 dark:hover:bg-gray-600 rounded-lg transition-colors disabled:opacity-50 disabled:cursor-not-allowed"
+                  className="flex-1 sm:flex-none px-4 py-2.5 text-gray-700 dark:text-gray-300 bg-gray-100 dark:bg-gray-700 hover:bg-gray-200 dark:hover:bg-gray-600 rounded-lg transition-colors text-sm font-medium disabled:opacity-50 disabled:cursor-not-allowed"
                >
                  Cancel
                </button>
                <button
                  onClick={saveJobSchedule}
                  disabled={saving}
-                  className="px-4 py-2 text-white bg-blue-600 hover:bg-blue-700 rounded-lg transition-colors disabled:opacity-50 disabled:cursor-not-allowed"
+                  className="flex-1 sm:flex-none px-4 py-2.5 text-white bg-blue-600 hover:bg-blue-700 rounded-lg transition-colors text-sm font-medium disabled:opacity-50 disabled:cursor-not-allowed"
                >
                  {saving ? 'Saving...' : 'Save Changes'}
                </button>
@@ -56,6 +56,119 @@ interface LogsData {
  };
 }
 function StatusBadge({ status }: { status: string }) {
  const config: Record<string, { dot: string; text: string; bg: string }> = {
    completed: { dot: 'bg-emerald-500', text: 'text-emerald-700 dark:text-emerald-400', bg: 'bg-emerald-500/10' },
    failed: { dot: 'bg-red-500', text: 'text-red-700 dark:text-red-400', bg: 'bg-red-500/10' },
    active: { dot: 'bg-blue-500', text: 'text-blue-700 dark:text-blue-400', bg: 'bg-blue-500/10' },
    pending: { dot: 'bg-amber-500', text: 'text-amber-700 dark:text-amber-400', bg: 'bg-amber-500/10' },
    delayed: { dot: 'bg-orange-500', text: 'text-orange-700 dark:text-orange-400', bg: 'bg-orange-500/10' },
    stuck: { dot: 'bg-purple-500', text: 'text-purple-700 dark:text-purple-400', bg: 'bg-purple-500/10' },
  };
  const c = config[status] ?? { dot: 'bg-gray-400', text: 'text-gray-600 dark:text-gray-400', bg: 'bg-gray-500/10' };
  return (
    <span className={`inline-flex items-center gap-1.5 px-2.5 py-0.5 rounded-full text-xs font-medium ${c.bg} ${c.text}`}>
      <span className={`w-1.5 h-1.5 rounded-full flex-shrink-0 ${c.dot}`} />
      {status.charAt(0).toUpperCase() + status.slice(1)}
    </span>
  );
 }
 function LogDetails({ log }: { log: Log }) {
  return (
    <div className="space-y-4">
      {log.bullJobId && (
        <div className="flex flex-wrap gap-1.5 items-baseline">
          <span className="text-xs font-medium text-gray-500 dark:text-gray-400">Bull Job ID:</span>
          <span className="text-xs text-gray-700 dark:text-gray-300 font-mono break-all">{log.bullJobId}</span>
        </div>
      )}
      {log.events.length > 0 && (
        <div>
          <h4 className="text-xs font-semibold text-gray-700 dark:text-gray-300 uppercase tracking-wide mb-2">
            Event Log
          </h4>
          <div className="space-y-px max-h-72 sm:max-h-96 overflow-y-auto bg-gray-950 dark:bg-black/60 rounded-xl p-3 font-mono text-xs">
            {log.events.map((event) => {
              const timestamp = new Date(event.createdAt).toISOString().split('T')[1].split('.')[0];
              const levelColor = event.level === 'error'
                ? 'text-red-400'
                : event.level === 'warn'
                ? 'text-amber-400'
                : 'text-emerald-400';
              return (
                <div key={event.id} className="text-gray-300 leading-relaxed">
                  <span className={levelColor}>[{event.context}]</span>
                  {' '}
                  <span className="break-words">{event.message}</span>
                  <span className="text-gray-500 ml-2">{timestamp}</span>
                  {event.metadata && Object.keys(event.metadata).length > 0 && (
                    <pre className="ml-4 mt-1 text-gray-400 text-xs overflow-x-auto">
                      {JSON.stringify(event.metadata, null, 2)}
                    </pre>
                  )}
                </div>
              );
            })}
          </div>
        </div>
      )}
      {log.result && Object.keys(log.result).length > 0 && (
        <div>
          <h4 className="text-xs font-semibold text-gray-700 dark:text-gray-300 uppercase tracking-wide mb-2">
            Job Result
          </h4>
          <pre className="p-3 bg-blue-50 dark:bg-blue-900/20 border border-blue-200 dark:border-blue-800 rounded-xl text-xs text-blue-900 dark:text-blue-300 font-mono overflow-x-auto max-h-48">
            {JSON.stringify(log.result, null, 2)}
          </pre>
        </div>
      )}
      {log.errorMessage && (
        <div>
          <h4 className="text-xs font-semibold text-gray-700 dark:text-gray-300 uppercase tracking-wide mb-2">
            Error
          </h4>
          <div className="p-3 bg-red-50 dark:bg-red-900/20 border border-red-200 dark:border-red-800 rounded-xl text-xs text-red-700 dark:text-red-300 font-mono whitespace-pre-wrap break-words">
            {log.errorMessage}
          </div>
        </div>
      )}
    </div>
  );
 }
 function formatDuration(startedAt: string | null, completedAt: string | null) {
  if (!startedAt) return 'N/A';
  if (!completedAt) return 'Running…';
  const durationMs = new Date(completedAt).getTime() - new Date(startedAt).getTime();
  const seconds = Math.floor(durationMs / 1000);
  const minutes = Math.floor(seconds / 60);
  const hours = Math.floor(minutes / 60);
  if (hours > 0) return `${hours}h ${minutes % 60}m`;
  if (minutes > 0) return `${minutes}m ${seconds % 60}s`;
  return `${seconds}s`;
 }
 function formatType(type: string) {
  return type.replace(/_/g, ' ').replace(/\b\w/g, (l) => l.toUpperCase());
 }
 function formatDateShort(dateStr: string) {
  const d = new Date(dateStr);
  const now = new Date();
  const isToday = d.toDateString() === now.toDateString();
  if (isToday) {
    return d.toLocaleTimeString([], { hour: '2-digit', minute: '2-digit', second: '2-digit' });
  }
  return d.toLocaleDateString([], { month: 'short', day: 'numeric' }) + ' ' +
    d.toLocaleTimeString([], { hour: '2-digit', minute: '2-digit' });
 }
 export default function AdminLogsPage() {
  const [page, setPage] = useState(1);
  const [statusFilter, setStatusFilter] = useState('all');
@@ -65,9 +178,7 @@ export default function AdminLogsPage() {
  const { data, error } = useSWR<LogsData>(
    `/api/admin/logs?page=${page}&limit=50&status=${statusFilter}&type=${typeFilter}`,
    authenticatedFetcher,
-    {
+    { refreshInterval: 10000 }
      refreshInterval: 10000, // Refresh every 10 seconds
    }
  );
  const isLoading = !data && !error;
@@ -87,9 +198,7 @@ export default function AdminLogsPage() {
      <div className="min-h-screen bg-gray-50 dark:bg-gray-900 p-8">
        <div className="max-w-7xl mx-auto">
          <div className="bg-red-50 dark:bg-red-900/20 border border-red-200 dark:border-red-800 rounded-lg p-4">
-            <h3 className="text-sm font-medium text-red-800 dark:text-red-200">
+            <h3 className="text-sm font-medium text-red-800 dark:text-red-200">Error Loading Logs</h3>
              Error Loading Logs
            </h3>
            <p className="text-sm text-red-700 dark:text-red-300 mt-1">
              {error?.message || 'Failed to load system logs'}
            </p>
@@ -101,80 +210,45 @@ export default function AdminLogsPage() {
  const logs = data?.logs || [];
  const pagination = data?.pagination;
-
+  const hasDetails = (log: Log) => log.events.length > 0 || !!log.errorMessage || !!log.bullJobId || (log.result && Object.keys(log.result).length > 0);
  const getStatusBadgeColor = (status: string) => {
    switch (status) {
      case 'completed':
        return 'bg-green-100 text-green-800 dark:bg-green-900/30 dark:text-green-400';
      case 'failed':
        return 'bg-red-100 text-red-800 dark:bg-red-900/30 dark:text-red-400';
      case 'active':
        return 'bg-blue-100 text-blue-800 dark:bg-blue-900/30 dark:text-blue-400';
      case 'pending':
        return 'bg-yellow-100 text-yellow-800 dark:bg-yellow-900/30 dark:text-yellow-400';
      case 'delayed':
        return 'bg-orange-100 text-orange-800 dark:bg-orange-900/30 dark:text-orange-400';
      case 'stuck':
        return 'bg-purple-100 text-purple-800 dark:bg-purple-900/30 dark:text-purple-400';
      default:
        return 'bg-gray-100 text-gray-800 dark:bg-gray-700 dark:text-gray-400';
    }
  };
  const formatDuration = (startedAt: string | null, completedAt: string | null) => {
    if (!startedAt) return 'N/A';
    if (!completedAt) return 'Running...';
    const start = new Date(startedAt).getTime();
    const end = new Date(completedAt).getTime();
    const durationMs = end - start;
    const seconds = Math.floor(durationMs / 1000);
    const minutes = Math.floor(seconds / 60);
    const hours = Math.floor(minutes / 60);
    if (hours > 0) return `${hours}h ${minutes % 60}m`;
    if (minutes > 0) return `${minutes}m ${seconds % 60}s`;
    return `${seconds}s`;
  };
  return (
    <div className="min-h-screen bg-gray-50 dark:bg-gray-900">
-      <div className="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 py-8">
+      <div className="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 py-6 sm:py-8">
-        {/* Header */}
+
-        <div className="sticky top-0 z-10 mb-8 flex items-center justify-between bg-gray-50 dark:bg-gray-900 py-4 -mx-4 px-4 sm:-mx-6 sm:px-6 lg:-mx-8 lg:px-8 border-b border-gray-200 dark:border-gray-800">
+        {/* Header — stacks on mobile, row on sm+ */}
-          <div>
+        <div className="sticky top-0 z-10 mb-6 sm:mb-8 bg-gray-50 dark:bg-gray-900 py-4 -mx-4 px-4 sm:-mx-6 sm:px-6 lg:-mx-8 lg:px-8 border-b border-gray-200 dark:border-gray-800">
-            <h1 className="text-3xl font-bold text-gray-900 dark:text-gray-100">
+          <div className="flex flex-col gap-3 sm:flex-row sm:items-center sm:justify-between">
-              System Logs
+            <div>
-            </h1>
+              <h1 className="text-2xl sm:text-3xl font-bold text-gray-900 dark:text-gray-100">
-            <p className="text-gray-600 dark:text-gray-400 mt-2">
+                System Logs
-              View background jobs and system activity
+              </h1>
-            </p>
+              <p className="text-sm text-gray-600 dark:text-gray-400 mt-1">
                View background jobs and system activity
              </p>
            </div>
            <Link
              href="/admin"
              className="inline-flex items-center gap-2 px-4 py-2.5 bg-gray-200 dark:bg-gray-700 hover:bg-gray-300 dark:hover:bg-gray-600 text-gray-900 dark:text-gray-100 rounded-lg transition-colors text-sm font-medium self-start sm:self-auto flex-shrink-0"
            >
              <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M10 19l-7-7m0 0l7-7m-7 7h18" />
              </svg>
              <span>Back to Dashboard</span>
            </Link>
          </div>
          <Link
            href="/admin"
            className="inline-flex items-center gap-2 px-4 py-2 bg-gray-200 dark:bg-gray-700 hover:bg-gray-300 dark:hover:bg-gray-600 text-gray-900 dark:text-gray-100 rounded-lg transition-colors"
          >
            <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M10 19l-7-7m0 0l7-7m-7 7h18" />
            </svg>
            <span>Back to Dashboard</span>
          </Link>
        </div>
-        {/* Filters */}
+        {/* Filters — full-width stacked on mobile */}
-        <div className="mb-6 flex flex-wrap gap-4">
+        <div className="mb-6 grid grid-cols-1 sm:grid-cols-2 gap-3 sm:gap-4">
          <div>
-            <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-2">
+            <label className="block text-xs font-semibold text-gray-500 dark:text-gray-400 uppercase tracking-wide mb-1.5">
              Status
            </label>
            <select
              value={statusFilter}
-              onChange={(e) => {
+              onChange={(e) => { setStatusFilter(e.target.value); setPage(1); }}
-                setStatusFilter(e.target.value);
+              className="w-full px-3 py-2.5 bg-white dark:bg-gray-700 text-gray-900 dark:text-gray-100 border border-gray-300 dark:border-gray-600 rounded-lg focus:ring-2 focus:ring-blue-500 text-sm"
                setPage(1);
              }}
              className="px-3 py-2 bg-white dark:bg-gray-700 text-gray-900 dark:text-gray-100 border border-gray-300 dark:border-gray-600 rounded-lg focus:ring-2 focus:ring-blue-500"
            >
              <option value="all">All Statuses</option>
              <option value="pending">Pending</option>
@@ -186,16 +260,13 @@ export default function AdminLogsPage() {
            </select>
          </div>
          <div>
-            <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-2">
+            <label className="block text-xs font-semibold text-gray-500 dark:text-gray-400 uppercase tracking-wide mb-1.5">
              Job Type
            </label>
            <select
              value={typeFilter}
-              onChange={(e) => {
+              onChange={(e) => { setTypeFilter(e.target.value); setPage(1); }}
-                setTypeFilter(e.target.value);
+              className="w-full px-3 py-2.5 bg-white dark:bg-gray-700 text-gray-900 dark:text-gray-100 border border-gray-300 dark:border-gray-600 rounded-lg focus:ring-2 focus:ring-blue-500 text-sm"
                setPage(1);
              }}
              className="px-3 py-2 bg-white dark:bg-gray-700 text-gray-900 dark:text-gray-100 border border-gray-300 dark:border-gray-600 rounded-lg focus:ring-2 focus:ring-blue-500"
            >
              <option value="all">All Types</option>
              <option value="search_indexers">Search Indexers</option>
@@ -215,8 +286,77 @@ export default function AdminLogsPage() {
          </div>
        </div>
-        {/* Logs Table */}
+        {/* Mobile card list — hidden on sm+ */}
-        <div className="bg-white dark:bg-gray-800 rounded-lg shadow overflow-hidden">
+        <div className="space-y-3 sm:hidden">
          {logs.map((log) => (
            <div
              key={log.id}
              className="bg-white dark:bg-gray-800 rounded-xl border border-gray-200 dark:border-gray-700 overflow-hidden"
            >
              {/* Card header */}
              <div className="px-4 py-3">
                <div className="flex items-start justify-between gap-3 mb-2">
                  <div className="font-semibold text-gray-900 dark:text-gray-100 text-sm leading-snug">
                    {formatType(log.type)}
                  </div>
                  <StatusBadge status={log.status} />
                </div>
                {/* Related item */}
                {log.request?.audiobook ? (
                  <div className="text-sm mb-2">
                    <div className="text-gray-700 dark:text-gray-300 font-medium leading-snug">
                      {log.request.audiobook.title}
                    </div>
                    <div className="text-gray-500 dark:text-gray-400 text-xs">
                      by {log.request.audiobook.author} &middot; {log.request.user.plexUsername}
                    </div>
                  </div>
                ) : (
                  <div className="text-xs text-gray-500 dark:text-gray-400 mb-2">System job</div>
                )}
                {/* Meta row */}
                <div className="flex flex-wrap gap-x-4 gap-y-1 text-xs text-gray-500 dark:text-gray-400">
                  <span>{formatDateShort(log.createdAt)}</span>
                  <span>Duration: {formatDuration(log.startedAt, log.completedAt)}</span>
                  <span>Attempts: {log.attempts}/{log.maxAttempts}</span>
                </div>
              </div>
              {/* Expandable details */}
              {hasDetails(log) && (
                <>
                  <button
                    onClick={() => setExpandedLog(expandedLog === log.id ? null : log.id)}
                    className="w-full flex items-center justify-between px-4 py-2.5 border-t border-gray-100 dark:border-gray-700/60 text-xs font-medium text-blue-600 dark:text-blue-400 hover:bg-gray-50 dark:hover:bg-gray-700/40 transition-colors"
                  >
                    <span>{expandedLog === log.id ? 'Hide Details' : 'Show Details'}</span>
                    <svg
                      className={`w-4 h-4 transition-transform duration-200 ${expandedLog === log.id ? 'rotate-180' : ''}`}
                      fill="none" stroke="currentColor" viewBox="0 0 24 24"
                    >
                      <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M19 9l-7 7-7-7" />
                    </svg>
                  </button>
                  {expandedLog === log.id && (
                    <div className="px-4 pb-4 pt-3 bg-gray-50 dark:bg-gray-900/50 border-t border-gray-100 dark:border-gray-700/60">
                      <LogDetails log={log} />
                    </div>
                  )}
                </>
              )}
            </div>
          ))}
          {logs.length === 0 && (
            <div className="text-center py-12">
              <p className="text-gray-500 dark:text-gray-400">No logs found</p>
            </div>
          )}
        </div>
        {/* Desktop table — hidden on mobile */}
        <div className="hidden sm:block bg-white dark:bg-gray-800 rounded-lg shadow overflow-hidden">
          <div className="overflow-x-auto">
            <table className="min-w-full divide-y divide-gray-200 dark:divide-gray-700">
              <thead className="bg-gray-50 dark:bg-gray-900">
@@ -253,13 +393,11 @@ export default function AdminLogsPage() {
                      </td>
                      <td className="px-6 py-4 whitespace-nowrap">
                        <div className="text-sm font-medium text-gray-900 dark:text-gray-100">
-                          {log.type.replace(/_/g, ' ').replace(/\b\w/g, (l) => l.toUpperCase())}
+                          {formatType(log.type)}
                        </div>
                      </td>
                      <td className="px-6 py-4 whitespace-nowrap">
-                        <span className={`px-2 inline-flex text-xs leading-5 font-semibold rounded-full ${getStatusBadgeColor(log.status)}`}>
+                        <StatusBadge status={log.status} />
                          {log.status.toUpperCase()}
                        </span>
                      </td>
                      <td className="px-6 py-4">
                        {log.request?.audiobook ? (
@@ -285,7 +423,7 @@ export default function AdminLogsPage() {
                        {log.attempts}/{log.maxAttempts}
                      </td>
                      <td className="px-6 py-4 whitespace-nowrap text-right text-sm font-medium">
-                        {(log.events.length > 0 || log.errorMessage || log.bullJobId || log.result) && (
+                        {hasDetails(log) && (
                          <button
                            onClick={() => setExpandedLog(expandedLog === log.id ? null : log.id)}
                            className="text-blue-600 hover:text-blue-900 dark:text-blue-400 dark:hover:text-blue-300"
@@ -298,63 +436,7 @@ export default function AdminLogsPage() {
                    {expandedLog === log.id && (
                      <tr>
                        <td colSpan={7} className="px-6 py-4 bg-gray-50 dark:bg-gray-900">
-                          <div className="space-y-4">
+                          <LogDetails log={log} />
                            {log.bullJobId && (
                              <div>
                                <span className="text-sm font-medium text-gray-700 dark:text-gray-300">Bull Job ID: </span>
                                <span className="text-sm text-gray-600 dark:text-gray-400 font-mono">{log.bullJobId}</span>
                              </div>
                            )}
                            {/* Event Logs */}
                            {log.events.length > 0 && (
                              <div>
                                <h4 className="text-sm font-medium text-gray-700 dark:text-gray-300 mb-2">Event Log</h4>
                                <div className="space-y-1 max-h-96 overflow-y-auto bg-black/5 dark:bg-black/30 rounded p-3 font-mono text-xs">
                                  {log.events.map((event) => {
                                    const timestamp = new Date(event.createdAt).toISOString().split('T')[1].split('.')[0];
                                    const levelColor = event.level === 'error'
                                      ? 'text-red-500'
                                      : event.level === 'warn'
                                      ? 'text-yellow-500'
                                      : 'text-green-500';
                                    return (
                                      <div key={event.id} className="text-gray-800 dark:text-gray-200">
                                        <span className={levelColor}>[{event.context}]</span> {event.message}
                                        <span className="text-gray-500 dark:text-gray-400 ml-2">{timestamp}</span>
                                        {event.metadata && Object.keys(event.metadata).length > 0 && (
                                          <pre className="ml-4 mt-1 text-gray-600 dark:text-gray-400 text-xs">
                                            {JSON.stringify(event.metadata, null, 2)}
                                          </pre>
                                        )}
                                      </div>
                                    );
                                  })}
                                </div>
                              </div>
                            )}
                            {/* Result Data */}
                            {log.result && Object.keys(log.result).length > 0 && (
                              <div>
                                <h4 className="text-sm font-medium text-gray-700 dark:text-gray-300 mb-2">Job Result</h4>
                                <pre className="p-3 bg-blue-50 dark:bg-blue-900/20 border border-blue-200 dark:border-blue-800 rounded text-xs text-blue-900 dark:text-blue-300 font-mono overflow-x-auto">
                                  {JSON.stringify(log.result, null, 2)}
                                </pre>
                              </div>
                            )}
                            {/* Error Message */}
                            {log.errorMessage && (
                              <div>
                                <h4 className="text-sm font-medium text-gray-700 dark:text-gray-300 mb-2">Error</h4>
                                <div className="p-3 bg-red-50 dark:bg-red-900/20 border border-red-200 dark:border-red-800 rounded text-sm text-red-700 dark:text-red-300 font-mono whitespace-pre-wrap">
                                  {log.errorMessage}
                                </div>
                              </div>
                            )}
                          </div>
                        </td>
                      </tr>
                    )}
@@ -373,24 +455,31 @@ export default function AdminLogsPage() {
        {/* Pagination */}
        {pagination && pagination.totalPages > 1 && (
-          <div className="mt-6 flex items-center justify-between">
+          <div className="mt-6 flex flex-col sm:flex-row items-center gap-3 sm:justify-between">
-            <div className="text-sm text-gray-700 dark:text-gray-300">
+            <div className="text-sm text-gray-600 dark:text-gray-400 order-2 sm:order-1">
-              Page {pagination.page} of {pagination.totalPages} ({pagination.total} total logs)
+              Page {pagination.page} of {pagination.totalPages}
              <span className="hidden sm:inline"> ({pagination.total} total logs)</span>
            </div>
-            <div className="flex gap-2">
+            <div className="flex gap-2 order-1 sm:order-2">
              <button
                onClick={() => setPage(page - 1)}
                disabled={page === 1}
-                className="px-4 py-2 text-sm font-medium text-gray-700 dark:text-gray-300 bg-white dark:bg-gray-700 border border-gray-300 dark:border-gray-600 rounded-lg hover:bg-gray-50 dark:hover:bg-gray-600 disabled:opacity-50 disabled:cursor-not-allowed"
+                className="flex items-center gap-1.5 px-4 py-2 text-sm font-medium text-gray-700 dark:text-gray-300 bg-white dark:bg-gray-700 border border-gray-300 dark:border-gray-600 rounded-lg hover:bg-gray-50 dark:hover:bg-gray-600 disabled:opacity-50 disabled:cursor-not-allowed transition-colors"
              >
                <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                  <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M15 19l-7-7 7-7" />
                </svg>
                Previous
              </button>
              <button
                onClick={() => setPage(page + 1)}
                disabled={page === pagination.totalPages}
-                className="px-4 py-2 text-sm font-medium text-gray-700 dark:text-gray-300 bg-white dark:bg-gray-700 border border-gray-300 dark:border-gray-600 rounded-lg hover:bg-gray-50 dark:hover:bg-gray-600 disabled:opacity-50 disabled:cursor-not-allowed"
+                className="flex items-center gap-1.5 px-4 py-2 text-sm font-medium text-gray-700 dark:text-gray-300 bg-white dark:bg-gray-700 border border-gray-300 dark:border-gray-600 rounded-lg hover:bg-gray-50 dark:hover:bg-gray-600 disabled:opacity-50 disabled:cursor-not-allowed transition-colors"
              >
                Next
                <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                  <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 5l7 7-7 7" />
                </svg>
              </button>
            </div>
          </div>
@@ -403,11 +492,10 @@ export default function AdminLogsPage() {
          </h3>
          <ul className="text-sm text-blue-700 dark:text-blue-300 space-y-1">
            <li>• Logs are automatically refreshed every 10 seconds</li>
-            <li>• Click "Show Details" to view detailed event logs, job results, and error messages</li>
+            <li>• Tap &quot;Show Details&quot; to view event logs, job results, and errors</li>
-            <li>• Event logs show all internal operations with timestamps (similar to Docker logs)</li>
+            <li>• Event logs show all internal operations with timestamps</li>
            <li>• Jobs are retried automatically based on their max attempts setting</li>
            <li>• Use filters to find specific job types or statuses</li>
            <li>• All job types are tracked: searches, downloads, file organization, library scans, RSS monitoring, and more</li>
          </ul>
        </div>
      </div>
@@ -12,17 +12,35 @@ import { MetricCard } from './components/MetricCard';
 import { ActiveDownloadsTable } from './components/ActiveDownloadsTable';
 import { RecentRequestsTable } from './components/RecentRequestsTable';
 import { ToastProvider, useToast } from '@/components/ui/Toast';
 import { ReportedIssuesSection } from './components/ReportedIssuesSection';
 import { InteractiveTorrentSearchModal } from '@/components/requests/InteractiveTorrentSearchModal';
 import { TorrentResult } from '@/lib/utils/ranking-algorithm';
 import { formatDistanceToNow } from 'date-fns';
 import { useState } from 'react';
 interface SelectedTorrentData {
  title?: string;
  indexer?: string;
  size?: number;
  format?: string;
  ebookFormat?: string;
  seeders?: number;
  infoUrl?: string;
  source?: string;
  protocol?: string;
  score?: number;
 }
 interface PendingApprovalRequest {
  id: string;
  createdAt: string;
  type: 'audiobook' | 'ebook';
  selectedTorrent: SelectedTorrentData | null;
  audiobook: {
    title: string;
    author: string;
    coverArtUrl: string | null;
    audibleAsin: string | null;
  };
  user: {
    id: string;
@@ -31,9 +49,20 @@ interface PendingApprovalRequest {
  };
 }
 function formatTorrentSize(bytes: number): string {
  const gb = bytes / (1024 ** 3);
  const mb = bytes / (1024 ** 2);
  return gb >= 1 ? `${gb.toFixed(1)} GB` : `${mb.toFixed(0)} MB`;
 }
 function PendingApprovalSection({ requests }: { requests: PendingApprovalRequest[] }) {
  const toast = useToast();
  const [loadingStates, setLoadingStates] = useState<Record<string, boolean>>({});
  const [searchModalRequestId, setSearchModalRequestId] = useState<string | null>(null);
  const searchModalRequest = searchModalRequestId
    ? requests.find((r) => r.id === searchModalRequestId)
    : null;
  const handleApproveRequest = async (requestId: string) => {
    setLoadingStates((prev) => ({ ...prev, [requestId]: true }));
@@ -46,7 +75,6 @@ function PendingApprovalSection({ requests }: { requests: PendingApprovalRequest
      toast.success('Request approved');
      // Mutate both pending requests and recent requests caches
      await mutate('/api/admin/requests/pending-approval');
      await mutate('/api/admin/requests/recent');
      await mutate('/api/admin/metrics');
@@ -71,7 +99,6 @@ function PendingApprovalSection({ requests }: { requests: PendingApprovalRequest
      toast.success('Request denied');
      // Mutate pending requests cache
      await mutate('/api/admin/requests/pending-approval');
      await mutate('/api/admin/metrics');
    } catch (error) {
@@ -84,6 +111,26 @@ function PendingApprovalSection({ requests }: { requests: PendingApprovalRequest
    }
  };
  const handleApproveWithTorrent = async (requestId: string, torrent: TorrentResult) => {
    await fetchJSON(`/api/admin/requests/${requestId}/approve`, {
      method: 'POST',
      body: JSON.stringify({ action: 'approve', selectedTorrent: torrent }),
    });
    toast.success('Request approved and download started');
    await mutate('/api/admin/requests/pending-approval');
    await mutate('/api/admin/requests/recent');
    await mutate('/api/admin/metrics');
  };
  const LoadingSpinner = () => (
    <svg className="animate-spin h-4 w-4" fill="none" viewBox="0 0 24 24">
      <circle className="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" strokeWidth="4" />
      <path className="opacity-75" fill="currentColor" d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z" />
    </svg>
  );
  return (
    <div className="mb-8">
      {/* Section Header */}
@@ -115,6 +162,9 @@ function PendingApprovalSection({ requests }: { requests: PendingApprovalRequest
      <div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-4">
        {requests.map((request) => {
          const isLoading = loadingStates[request.id] || false;
          const torrent = request.selectedTorrent;
          const displayFormat = torrent?.format || torrent?.ebookFormat;
          const isAnnasArchive = torrent?.source === 'annas_archive';
          return (
            <div
@@ -204,89 +254,107 @@ function PendingApprovalSection({ requests }: { requests: PendingApprovalRequest
                </div>
              </div>
              {/* Pre-Selected Release */}
              {torrent && torrent.title && (
                <div className="mx-4 mb-3 px-3 py-2.5 bg-gray-50 dark:bg-gray-900/60 rounded-lg border border-gray-200 dark:border-gray-700/60">
                  <div className="flex items-center gap-1.5 mb-1">
                    <svg className="w-3 h-3 text-gray-400 dark:text-gray-500 flex-shrink-0" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                      <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M13.828 10.172a4 4 0 00-5.656 0l-4 4a4 4 0 105.656 5.656l1.102-1.101m-.758-4.899a4 4 0 005.656 0l4-4a4 4 0 00-5.656-5.656l-1.1 1.1" />
                    </svg>
                    <span className="text-[10px] font-semibold uppercase tracking-wider text-gray-400 dark:text-gray-500">
                      User-Selected Release
                    </span>
                  </div>
                  {torrent.infoUrl ? (
                    <a
                      href={torrent.infoUrl}
                      target="_blank"
                      rel="noopener noreferrer"
                      className="text-xs font-medium text-blue-600 dark:text-blue-400 hover:text-blue-700 dark:hover:text-blue-300 transition-colors line-clamp-2 leading-snug"
                      title={torrent.title}
                    >
                      {torrent.title}
                    </a>
                  ) : (
                    <p className="text-xs font-medium text-gray-700 dark:text-gray-300 line-clamp-2 leading-snug" title={torrent.title}>
                      {torrent.title}
                    </p>
                  )}
                  <div className="flex items-center gap-1 mt-1.5 text-[11px] text-gray-500 dark:text-gray-400 flex-wrap">
                    {isAnnasArchive ? (
                      <span className="text-orange-600 dark:text-orange-400 font-medium">Anna&apos;s Archive</span>
                    ) : torrent.indexer ? (
                      <span>{torrent.indexer}</span>
                    ) : null}
                    {torrent.size && torrent.size > 0 ? (
                      <>
                        <span className="text-gray-300 dark:text-gray-600 select-none">&middot;</span>
                        <span>{formatTorrentSize(torrent.size)}</span>
                      </>
                    ) : null}
                    {displayFormat ? (
                      <>
                        <span className="text-gray-300 dark:text-gray-600 select-none">&middot;</span>
                        <span className="px-1 py-px text-[10px] font-semibold uppercase tracking-wide rounded bg-purple-100 dark:bg-purple-500/15 text-purple-700 dark:text-purple-300">
                          {displayFormat}
                        </span>
                      </>
                    ) : null}
                    {torrent.protocol === 'usenet' ? (
                      <>
                        <span className="text-gray-300 dark:text-gray-600 select-none">&middot;</span>
                        <span className="text-sky-600 dark:text-sky-400 font-medium">NZB</span>
                      </>
                    ) : torrent.seeders !== undefined && torrent.seeders !== null ? (
                      <>
                        <span className="text-gray-300 dark:text-gray-600 select-none">&middot;</span>
                        <span className="text-emerald-600 dark:text-emerald-400">{torrent.seeders} seeds</span>
                      </>
                    ) : null}
                    {torrent.score !== undefined && torrent.score !== null ? (
                      <>
                        <span className="text-gray-300 dark:text-gray-600 select-none">&middot;</span>
                        <span className="font-medium">Score {Math.round(torrent.score)}</span>
                      </>
                    ) : null}
                  </div>
                </div>
              )}
              {/* Action Buttons */}
              <div className="border-t border-amber-200 dark:border-amber-800 bg-gray-50 dark:bg-gray-900/50 px-4 py-3 flex gap-2">
                <button
                  onClick={() => handleApproveRequest(request.id)}
                  disabled={isLoading}
-                  className="flex-1 inline-flex items-center justify-center gap-2 px-3 py-2 bg-green-600 hover:bg-green-700 disabled:bg-green-400 disabled:cursor-not-allowed text-white text-sm font-medium rounded-lg transition-colors"
+                  className="flex-1 inline-flex items-center justify-center gap-1.5 px-3 py-2 bg-green-600 hover:bg-green-700 disabled:bg-green-400 disabled:cursor-not-allowed text-white text-sm font-medium rounded-lg transition-colors"
                >
-                  {isLoading ? (
+                  {isLoading ? <LoadingSpinner /> : (
-                    <svg
+                    <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                      className="animate-spin h-4 w-4"
+                      <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M5 13l4 4L19 7" />
                      fill="none"
                      viewBox="0 0 24 24"
                    >
                      <circle
                        className="opacity-25"
                        cx="12"
                        cy="12"
                        r="10"
                        stroke="currentColor"
                        strokeWidth="4"
                      />
                      <path
                        className="opacity-75"
                        fill="currentColor"
                        d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z"
                      />
                    </svg>
                  ) : (
                    <svg
                      className="w-4 h-4"
                      fill="none"
                      stroke="currentColor"
                      viewBox="0 0 24 24"
                    >
                      <path
                        strokeLinecap="round"
                        strokeLinejoin="round"
                        strokeWidth={2}
                        d="M5 13l4 4L19 7"
                      />
                    </svg>
                  )}
                  <span>Approve</span>
                </button>
                <button
                  onClick={() => setSearchModalRequestId(request.id)}
                  disabled={isLoading}
                  className="flex-1 inline-flex items-center justify-center gap-1.5 px-3 py-2 bg-blue-600 hover:bg-blue-700 disabled:bg-blue-400 disabled:cursor-not-allowed text-white text-sm font-medium rounded-lg transition-colors"
                >
                  <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                    <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M21 21l-6-6m2-5a7 7 0 11-14 0 7 7 0 0114 0z" />
                  </svg>
                  <span>Search</span>
                </button>
                <button
                  onClick={() => handleDenyRequest(request.id)}
                  disabled={isLoading}
-                  className="flex-1 inline-flex items-center justify-center gap-2 px-3 py-2 bg-red-600 hover:bg-red-700 disabled:bg-red-400 disabled:cursor-not-allowed text-white text-sm font-medium rounded-lg transition-colors"
+                  className="flex-1 inline-flex items-center justify-center gap-1.5 px-3 py-2 bg-red-600 hover:bg-red-700 disabled:bg-red-400 disabled:cursor-not-allowed text-white text-sm font-medium rounded-lg transition-colors"
                >
-                  {isLoading ? (
+                  {isLoading ? <LoadingSpinner /> : (
-                    <svg
+                    <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                      className="animate-spin h-4 w-4"
+                      <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M6 18L18 6M6 6l12 12" />
                      fill="none"
                      viewBox="0 0 24 24"
                    >
                      <circle
                        className="opacity-25"
                        cx="12"
                        cy="12"
                        r="10"
                        stroke="currentColor"
                        strokeWidth="4"
                      />
                      <path
                        className="opacity-75"
                        fill="currentColor"
                        d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z"
                      />
                    </svg>
                  ) : (
                    <svg
                      className="w-4 h-4"
                      fill="none"
                      stroke="currentColor"
                      viewBox="0 0 24 24"
                    >
                      <path
                        strokeLinecap="round"
                        strokeLinejoin="round"
                        strokeWidth={2}
                        d="M6 18L18 6M6 6l12 12"
                      />
                    </svg>
                  )}
                  <span>Deny</span>
@@ -296,6 +364,26 @@ function PendingApprovalSection({ requests }: { requests: PendingApprovalRequest
          );
        })}
      </div>
      {/* Interactive Search Modal */}
      {searchModalRequest && (
        <InteractiveTorrentSearchModal
          isOpen={!!searchModalRequestId}
          onClose={() => setSearchModalRequestId(null)}
          requestId={searchModalRequest.id}
          audiobook={{
            title: searchModalRequest.audiobook.title,
            author: searchModalRequest.audiobook.author,
          }}
          searchMode={searchModalRequest.type === 'ebook' ? 'ebook' : 'audiobook'}
          onConfirm={async (torrent) => {
            await handleApproveWithTorrent(searchModalRequest.id, torrent);
          }}
          onSuccess={() => {
            setSearchModalRequestId(null);
          }}
        />
      )}
    </div>
  );
 }
@@ -328,6 +416,14 @@ function AdminDashboardContent() {
    }
  );
  const { data: reportedIssuesData } = useSWR(
    '/api/admin/reported-issues',
    authenticatedFetcher,
    {
      refreshInterval: 10000,
    }
  );
  const { data: settingsData } = useSWR(
    '/api/admin/settings',
    authenticatedFetcher,
@@ -578,6 +674,11 @@ function AdminDashboardContent() {
              <PendingApprovalSection requests={pendingApprovalData.requests} />
            )}
            {/* Reported Issues */}
            {reportedIssuesData?.issues && reportedIssuesData.issues.length > 0 && (
              <ReportedIssuesSection issues={reportedIssuesData.issues} />
            )}
            {/* Active Downloads */}
            <div className="mb-8">
              <h2 className="text-xl font-bold text-gray-900 dark:text-gray-100 mb-4">
@@ -210,6 +210,7 @@ export const getTabValidation = (
      return validated.paths;
    case 'ebook':
    case 'bookdate':
    case 'api':
      return true; // These tabs handle their own saving
    default:
      return false;
@@ -228,4 +229,5 @@ export const getTabs = (backendMode: 'plex' | 'audiobookshelf') => [
  { id: 'ebook' as const, label: 'E-book Sidecar', icon: '📖' },
  { id: 'bookdate' as const, label: 'BookDate', icon: '📚' },
  { id: 'notifications' as const, label: 'Notifications', icon: '🔔' },
  { id: 'api' as const, label: 'API', icon: '🔑' },
 ];
@@ -100,6 +100,8 @@ export interface PathsSettings {
  ebookPathTemplate?: string;
  metadataTaggingEnabled: boolean;
  chapterMergingEnabled: boolean;
  fileRenameEnabled: boolean;
  fileRenameTemplate?: string;
 }
 /**
@@ -241,4 +243,4 @@ export interface BookDateModel {
 /**
 * Tab identifier type
 */
-export type SettingsTab = 'library' | 'auth' | 'prowlarr' | 'download' | 'paths' | 'ebook' | 'bookdate' | 'notifications';
+export type SettingsTab = 'library' | 'auth' | 'prowlarr' | 'download' | 'paths' | 'ebook' | 'bookdate' | 'notifications' | 'api';
@@ -23,6 +23,7 @@ import { PathsTab } from './tabs/PathsTab/PathsTab';
 import { EbookTab } from './tabs/EbookTab/EbookTab';
 import { BookDateTab } from './tabs/BookDateTab/BookDateTab';
 import { NotificationsTab } from './tabs/NotificationsTab';
 import { ApiTab } from './tabs/ApiTab/ApiTab';
 // Types and Helpers
 import type { Settings, SettingsTab, IndexerConfig, SavedIndexerConfig, Message } from './lib/types';
@@ -295,6 +296,7 @@ export default function AdminSettings() {
          {activeTab === 'prowlarr' && (
            <IndexersTab
              settings={settings}
              originalSettings={originalSettings}
              indexers={configuredIndexers}
              flagConfigs={flagConfigs}
              onChange={setSettings}
@@ -345,8 +347,11 @@ export default function AdminSettings() {
          {/* Notifications Tab */}
          {activeTab === 'notifications' && <NotificationsTab />}
          {/* API Tab */}
          {activeTab === 'api' && <ApiTab />}
          {/* Save Button (only for tabs that save through main page) */}
-          {activeTab !== 'ebook' && activeTab !== 'bookdate' && activeTab !== 'notifications' && (
+          {activeTab !== 'ebook' && activeTab !== 'bookdate' && activeTab !== 'notifications' && activeTab !== 'api' && (
            <div className="mt-8 flex gap-4">
              <Button
                onClick={saveSettings}
@@ -0,0 +1,307 @@
 /**
 * Component: API Token Management Tab (Admin)
 * Documentation: documentation/backend/services/api-tokens.md
 */
 'use client';
 import { useState, useEffect, useCallback } from 'react';
 import { fetchWithAuth } from '@/lib/utils/api';
 import { ConfirmDialog } from '@/app/admin/components/ConfirmDialog';
 import { useApiTokens } from '@/lib/hooks/useApiTokens';
 import { getInstanceUrl } from '@/lib/utils/client-url';
 import Link from 'next/link';
 import type { AdminApiToken } from '@/lib/types/api-tokens';
 interface UserOption {
  id: string;
  plexUsername: string;
  role: string;
 }
 export function ApiTab() {
  const api = useApiTokens<AdminApiToken>({ basePath: '/api/admin/api-tokens' });
  // Admin-specific state
  const [users, setUsers] = useState<UserOption[]>([]);
  const [newTokenUserId, setNewTokenUserId] = useState('');
  const fetchUsers = useCallback(async () => {
    try {
      const response = await fetchWithAuth('/api/admin/users');
      if (response.ok) {
        const data = await response.json();
        setUsers(data.users.map((u: any) => ({ id: u.id, plexUsername: u.plexUsername, role: u.role })));
      }
    } catch {
      // Non-critical, user selector just won't populate
    }
  }, []);
  useEffect(() => {
    fetchUsers();
  }, [fetchUsers]);
  const handleCreate = async () => {
    const extraBody: Record<string, string> = {};
    if (newTokenUserId) extraBody.userId = newTokenUserId;
    const created = await api.handleCreate(extraBody);
    // Reset admin-specific fields only when create succeeds
    if (created) {
      setNewTokenUserId('');
    }
  };
  const handleCancel = () => {
    api.resetForm();
    setNewTokenUserId('');
  };
  if (api.loading) {
    return (
      <div className="flex items-center justify-center py-12">
        <div className="animate-spin rounded-full h-8 w-8 border-b-2 border-blue-600"></div>
      </div>
    );
  }
  return (
    <div className="space-y-6">
      <div>
        <h2 className="text-xl font-semibold text-gray-900 dark:text-gray-100">API Tokens</h2>
        <p className="text-sm text-gray-500 dark:text-gray-400 mt-1">
          Manage API tokens for all users. Create tokens for any user for programmatic access.{' '}
          <Link href="/api-docs" className="text-blue-600 dark:text-blue-400 hover:underline">
            View API documentation
          </Link>
        </p>
      </div>
      {/* Error display */}
      {api.error && (
        <div className="p-3 rounded-lg bg-red-50 dark:bg-red-900/20 text-red-800 dark:text-red-200 text-sm">
          {api.error}
        </div>
      )}
      {/* Newly created token banner */}
      {api.createdToken && (
        <div className="p-4 rounded-lg bg-green-50 dark:bg-green-900/20 border border-green-200 dark:border-green-800">
          <div className="flex items-start gap-3">
            <svg className="w-5 h-5 text-green-600 dark:text-green-400 mt-0.5 flex-shrink-0" fill="none" stroke="currentColor" viewBox="0 0 24 24">
              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 12l2 2 4-4m6 2a9 9 0 11-18 0 9 9 0 0118 0z" />
            </svg>
            <div className="flex-1 min-w-0">
              <p className="text-sm font-medium text-green-800 dark:text-green-200">
                Token created successfully! Copy it now — it won&apos;t be shown again.
              </p>
              <div className="mt-2 flex items-center gap-2">
                <code className="flex-1 text-sm bg-white dark:bg-gray-900 px-3 py-2 rounded border border-green-300 dark:border-green-700 text-gray-900 dark:text-gray-100 font-mono break-all">
                  {api.createdToken}
                </code>
                <button
                  onClick={api.handleCopy}
                  className="flex-shrink-0 px-3 py-2 text-sm font-medium rounded-lg bg-green-600 hover:bg-green-700 text-white transition-colors"
                >
                  {api.copied ? 'Copied!' : 'Copy'}
                </button>
              </div>
            </div>
                <button
                  type="button"
                  aria-label="Dismiss token banner"
                  onClick={api.dismissCreatedToken}
                  className="flex-shrink-0 text-green-600 dark:text-green-400 hover:text-green-800 dark:hover:text-green-200"
                >
              <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M6 18L18 6M6 6l12 12" />
              </svg>
            </button>
          </div>
        </div>
      )}
      {/* Create token form */}
      {api.showCreateForm ? (
        <div className="p-4 rounded-lg border border-gray-200 dark:border-gray-700 bg-gray-50 dark:bg-gray-900/50 space-y-4">
          <h3 className="text-sm font-medium text-gray-900 dark:text-gray-100">Create New Token</h3>
          <div className="grid grid-cols-1 sm:grid-cols-2 gap-4">
            <div>
              <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">
                Name
              </label>
              <input
                type="text"
                value={api.newTokenName}
                onChange={(e) => api.setNewTokenName(e.target.value)}
                placeholder="e.g., Home Assistant, Webhook"
                className="w-full rounded-lg border border-gray-300 dark:border-gray-600 bg-white dark:bg-gray-800 px-3 py-2 text-sm text-gray-900 dark:text-gray-100 focus:border-blue-500 focus:ring-1 focus:ring-blue-500"
                onKeyDown={(e) => e.key === 'Enter' && handleCreate()}
              />
            </div>
            <div>
              <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">
                Expiration
              </label>
              <select
                value={api.newTokenExpiry}
                onChange={(e) => api.setNewTokenExpiry(e.target.value)}
                className="w-full rounded-lg border border-gray-300 dark:border-gray-600 bg-white dark:bg-gray-800 px-3 py-2 text-sm text-gray-900 dark:text-gray-100 focus:border-blue-500 focus:ring-1 focus:ring-blue-500"
              >
                <option value="never">Never</option>
                <option value="30d">30 days</option>
                <option value="90d">90 days</option>
                <option value="1y">1 year</option>
              </select>
            </div>
            <div>
              <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">
                User (acts as)
              </label>
              <select
                value={newTokenUserId}
                onChange={(e) => setNewTokenUserId(e.target.value)}
                className="w-full rounded-lg border border-gray-300 dark:border-gray-600 bg-white dark:bg-gray-800 px-3 py-2 text-sm text-gray-900 dark:text-gray-100 focus:border-blue-500 focus:ring-1 focus:ring-blue-500"
              >
                <option value="">Current user (default)</option>
                {users.map((u) => (
                  <option key={u.id} value={u.id}>
                    {u.plexUsername} ({u.role})
                  </option>
                ))}
              </select>
              <p className="mt-1 text-xs text-gray-500 dark:text-gray-400">
                Token will inherit the selected user&apos;s role
              </p>
            </div>
          </div>
          <div className="flex gap-2">
            <button
              onClick={handleCreate}
              disabled={api.creating || !api.newTokenName.trim()}
              className="px-4 py-2 text-sm font-medium rounded-lg bg-blue-600 hover:bg-blue-700 disabled:bg-blue-400 text-white transition-colors"
            >
              {api.creating ? 'Creating...' : 'Create Token'}
            </button>
            <button
              onClick={handleCancel}
              className="px-4 py-2 text-sm font-medium rounded-lg bg-gray-200 dark:bg-gray-700 hover:bg-gray-300 dark:hover:bg-gray-600 text-gray-900 dark:text-gray-100 transition-colors"
            >
              Cancel
            </button>
          </div>
        </div>
      ) : (
        <button
          onClick={() => api.setShowCreateForm(true)}
          className="px-4 py-2 text-sm font-medium rounded-lg bg-blue-600 hover:bg-blue-700 text-white transition-colors"
        >
          Create New Token
        </button>
      )}
      {/* Token list */}
      {api.tokens.length === 0 ? (
        <div className="text-center py-8 text-gray-500 dark:text-gray-400">
          <svg className="mx-auto h-12 w-12 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={1.5} d="M15 7a2 2 0 012 2m4 0a6 6 0 01-7.743 5.743L11 17H9v2H7v2H4a1 1 0 01-1-1v-2.586a1 1 0 01.293-.707l5.964-5.964A6 6 0 1121 9z" />
          </svg>
          <p className="mt-2 text-sm">No API tokens yet</p>
          <p className="text-xs mt-1">Create a token to enable programmatic API access</p>
        </div>
      ) : (
        <div className="overflow-x-auto">
          <table className="w-full text-sm">
            <thead>
              <tr className="border-b border-gray-200 dark:border-gray-700">
                <th className="text-left py-3 px-2 font-medium text-gray-500 dark:text-gray-400">Name</th>
                <th className="text-left py-3 px-2 font-medium text-gray-500 dark:text-gray-400">Token</th>
                <th className="text-left py-3 px-2 font-medium text-gray-500 dark:text-gray-400">Acts As</th>
                <th className="text-left py-3 px-2 font-medium text-gray-500 dark:text-gray-400">Role</th>
                <th className="text-left py-3 px-2 font-medium text-gray-500 dark:text-gray-400">Created By</th>
                <th className="text-left py-3 px-2 font-medium text-gray-500 dark:text-gray-400">Last Used</th>
                <th className="text-left py-3 px-2 font-medium text-gray-500 dark:text-gray-400">Expires</th>
                <th className="text-right py-3 px-2 font-medium text-gray-500 dark:text-gray-400">Actions</th>
              </tr>
            </thead>
            <tbody>
              {api.tokens.map((token) => (
                <tr key={token.id} className="border-b border-gray-100 dark:border-gray-800">
                  <td className="py-3 px-2 text-gray-900 dark:text-gray-100 font-medium">{token.name}</td>
                  <td className="py-3 px-2">
                    <code className="text-xs bg-gray-100 dark:bg-gray-900 px-2 py-1 rounded text-gray-600 dark:text-gray-400 font-mono">
                      {token.tokenPrefix}...
                    </code>
                  </td>
                  <td className="py-3 px-2 text-gray-500 dark:text-gray-400">{token.tokenUser}</td>
                  <td className="py-3 px-2">
                    <span className={`inline-flex items-center px-2 py-0.5 rounded-full text-xs font-medium ${
                      token.role === 'admin'
                        ? 'bg-purple-100 dark:bg-purple-900/30 text-purple-700 dark:text-purple-300'
                        : 'bg-gray-100 dark:bg-gray-700 text-gray-600 dark:text-gray-400'
                    }`}>
                      {token.role}
                    </span>
                  </td>
                  <td className="py-3 px-2 text-gray-500 dark:text-gray-400">{token.createdBy}</td>
                  <td className="py-3 px-2 text-gray-500 dark:text-gray-400">{api.formatDate(token.lastUsedAt)}</td>
                  <td className="py-3 px-2 text-gray-500 dark:text-gray-400">
                    {token.expiresAt ? (
                      <span className={new Date(token.expiresAt) < new Date() ? 'text-red-500' : ''}>
                        {api.formatDate(token.expiresAt)}
                        {new Date(token.expiresAt) < new Date() && ' (expired)'}
                      </span>
                    ) : (
                      'Never'
                    )}
                  </td>
                  <td className="py-3 px-2 text-right">
                    <button
                      onClick={() => api.setConfirmRevokeId(token.id)}
                      disabled={api.deletingId === token.id}
                      className="px-3 py-1 text-xs font-medium rounded-lg bg-red-100 dark:bg-red-900/30 hover:bg-red-200 dark:hover:bg-red-900/50 text-red-700 dark:text-red-300 transition-colors disabled:opacity-50"
                    >
                      {api.deletingId === token.id ? 'Revoking...' : 'Revoke'}
                    </button>
                  </td>
                </tr>
              ))}
            </tbody>
          </table>
        </div>
      )}
      {/* Usage instructions */}
      <div className="p-4 rounded-lg bg-gray-50 dark:bg-gray-900/50 border border-gray-200 dark:border-gray-700">
        <h3 className="text-sm font-medium text-gray-900 dark:text-gray-100 mb-2">Usage</h3>
        <p className="text-sm text-gray-600 dark:text-gray-400 mb-2">
          Include the token in the <code className="px-1 py-0.5 bg-gray-200 dark:bg-gray-800 rounded text-xs">Authorization</code> header:
        </p>
        <pre className="text-xs bg-gray-900 dark:bg-black text-gray-100 p-3 rounded-lg overflow-x-auto">
 {`curl -H "Authorization: Bearer rmab_your_token_here" \\
  ${getInstanceUrl()}/api/requests`}
        </pre>
      </div>
      {/* Revoke confirmation dialog */}
      <ConfirmDialog
        isOpen={api.confirmRevokeId !== null}
        title="Revoke API token"
        message={
          <>
            Are you sure you want to revoke{' '}
            <span className="font-medium text-gray-700 dark:text-gray-200">
              &ldquo;{api.tokens.find((t) => t.id === api.confirmRevokeId)?.name ?? 'this token'}&rdquo;
            </span>
            ? Any integrations using this token will immediately lose access. This cannot be undone.
          </>
        }
        confirmLabel="Revoke token"
        cancelLabel="Cancel"
        confirmVariant="danger"
        onConfirm={api.handleDeleteConfirmed}
        onCancel={() => api.setConfirmRevokeId(null)}
      />
    </div>
  );
 }
@@ -90,6 +90,7 @@ export function BookDateTab({ onSuccess, onError }: BookDateTabProps) {
        >
          <option value="openai">OpenAI</option>
          <option value="claude">Claude (Anthropic)</option>
          <option value="gemini">Google Gemini</option>
          <option value="custom">Custom (OpenAI-compatible)</option>
        </select>
      </div>
@@ -136,7 +137,7 @@ export function BookDateTab({ onSuccess, onError }: BookDateTabProps) {
              ? 'Leave blank for local models'
              : configured
                ? '••••••••••••••••'
-                : (provider === 'openai' ? 'sk-...' : 'sk-ant-...')
+                : (provider === 'openai' ? 'sk-...' : provider === 'gemini' ? 'AIza...' : 'sk-ant-...')
          }
        />
        <p className="text-sm text-gray-500 dark:text-gray-400 mt-1">
@@ -7,6 +7,7 @@
 import React, { useEffect } from 'react';
 import { Button } from '@/components/ui/Button';
 import { ConfirmModal } from '@/components/ui/ConfirmModal';
 import { Input } from '@/components/ui/Input';
 import { IndexerManagement } from '@/components/admin/indexers/IndexerManagement';
 import { FlagConfigRow } from '@/components/admin/FlagConfigRow';
@@ -16,6 +17,7 @@ import type { Settings, SavedIndexerConfig } from '../../lib/types';
 interface IndexersTabProps {
  settings: Settings;
  originalSettings: Settings | null;
  indexers: SavedIndexerConfig[];
  flagConfigs: IndexerFlagConfig[];
  onChange: (settings: Settings) => void;
@@ -27,6 +29,7 @@ interface IndexersTabProps {
 export function IndexersTab({
  settings,
  originalSettings,
  indexers,
  flagConfigs,
  onChange,
@@ -35,11 +38,23 @@ export function IndexersTab({
  onValidationChange,
  onRefreshIndexers,
 }: IndexersTabProps) {
-  const { testing, testResult, testConnection } = useIndexersSettings({
+  const {
    testing,
    testResult,
    testConnection,
    showConnectionChangeConfirm,
    confirmConnectionChange,
    cancelConnectionChange,
    configuredIndexersCount,
  } = useIndexersSettings({
    prowlarrUrl: settings.prowlarr.url,
    prowlarrApiKey: settings.prowlarr.apiKey,
    originalProwlarrUrl: originalSettings?.prowlarr.url ?? '',
    originalProwlarrApiKey: originalSettings?.prowlarr.apiKey ?? '',
    configuredIndexersCount: indexers.length,
    onValidationChange,
    onRefreshIndexers,
    onClearIndexers: () => onIndexersChange([]),
  });
  // Auto-load indexers when component mounts if prowlarr is configured
@@ -96,7 +111,7 @@ export function IndexersTab({
          placeholder="Enter API key"
        />
        <p className="text-sm text-gray-500 dark:text-gray-400 mt-1">
-          Found in Prowlarr Settings → General → Security → API Key
+          Found in Prowlarr Settings &rarr; General &rarr; Security &rarr; API Key
        </p>
      </div>
@@ -178,6 +193,19 @@ export function IndexersTab({
          </p>
        )}
      </div>
      {/* Confirmation modal for Prowlarr connection change */}
      <ConfirmModal
        isOpen={showConnectionChangeConfirm}
        onClose={cancelConnectionChange}
        onConfirm={confirmConnectionChange}
        title="Prowlarr Connection Change"
        message={`Changing your Prowlarr connection will remove your ${configuredIndexersCount} configured indexer${configuredIndexersCount === 1 ? '' : 's'}. Indexer IDs are specific to each Prowlarr instance, so existing configurations cannot be preserved. You will need to re-add indexers from the new instance after saving.`}
        confirmText="Continue"
        cancelText="Cancel"
        variant="danger"
        isLoading={testing}
      />
    </div>
  );
 }
@@ -5,30 +5,50 @@
 'use client';
-import { useState } from 'react';
+import { useState, useCallback } from 'react';
 import { fetchWithAuth } from '@/lib/utils/api';
 import type { TestResult } from '../../lib/types';
 interface UseIndexersSettingsProps {
  prowlarrUrl: string;
  prowlarrApiKey: string;
  originalProwlarrUrl: string;
  originalProwlarrApiKey: string;
  configuredIndexersCount: number;
  onValidationChange: (isValid: boolean) => void;
  onRefreshIndexers?: () => Promise<void>;
  onClearIndexers: () => void;
 }
 export function useIndexersSettings({
  prowlarrUrl,
  prowlarrApiKey,
  originalProwlarrUrl,
  originalProwlarrApiKey,
  configuredIndexersCount,
  onValidationChange,
  onRefreshIndexers,
  onClearIndexers,
 }: UseIndexersSettingsProps) {
  const [testing, setTesting] = useState(false);
  const [testResult, setTestResult] = useState<TestResult | null>(null);
  const [showConnectionChangeConfirm, setShowConnectionChangeConfirm] = useState(false);
  /**
-   * Test Prowlarr connection
+   * Detect if the Prowlarr URL or API key has changed from the saved values.
   * A masked API key (starting with dots) means the user hasn't touched it.
   */
-  const testConnection = async () => {
+  const hasConnectionChanged = useCallback((): boolean => {
    const urlChanged = prowlarrUrl.trim() !== originalProwlarrUrl.trim();
    const apiKeyChanged = !prowlarrApiKey.startsWith('••••') &&
      prowlarrApiKey !== originalProwlarrApiKey;
    return urlChanged || apiKeyChanged;
  }, [prowlarrUrl, prowlarrApiKey, originalProwlarrUrl, originalProwlarrApiKey]);
  /**
   * Execute the actual Prowlarr connection test
   */
  const executeTest = async (shouldClearIndexers: boolean) => {
    setTesting(true);
    setTestResult(null);
@@ -46,14 +66,23 @@ export function useIndexersSettings({
      if (data.success) {
        onValidationChange(true);
        setTestResult({
          success: true,
          message: `Connected to Prowlarr. Found ${data.indexers?.length || 0} indexers`,
        });
-        // Refresh indexers from database if callback provided
+        if (shouldClearIndexers) {
-        if (onRefreshIndexers) {
+          onClearIndexers();
-          await onRefreshIndexers();
+          setTestResult({
            success: true,
            message: `Connected to Prowlarr. Found ${data.indexers?.length || 0} indexers. Previous indexer configurations have been removed — please re-add indexers from the new instance.`,
          });
        } else {
          setTestResult({
            success: true,
            message: `Connected to Prowlarr. Found ${data.indexers?.length || 0} indexers`,
          });
          // Refresh indexers from database if callback provided
          if (onRefreshIndexers) {
            await onRefreshIndexers();
          }
        }
      } else {
        onValidationChange(false);
@@ -74,9 +103,41 @@ export function useIndexersSettings({
    }
  };
  /**
   * Handle test connection click — shows confirmation if credentials changed
   * and there are existing configured indexers.
   */
  const testConnection = async () => {
    if (hasConnectionChanged() && configuredIndexersCount > 0) {
      setShowConnectionChangeConfirm(true);
      return;
    }
    await executeTest(false);
  };
  /**
   * User confirmed the credential change — proceed with test and clear indexers on success
   */
  const confirmConnectionChange = async () => {
    setShowConnectionChangeConfirm(false);
    await executeTest(true);
  };
  /**
   * User cancelled the credential change confirmation
   */
  const cancelConnectionChange = () => {
    setShowConnectionChangeConfirm(false);
  };
  return {
    testing,
    testResult,
    testConnection,
    showConnectionChangeConfirm,
    confirmConnectionChange,
    cancelConnectionChange,
    configuredIndexersCount,
  };
 }
@@ -164,11 +164,11 @@ export function AudiobookshelfSection({
        >
          {Object.values(AUDIBLE_REGIONS).map((region) => (
            <option key={region.code} value={region.code}>
-              {region.name}{!region.isEnglish ? ' *' : ''}
+              {region.name}{region.language !== 'en' ? ' *' : ''}
            </option>
          ))}
        </select>
-        {AUDIBLE_REGIONS[settings.audibleRegion as keyof typeof AUDIBLE_REGIONS]?.isEnglish === false && (
+        {AUDIBLE_REGIONS[settings.audibleRegion as keyof typeof AUDIBLE_REGIONS]?.language !== 'en' && (
          <div className="bg-amber-50 dark:bg-amber-900/20 rounded-lg p-4 border border-amber-200 dark:border-amber-800 mt-2">
            <div className="flex gap-3">
              <svg
@@ -164,11 +164,11 @@ export function PlexSection({
        >
          {Object.values(AUDIBLE_REGIONS).map((region) => (
            <option key={region.code} value={region.code}>
-              {region.name}{!region.isEnglish ? ' *' : ''}
+              {region.name}{region.language !== 'en' ? ' *' : ''}
            </option>
          ))}
        </select>
-        {AUDIBLE_REGIONS[settings.audibleRegion as keyof typeof AUDIBLE_REGIONS]?.isEnglish === false && (
+        {AUDIBLE_REGIONS[settings.audibleRegion as keyof typeof AUDIBLE_REGIONS]?.language !== 'en' && (
          <div className="bg-amber-50 dark:bg-amber-900/20 rounded-lg p-4 border border-amber-200 dark:border-amber-800 mt-2">
            <div className="flex gap-3">
              <svg
@@ -3,9 +3,29 @@
 import { useState, useEffect } from 'react';
 import { RMABLogger } from '@/lib/utils/logger';
 import { fetchWithAuth } from '@/lib/utils/api';
 import { EVENT_LABELS } from '@/lib/constants/notification-events';
 const logger = RMABLogger.create('NotificationsTab');
 interface ProviderConfigField {
  name: string;
  label: string;
  type: 'text' | 'password' | 'select' | 'number';
  required: boolean;
  placeholder?: string;
  defaultValue?: string | number;
  options?: { label: string; value: string | number }[];
 }
 interface ProviderMetadata {
  type: string;
  displayName: string;
  description: string;
  iconLabel: string;
  iconColor: string;
  configFields: ProviderConfigField[];
 }
 interface NotificationBackend {
  id: string;
  type: string;
@@ -24,24 +44,11 @@ interface ModalState {
  backend?: NotificationBackend;
 }
-const typeColors: Record<string, string> = {
+const eventLabels: Record<string, string> = EVENT_LABELS;
  discord: 'bg-indigo-500',
  pushover: 'bg-blue-500',
  email: 'bg-green-500',
  slack: 'bg-purple-500',
  telegram: 'bg-sky-500',
  webhook: 'bg-gray-500',
 };
 const eventLabels: Record<string, string> = {
  request_pending_approval: 'Request Pending Approval',
  request_approved: 'Request Approved',
  request_available: 'Audiobook Available',
  request_error: 'Request Error',
 };
 export function NotificationsTab() {
  const [backends, setBackends] = useState<NotificationBackend[]>([]);
  const [providerMetadata, setProviderMetadata] = useState<ProviderMetadata[]>([]);
  const [loading, setLoading] = useState(true);
  const [modalState, setModalState] = useState<ModalState>({
    isOpen: false,
@@ -59,8 +66,23 @@ export function NotificationsTab() {
  useEffect(() => {
    fetchBackends();
    fetchProviderMetadata();
  }, []);
  const fetchProviderMetadata = async () => {
    try {
      const response = await fetchWithAuth('/api/admin/notifications/providers');
      if (response.ok) {
        const data = await response.json();
        if (data.success) {
          setProviderMetadata(data.providers);
        }
      }
    } catch (error) {
      logger.error('Failed to fetch provider metadata', { error: error instanceof Error ? error.message : String(error) });
    }
  };
  const fetchBackends = async () => {
    try {
      setLoading(true);
@@ -83,11 +105,23 @@ export function NotificationsTab() {
    }
  };
  const getMetadataForType = (type: string): ProviderMetadata | undefined => {
    return providerMetadata.find((p) => p.type === type);
  };
  const openAddModal = (type: string) => {
    const meta = getMetadataForType(type);
    const defaultConfig: Record<string, any> = {};
    if (meta) {
      for (const field of meta.configFields) {
        defaultConfig[field.name] = field.defaultValue ?? '';
      }
    }
    setModalState({ isOpen: true, mode: 'add', selectedType: type });
    setFormData({
-      name: `${type.charAt(0).toUpperCase() + type.slice(1)} Notifications`,
+      name: `${meta?.displayName ?? type} Notifications`,
-      config: type === 'discord' ? { webhookUrl: '', username: 'ReadMeABook', avatarUrl: '' } : { userKey: '', appToken: '', device: '', priority: 0 },
+      config: defaultConfig,
      events: ['request_available', 'request_error'],
      enabled: true,
    });
@@ -193,6 +227,49 @@ export function NotificationsTab() {
    }
  };
  const renderConfigField = (field: ProviderConfigField) => {
    if (field.type === 'select' && field.options) {
      return (
        <div key={field.name}>
          <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">
            {field.label}{field.required ? ' *' : ''}
          </label>
          <select
            value={formData.config[field.name] ?? field.defaultValue ?? ''}
            onChange={(e) => {
              const value = field.options?.some((o) => typeof o.value === 'number')
                ? Number(e.target.value)
                : e.target.value;
              setFormData({ ...formData, config: { ...formData.config, [field.name]: value } });
            }}
            className="w-full px-3 py-2 border border-gray-300 dark:border-gray-600 rounded-lg bg-white dark:bg-gray-700 text-gray-900 dark:text-white"
          >
            {field.options.map((opt) => (
              <option key={String(opt.value)} value={opt.value}>{opt.label}</option>
            ))}
          </select>
        </div>
      );
    }
    return (
      <div key={field.name}>
        <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">
          {field.label}{field.required ? ' *' : field.label.includes('optional') ? '' : ' (optional)'}
        </label>
        <input
          type={field.type === 'password' ? 'password' : 'text'}
          value={formData.config[field.name] ?? ''}
          onChange={(e) => setFormData({ ...formData, config: { ...formData.config, [field.name]: e.target.value } })}
          className="w-full px-3 py-2 border border-gray-300 dark:border-gray-600 rounded-lg bg-white dark:bg-gray-700 text-gray-900 dark:text-white"
          placeholder={field.placeholder}
        />
      </div>
    );
  };
  const currentMeta = modalState.selectedType ? getMetadataForType(modalState.selectedType) : undefined;
  return (
    <div className="space-y-6">
      {/* Header */}
@@ -206,32 +283,22 @@ export function NotificationsTab() {
      {/* Type Selector */}
      <div>
        <h3 className="text-lg font-semibold text-gray-900 dark:text-white mb-4">Add Notification Backend</h3>
-        <div className="grid grid-cols-1 md:grid-cols-2 gap-4">
+        <div className="grid grid-cols-1 md:grid-cols-3 gap-4">
-          <button
+          {providerMetadata.map((meta) => (
-            onClick={() => openAddModal('discord')}
+            <button
-            className="flex items-center p-4 bg-white dark:bg-gray-800 rounded-lg border-2 border-gray-200 dark:border-gray-700 hover:border-gray-300 dark:hover:border-gray-600 transition-colors"
+              key={meta.type}
-          >
+              onClick={() => openAddModal(meta.type)}
-            <div className="flex-shrink-0 w-12 h-12 bg-indigo-500 rounded-lg flex items-center justify-center text-white font-bold text-2xl">
+              className="flex items-center p-4 bg-white dark:bg-gray-800 rounded-lg border-2 border-gray-200 dark:border-gray-700 hover:border-gray-300 dark:hover:border-gray-600 transition-colors"
-              D
+            >
-            </div>
+              <div className={`flex-shrink-0 w-12 h-12 ${meta.iconColor} rounded-lg flex items-center justify-center text-white font-bold text-2xl`}>
-            <div className="ml-4 text-left">
+                {meta.iconLabel}
-              <div className="font-semibold text-gray-900 dark:text-white">Discord</div>
+              </div>
-              <div className="text-sm text-gray-600 dark:text-gray-400">Send notifications via Discord webhook</div>
+              <div className="ml-4 text-left">
-            </div>
+                <div className="font-semibold text-gray-900 dark:text-white">{meta.displayName}</div>
-          </button>
+                <div className="text-sm text-gray-600 dark:text-gray-400">{meta.description}</div>
-
+              </div>
-          <button
+            </button>
-            onClick={() => openAddModal('pushover')}
+          ))}
            className="flex items-center p-4 bg-white dark:bg-gray-800 rounded-lg border-2 border-gray-200 dark:border-gray-700 hover:border-gray-300 dark:hover:border-gray-600 transition-colors"
          >
            <div className="flex-shrink-0 w-12 h-12 bg-blue-500 rounded-lg flex items-center justify-center text-white font-bold text-2xl">
              P
            </div>
            <div className="ml-4 text-left">
              <div className="font-semibold text-gray-900 dark:text-white">Pushover</div>
              <div className="text-sm text-gray-600 dark:text-gray-400">Send notifications via Pushover API</div>
            </div>
          </button>
        </div>
      </div>
@@ -244,43 +311,46 @@ export function NotificationsTab() {
          <p className="text-gray-600 dark:text-gray-400">No notification backends configured.</p>
        ) : (
          <div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-4">
-            {backends.map((backend) => (
+            {backends.map((backend) => {
-              <div key={backend.id} className="bg-white dark:bg-gray-800 rounded-lg shadow-md border border-gray-200 dark:border-gray-700 p-4 hover:shadow-lg transition-shadow">
+              const meta = getMetadataForType(backend.type);
-                <div className="flex items-start justify-between mb-3">
+              return (
-                  <div className="flex items-center space-x-3">
+                <div key={backend.id} className="bg-white dark:bg-gray-800 rounded-lg shadow-md border border-gray-200 dark:border-gray-700 p-4 hover:shadow-lg transition-shadow">
-                    <div className={`w-10 h-10 ${typeColors[backend.type]} rounded-lg flex items-center justify-center text-white font-bold`}>
+                  <div className="flex items-start justify-between mb-3">
-                      {backend.type.charAt(0).toUpperCase()}
+                    <div className="flex items-center space-x-3">
-                    </div>
+                      <div className={`w-10 h-10 ${meta?.iconColor ?? 'bg-gray-500'} rounded-lg flex items-center justify-center text-white font-bold`}>
-                    <div>
+                        {meta?.iconLabel ?? backend.type.charAt(0).toUpperCase()}
-                      <div className="font-semibold text-gray-900 dark:text-white truncate">{backend.name}</div>
+                      </div>
-                      <div className="text-xs text-gray-500 dark:text-gray-400 capitalize">{backend.type}</div>
+                      <div>
                        <div className="font-semibold text-gray-900 dark:text-white truncate">{backend.name}</div>
                        <div className="text-xs text-gray-500 dark:text-gray-400">{meta?.displayName ?? backend.type}</div>
                      </div>
                    </div>
                  </div>
-                </div>
+                  <div className="space-y-2 mb-3">
-                <div className="space-y-2 mb-3">
+                    <div className={`inline-block px-2 py-1 rounded text-xs ${backend.enabled ? 'bg-green-100 text-green-800 dark:bg-green-900 dark:text-green-200' : 'bg-gray-100 text-gray-800 dark:bg-gray-700 dark:text-gray-300'}`}>
-                  <div className={`inline-block px-2 py-1 rounded text-xs ${backend.enabled ? 'bg-green-100 text-green-800 dark:bg-green-900 dark:text-green-200' : 'bg-gray-100 text-gray-800 dark:bg-gray-700 dark:text-gray-300'}`}>
+                      {backend.enabled ? 'Enabled' : 'Disabled'}
-                    {backend.enabled ? 'Enabled' : 'Disabled'}
+                    </div>
                    <div className="text-sm text-gray-600 dark:text-gray-400">
                      {backend.events.length} {backend.events.length === 1 ? 'event' : 'events'} subscribed
                    </div>
                  </div>
-                  <div className="text-sm text-gray-600 dark:text-gray-400">
+                  <div className="flex space-x-2">
-                    {backend.events.length} {backend.events.length === 1 ? 'event' : 'events'} subscribed
+                    <button
                      onClick={() => openEditModal(backend)}
                      className="flex-1 px-3 py-1.5 text-sm bg-blue-600 hover:bg-blue-700 text-white rounded transition-colors"
                    >
                      Edit
                    </button>
                    <button
                      onClick={() => handleDelete(backend.id)}
                      className="flex-1 px-3 py-1.5 text-sm bg-red-600 hover:bg-red-700 text-white rounded transition-colors"
                    >
                      Delete
                    </button>
                  </div>
                </div>
-                <div className="flex space-x-2">
+              );
-                  <button
+            })}
                    onClick={() => openEditModal(backend)}
                    className="flex-1 px-3 py-1.5 text-sm bg-blue-600 hover:bg-blue-700 text-white rounded transition-colors"
                  >
                    Edit
                  </button>
                  <button
                    onClick={() => handleDelete(backend.id)}
                    className="flex-1 px-3 py-1.5 text-sm bg-red-600 hover:bg-red-700 text-white rounded transition-colors"
                  >
                    Delete
                  </button>
                </div>
              </div>
            ))}
          </div>
        )}
      </div>
@@ -292,7 +362,7 @@ export function NotificationsTab() {
            <div className="p-6">
              <div className="flex items-center justify-between mb-6">
                <h3 className="text-xl font-bold text-gray-900 dark:text-white">
-                  {modalState.mode === 'add' ? 'Add' : 'Edit'} {modalState.selectedType.charAt(0).toUpperCase() + modalState.selectedType.slice(1)} Notification
+                  {modalState.mode === 'add' ? 'Add' : 'Edit'} {currentMeta?.displayName ?? modalState.selectedType} Notification
                </h3>
                <button onClick={closeModal} className="text-gray-400 hover:text-gray-600 dark:hover:text-gray-200">
                  <svg className="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24">
@@ -314,70 +384,8 @@ export function NotificationsTab() {
                  />
                </div>
-                {/* Config Fields */}
+                {/* Dynamic Config Fields */}
-                {modalState.selectedType === 'discord' && (
+                {currentMeta?.configFields.map((field) => renderConfigField(field))}
                  <>
                    <div>
                      <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">Webhook URL *</label>
                      <input
                        type="text"
                        value={formData.config.webhookUrl}
                        onChange={(e) => setFormData({ ...formData, config: { ...formData.config, webhookUrl: e.target.value } })}
                        className="w-full px-3 py-2 border border-gray-300 dark:border-gray-600 rounded-lg bg-white dark:bg-gray-700 text-gray-900 dark:text-white"
                        placeholder="https://discord.com/api/webhooks/..."
                      />
                    </div>
                    <div>
                      <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">Username (optional)</label>
                      <input
                        type="text"
                        value={formData.config.username}
                        onChange={(e) => setFormData({ ...formData, config: { ...formData.config, username: e.target.value } })}
                        className="w-full px-3 py-2 border border-gray-300 dark:border-gray-600 rounded-lg bg-white dark:bg-gray-700 text-gray-900 dark:text-white"
                        placeholder="ReadMeABook"
                      />
                    </div>
                  </>
                )}
                {modalState.selectedType === 'pushover' && (
                  <>
                    <div>
                      <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">User Key *</label>
                      <input
                        type="text"
                        value={formData.config.userKey}
                        onChange={(e) => setFormData({ ...formData, config: { ...formData.config, userKey: e.target.value } })}
                        className="w-full px-3 py-2 border border-gray-300 dark:border-gray-600 rounded-lg bg-white dark:bg-gray-700 text-gray-900 dark:text-white"
                        placeholder="Your Pushover user key"
                      />
                    </div>
                    <div>
                      <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">App Token *</label>
                      <input
                        type="text"
                        value={formData.config.appToken}
                        onChange={(e) => setFormData({ ...formData, config: { ...formData.config, appToken: e.target.value } })}
                        className="w-full px-3 py-2 border border-gray-300 dark:border-gray-600 rounded-lg bg-white dark:bg-gray-700 text-gray-900 dark:text-white"
                        placeholder="Your Pushover app token"
                      />
                    </div>
                    <div>
                      <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">Priority</label>
                      <select
                        value={formData.config.priority}
                        onChange={(e) => setFormData({ ...formData, config: { ...formData.config, priority: Number(e.target.value) } })}
                        className="w-full px-3 py-2 border border-gray-300 dark:border-gray-600 rounded-lg bg-white dark:bg-gray-700 text-gray-900 dark:text-white"
                      >
                        <option value="-2">Lowest</option>
                        <option value="-1">Low</option>
                        <option value="0">Normal</option>
                        <option value="1">High</option>
                        <option value="2">Emergency</option>
                      </select>
                    </div>
                  </>
                )}
                {/* Events */}
                <div>
@@ -10,7 +10,7 @@ import { Button } from '@/components/ui/Button';
 import { Input } from '@/components/ui/Input';
 import { usePathsSettings } from './usePathsSettings';
 import type { PathsSettings } from '../../lib/types';
-import { validateTemplate, generateMockPreviews } from '@/lib/utils/path-template.util';
+import { validateTemplate, generateMockPreviews, validateFilenameTemplate, generateMockFilenamePreviews } from '@/lib/utils/path-template.util';
 interface PathsTabProps {
  paths: PathsSettings;
@@ -24,6 +24,13 @@ interface TemplatePreview {
  previewPaths?: string[];
 }
 interface FilenamePreview {
  isValid: boolean;
  error?: string;
  single?: string[];
  multi?: string[];
 }
 export function PathsTab({ paths, onChange, onValidationChange }: PathsTabProps) {
  const { testing, testResult, updatePath, testPaths } = usePathsSettings({
    paths,
@@ -73,6 +80,34 @@ export function PathsTab({ paths, onChange, onValidationChange }: PathsTabProps)
    }
  }, [paths.ebookPathTemplate]);
  // Live preview state for filename template
  const [filenamePreview, setFilenamePreview] = useState<FilenamePreview | null>(null);
  // Update filename live preview whenever template changes
  useEffect(() => {
    if (!paths.fileRenameEnabled) {
      setFilenamePreview(null);
      return;
    }
    const template = paths.fileRenameTemplate || '{title}';
    const validation = validateFilenameTemplate(template);
    if (validation.valid) {
      const previews = generateMockFilenamePreviews(template);
      setFilenamePreview({
        isValid: true,
        single: previews.single,
        multi: previews.multi,
      });
    } else {
      setFilenamePreview({
        isValid: false,
        error: validation.error,
      });
    }
  }, [paths.fileRenameTemplate, paths.fileRenameEnabled]);
  const audiobookTemplate = paths.audiobookPathTemplate || '{author}/{title} {asin}';
  const ebookTemplate = paths.ebookPathTemplate || '{author}/{title} {asin}';
  const ebookMatchesAudiobook = ebookTemplate === audiobookTemplate;
@@ -218,6 +253,83 @@ export function PathsTab({ paths, onChange, onValidationChange }: PathsTabProps)
        )}
      </div>
      {/* File Rename Toggle */}
      <div className="bg-gray-50 dark:bg-gray-800 rounded-lg p-4 border border-gray-200 dark:border-gray-700">
        <div className="flex items-start gap-4">
          <input
            type="checkbox"
            id="file-rename-settings"
            checked={paths.fileRenameEnabled}
            onChange={(e) => updatePath('fileRenameEnabled', e.target.checked)}
            className="mt-1 h-5 w-5 rounded border-gray-300 text-blue-600 focus:ring-blue-500"
          />
          <div className="flex-1">
            <label
              htmlFor="file-rename-settings"
              className="block text-sm font-medium text-gray-900 dark:text-gray-100 cursor-pointer"
            >
              Rename files during organization
            </label>
            <p className="text-sm text-gray-600 dark:text-gray-400 mt-1">
              Rename audio and ebook files using a custom naming template when organizing into the media
              library. When multiple files exist (e.g. chapterized MP3s), an index number is appended.
            </p>
          </div>
        </div>
        {/* File Naming Template (shown when enabled) */}
        {paths.fileRenameEnabled && (
          <div className="mt-4 pl-9">
            <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-2">
              File Naming Template
            </label>
            <Input
              type="text"
              value={paths.fileRenameTemplate || '{title}'}
              onChange={(e) => updatePath('fileRenameTemplate', e.target.value)}
              placeholder="{title}"
              className="font-mono"
            />
            <p className="text-sm text-gray-500 dark:text-gray-400 mt-1">
              Uses the same variables as the organization template. Do not include the file extension.
            </p>
            {/* Filename Validation Error */}
            {filenamePreview && !filenamePreview.isValid && (
              <div className="mt-3 p-3 rounded-lg text-sm flex items-start gap-2 bg-red-50 dark:bg-red-900/20 border border-red-200 dark:border-red-800 text-red-800 dark:text-red-200">
                <span className="flex-shrink-0 mt-0.5">✗</span>
                <div className="flex-1">
                  <span>{filenamePreview.error || 'Invalid filename template'}</span>
                </div>
              </div>
            )}
            {/* Filename Preview */}
            {filenamePreview && filenamePreview.isValid && (
              <div className="mt-3 bg-gray-50 dark:bg-gray-800 border border-gray-200 dark:border-gray-700 rounded-lg p-4">
                <h4 className="text-sm font-semibold text-gray-900 dark:text-gray-100 mb-2">
                  Single File
                </h4>
                <div className="space-y-1.5 text-sm font-mono text-gray-700 dark:text-gray-300">
                  {filenamePreview.single?.map((preview, index) => (
                    <div key={index} className="text-xs">{preview}</div>
                  ))}
                </div>
                <h4 className="text-sm font-semibold text-gray-900 dark:text-gray-100 mt-3 mb-2">
                  Multiple Files (chapterized)
                </h4>
                <div className="space-y-1.5 text-sm font-mono text-gray-700 dark:text-gray-300">
                  {filenamePreview.multi?.map((preview, index) => (
                    <div key={index} className="text-xs">{preview}</div>
                  ))}
                </div>
              </div>
            )}
          </div>
        )}
      </div>
      {/* Variable Reference Panel (shared for both templates) */}
      <div className="bg-blue-50 dark:bg-blue-900/20 border border-blue-200 dark:border-blue-800 rounded-lg p-4">
        <h3 className="text-sm font-semibold text-blue-900 dark:text-blue-100 mb-3">
@@ -255,6 +367,27 @@ export function PathsTab({ paths, onChange, onValidationChange }: PathsTabProps)
        </div>
      </div>
      {/* Conditional Syntax Help */}
      <div className="bg-amber-50 dark:bg-amber-900/20 border border-amber-200 dark:border-amber-800 rounded-lg p-4">
        <h3 className="text-sm font-semibold text-amber-900 dark:text-amber-100 mb-2">
          Conditional Syntax
        </h3>
        <p className="text-sm text-gray-600 dark:text-gray-400 mb-2">
          Wrap text around a variable in <code className="text-amber-700 dark:text-amber-300 font-mono">{'{ }'}</code> to
          include that text only when the variable has a value. If the variable is empty, the entire block is removed.
        </p>
        <div className="text-sm font-mono bg-white dark:bg-gray-900 rounded px-3 py-2 border border-amber-100 dark:border-amber-900">
          <div className="text-gray-700 dark:text-gray-300">
            <code className="text-amber-700 dark:text-amber-300">{'{Book seriesPart - }'}</code>
          </div>
          <div className="text-xs text-gray-500 dark:text-gray-400 mt-1">
            With value: <span className="text-green-700 dark:text-green-400">Book 1 - </span>
            &nbsp;&bull;&nbsp;
            Without value: <span className="text-red-700 dark:text-red-400">(removed)</span>
          </div>
        </div>
      </div>
      {/* Metadata Tagging Toggle */}
      <div className="bg-gray-50 dark:bg-gray-800 rounded-lg p-4 border border-gray-200 dark:border-gray-700">
        <div className="flex items-start gap-4">
@@ -6,6 +6,7 @@
 'use client';
 import { useState } from 'react';
 import { fetchWithAuth } from '@/lib/utils/api';
 import type { PathsSettings, TestResult } from '../../lib/types';
 interface UsePathsSettingsProps {
@@ -34,7 +35,7 @@ export function usePathsSettings({ paths, onChange, onValidationChange }: UsePat
    setTestResult(null);
    try {
-      const response = await fetch('/api/setup/test-paths', {
+      const response = await fetchWithAuth('/api/setup/test-paths', {
        method: 'POST',
        headers: { 'Content-Type': 'application/json' },
        body: JSON.stringify({
@@ -28,6 +28,7 @@ interface User {
  lastLoginAt: string | null;
  autoApproveRequests: boolean | null;
  interactiveSearchAccess: boolean | null;
  downloadAccess: boolean | null;
  _count: {
    requests: number;
  };
@@ -41,6 +42,144 @@ interface PendingUser {
  createdAt: string;
 }
 // Tinted-dot status badge following admin design system
 function RoleBadge({ role, isSetupAdmin }: { role: 'user' | 'admin'; isSetupAdmin: boolean }) {
  if (isSetupAdmin) {
    return (
      <span className="inline-flex items-center gap-1.5 px-2.5 py-0.5 rounded-full text-xs font-medium bg-blue-500/10 text-blue-700 dark:text-blue-400">
        <span className="w-1.5 h-1.5 rounded-full flex-shrink-0 bg-blue-500" />
        Setup Admin
      </span>
    );
  }
  if (role === 'admin') {
    return (
      <span className="inline-flex items-center gap-1.5 px-2.5 py-0.5 rounded-full text-xs font-medium bg-purple-500/10 text-purple-700 dark:text-purple-400">
        <span className="w-1.5 h-1.5 rounded-full flex-shrink-0 bg-purple-500" />
        Admin
      </span>
    );
  }
  return (
    <span className="inline-flex items-center gap-1.5 px-2.5 py-0.5 rounded-full text-xs font-medium bg-gray-500/10 text-gray-600 dark:text-gray-400">
      <span className="w-1.5 h-1.5 rounded-full flex-shrink-0 bg-gray-400" />
      User
    </span>
  );
 }
 function PermissionBadge({
  user,
  globalAutoApprove,
  onClick,
 }: {
  user: User;
  globalAutoApprove: boolean;
  onClick: () => void;
 }) {
  let badge: React.ReactNode;
  if (user.role === 'admin') {
    badge = (
      <span className="inline-flex items-center gap-1 px-2 py-0.5 text-xs font-medium rounded-full bg-purple-500/10 text-purple-700 dark:text-purple-400">
        <svg className="w-3 h-3" fill="none" stroke="currentColor" viewBox="0 0 24 24">
          <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 15v2m-6 4h12a2 2 0 002-2v-6a2 2 0 00-2-2H6a2 2 0 00-2 2v6a2 2 0 002 2zm10-10V7a4 4 0 00-8 0v4h8z" />
        </svg>
        Full Access
      </span>
    );
  } else if (globalAutoApprove) {
    badge = (
      <span className="inline-flex items-center gap-1 px-2 py-0.5 text-xs font-medium rounded-full bg-blue-500/10 text-blue-700 dark:text-blue-400">
        Global Default
      </span>
    );
  } else if (user.autoApproveRequests ?? false) {
    badge = (
      <span className="inline-flex items-center gap-1 px-2 py-0.5 text-xs font-medium rounded-full bg-emerald-500/10 text-emerald-700 dark:text-emerald-400">
        Auto-Approve
      </span>
    );
  } else {
    badge = (
      <span className="inline-flex items-center gap-1 px-2 py-0.5 text-xs font-medium rounded-full bg-gray-500/10 text-gray-600 dark:text-gray-400">
        Manual
      </span>
    );
  }
  return (
    <button
      onClick={onClick}
      className="inline-flex items-center gap-1.5 text-sm transition-opacity hover:opacity-70"
    >
      {badge}
      <svg className="w-3.5 h-3.5 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
        <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 5l7 7-7 7" />
      </svg>
    </button>
  );
 }
 function UserActionsCell({ user, onEdit, onDelete }: { user: User; onEdit: (u: User) => void; onDelete: (u: User) => void }) {
  if (user.isSetupAdmin) {
    return (
      <span className="inline-flex items-center gap-1 text-gray-400 dark:text-gray-600 cursor-not-allowed" title="Setup admin role cannot be changed">
        <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
          <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 15v2m-6 4h12a2 2 0 002-2v-6a2 2 0 00-2-2H6a2 2 0 00-2 2v6a2 2 0 002 2zm10-10V7a4 4 0 00-8 0v4h8z" />
        </svg>
        <span>Protected</span>
      </span>
    );
  }
  if (user.authProvider === 'oidc') {
    return (
      <span className="inline-flex items-center gap-1 text-gray-400 dark:text-gray-600 cursor-not-allowed" title="OIDC user roles are managed by the identity provider">
        <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
          <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M13 16h-1v-4h-1m1-4h.01M21 12a9 9 0 11-18 0 9 9 0 0118 0z" />
        </svg>
        <span>OIDC Managed</span>
      </span>
    );
  }
  if (user.authProvider === 'local') {
    return (
      <div className="flex items-center gap-3">
        <button
          onClick={() => onEdit(user)}
          className="inline-flex items-center gap-1 text-blue-600 hover:text-blue-900 dark:text-blue-400 dark:hover:text-blue-300 transition-colors"
        >
          <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M11 5H6a2 2 0 00-2 2v11a2 2 0 002 2h11a2 2 0 002-2v-5m-1.414-9.414a2 2 0 112.828 2.828L11.828 15H9v-2.828l8.586-8.586z" />
          </svg>
          <span>Edit Role</span>
        </button>
        <button
          onClick={() => onDelete(user)}
          className="inline-flex items-center gap-1 text-red-600 hover:text-red-900 dark:text-red-400 dark:hover:text-red-300 transition-colors"
          title="Delete user and all their requests"
        >
          <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M19 7l-.867 12.142A2 2 0 0116.138 21H7.862a2 2 0 01-1.995-1.858L5 7m5 4v6m4-6v6m1-10V4a1 1 0 00-1-1h-4a1 1 0 00-1 1v3M4 7h16" />
          </svg>
          <span>Delete</span>
        </button>
      </div>
    );
  }
  // plex or other
  return (
    <button
      onClick={() => onEdit(user)}
      className="inline-flex items-center gap-1 text-blue-600 hover:text-blue-900 dark:text-blue-400 dark:hover:text-blue-300 transition-colors"
    >
      <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
        <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M11 5H6a2 2 0 00-2 2v11a2 2 0 002 2h11a2 2 0 002-2v-5m-1.414-9.414a2 2 0 112.828 2.828L11.828 15H9v-2.828l8.586-8.586z" />
      </svg>
      <span>Edit Role</span>
    </button>
  );
 }
 function AdminUsersPageContent() {
  const { data, error, mutate } = useSWR('/api/admin/users', authenticatedFetcher);
  const { data: pendingData, error: pendingError, mutate: mutatePending } = useSWR(
@@ -55,6 +194,10 @@ function AdminUsersPageContent() {
    '/api/admin/settings/interactive-search',
    authenticatedFetcher
  );
  const { data: globalDownloadAccessData, mutate: mutateGlobalDownloadAccess } = useSWR(
    '/api/admin/settings/download-access',
    authenticatedFetcher
  );
  const [editDialog, setEditDialog] = useState<{
    isOpen: boolean;
    user: User | null;
@@ -74,6 +217,7 @@ function AdminUsersPageContent() {
  const [deleting, setDeleting] = useState(false);
  const [globalAutoApprove, setGlobalAutoApprove] = useState<boolean>(false);
  const [globalInteractiveSearch, setGlobalInteractiveSearch] = useState<boolean>(true);
  const [globalDownloadAccess, setGlobalDownloadAccess] = useState<boolean>(true);
  const [globalSettingsOpen, setGlobalSettingsOpen] = useState(false);
  const [permissionsUserId, setPermissionsUserId] = useState<string | null>(null);
  const toast = useToast();
@@ -86,7 +230,6 @@ function AdminUsersPageContent() {
    if (globalAutoApproveData?.autoApproveRequests !== undefined) {
      setGlobalAutoApprove(globalAutoApproveData.autoApproveRequests);
    } else if (globalAutoApproveData !== undefined && globalAutoApproveData.autoApproveRequests === undefined) {
      // API returned but no value - default to true
      setGlobalAutoApprove(true);
    }
  }, [globalAutoApproveData]);
@@ -100,10 +243,17 @@ function AdminUsersPageContent() {
    }
  }, [globalInteractiveSearchData]);
-  const handleGlobalAutoApproveToggle = async (newValue: boolean) => {
+  // Sync global download access state (default to true if not set)
-    // Optimistic update
+  useEffect(() => {
-    setGlobalAutoApprove(newValue);
+    if (globalDownloadAccessData?.downloadAccess !== undefined) {
      setGlobalDownloadAccess(globalDownloadAccessData.downloadAccess);
    } else if (globalDownloadAccessData !== undefined && globalDownloadAccessData.downloadAccess === undefined) {
      setGlobalDownloadAccess(true);
    }
  }, [globalDownloadAccessData]);
  const handleGlobalAutoApproveToggle = async (newValue: boolean) => {
    setGlobalAutoApprove(newValue);
    try {
      await fetchJSON('/api/admin/settings/auto-approve', {
        method: 'PATCH',
@@ -111,20 +261,16 @@ function AdminUsersPageContent() {
      });
      toast.success(`Global auto-approve ${newValue ? 'enabled' : 'disabled'}`);
      mutateGlobalAutoApprove();
-      mutate(); // Refresh users list to show updated state
+      mutate();
    } catch (err) {
      // Revert on error
      setGlobalAutoApprove(!newValue);
      const errorMsg = err instanceof Error ? err.message : 'Failed to update auto-approve setting';
      toast.error(errorMsg);
      console.error(err);
    }
  };
  const handleGlobalInteractiveSearchToggle = async (newValue: boolean) => {
    // Optimistic update
    setGlobalInteractiveSearch(newValue);
    try {
      await fetchJSON('/api/admin/settings/interactive-search', {
        method: 'PATCH',
@@ -132,74 +278,88 @@ function AdminUsersPageContent() {
      });
      toast.success(`Global interactive search ${newValue ? 'enabled' : 'disabled'}`);
      mutateGlobalInteractiveSearch();
-      mutate(); // Refresh users list to show updated state
+      mutate();
    } catch (err) {
      // Revert on error
      setGlobalInteractiveSearch(!newValue);
      const errorMsg = err instanceof Error ? err.message : 'Failed to update interactive search setting';
      toast.error(errorMsg);
      console.error(err);
    }
  };
  const handleUserAutoApproveToggle = async (user: User, newValue: boolean) => {
    console.log('[AutoApprove] Toggle clicked:', { userId: user.id, username: user.plexUsername, newValue });
    // Optimistic update
    const previousUsers = data?.users || [];
    const optimisticUsers = previousUsers.map((u: User) =>
      u.id === user.id ? { ...u, autoApproveRequests: newValue } : u
    );
    console.log('[AutoApprove] Applying optimistic update');
    mutate({ users: optimisticUsers }, false);
    try {
-      console.log('[AutoApprove] Sending API request...');
+      await fetchJSON(`/api/admin/users/${user.id}`, {
      const response = await fetchJSON(`/api/admin/users/${user.id}`, {
        method: 'PUT',
-        body: JSON.stringify({
+        body: JSON.stringify({ role: user.role, autoApproveRequests: newValue }),
          role: user.role,
          autoApproveRequests: newValue
        }),
      });
      console.log('[AutoApprove] API response received:', response);
      toast.success(`Auto-approve ${newValue ? 'enabled' : 'disabled'} for ${user.plexUsername}`);
-      console.log('[AutoApprove] Triggering cache revalidation...');
+      mutate();
      mutate(); // Refresh users list
    } catch (err) {
      // Revert on error
      console.error('[AutoApprove] Error occurred, reverting:', err);
      mutate({ users: previousUsers }, false);
      const errorMsg = err instanceof Error ? err.message : 'Failed to update user auto-approve setting';
      toast.error(errorMsg);
      console.error(err);
    }
  };
  const handleUserInteractiveSearchToggle = async (user: User, newValue: boolean) => {
    // Optimistic update
    const previousUsers = data?.users || [];
    const optimisticUsers = previousUsers.map((u: User) =>
      u.id === user.id ? { ...u, interactiveSearchAccess: newValue } : u
    );
    mutate({ users: optimisticUsers }, false);
    try {
      await fetchJSON(`/api/admin/users/${user.id}`, {
        method: 'PUT',
-        body: JSON.stringify({
+        body: JSON.stringify({ role: user.role, interactiveSearchAccess: newValue }),
          role: user.role,
          interactiveSearchAccess: newValue
        }),
      });
      toast.success(`Interactive search ${newValue ? 'enabled' : 'disabled'} for ${user.plexUsername}`);
-      mutate(); // Refresh users list
+      mutate();
    } catch (err) {
      // Revert on error
      mutate({ users: previousUsers }, false);
      const errorMsg = err instanceof Error ? err.message : 'Failed to update user interactive search setting';
      toast.error(errorMsg);
-      console.error(err);
+    }
  };
  const handleGlobalDownloadAccessToggle = async (newValue: boolean) => {
    setGlobalDownloadAccess(newValue);
    try {
      await fetchJSON('/api/admin/settings/download-access', {
        method: 'PATCH',
        body: JSON.stringify({ downloadAccess: newValue }),
      });
      toast.success(`Global download access ${newValue ? 'enabled' : 'disabled'}`);
      mutateGlobalDownloadAccess();
      mutate();
    } catch (err) {
      setGlobalDownloadAccess(!newValue);
      const errorMsg = err instanceof Error ? err.message : 'Failed to update download access setting';
      toast.error(errorMsg);
    }
  };
  const handleUserDownloadAccessToggle = async (user: User, newValue: boolean) => {
    const previousUsers = data?.users || [];
    const optimisticUsers = previousUsers.map((u: User) =>
      u.id === user.id ? { ...u, downloadAccess: newValue } : u
    );
    mutate({ users: optimisticUsers }, false);
    try {
      await fetchJSON(`/api/admin/users/${user.id}`, {
        method: 'PUT',
        body: JSON.stringify({ role: user.role, downloadAccess: newValue }),
      });
      toast.success(`Download access ${newValue ? 'enabled' : 'disabled'} for ${user.plexUsername}`);
      mutate();
    } catch (err) {
      mutate({ users: previousUsers }, false);
      const errorMsg = err instanceof Error ? err.message : 'Failed to update user download access setting';
      toast.error(errorMsg);
    }
  };
@@ -214,7 +374,6 @@ function AdminUsersPageContent() {
  const saveUserRole = async () => {
    if (!editDialog.user) return;
    try {
      setSaving(true);
      await fetchJSON(`/api/admin/users/${editDialog.user.id}`, {
@@ -223,11 +382,10 @@ function AdminUsersPageContent() {
      });
      toast.success(`User "${editDialog.user.plexUsername}" updated successfully`);
      hideEditDialog();
-      mutate(); // Refresh users list
+      mutate();
    } catch (err) {
      const errorMsg = err instanceof Error ? err.message : 'Failed to update user';
      toast.error(errorMsg);
      console.error(err);
    } finally {
      setSaving(false);
    }
@@ -242,13 +400,12 @@ function AdminUsersPageContent() {
  };
  const closeConfirmDialog = () => {
-    if (processingUserId) return; // Don't close while processing
+    if (processingUserId) return;
    setConfirmDialog({ isOpen: false, type: null, user: null });
  };
  const handleConfirmAction = async () => {
    if (!confirmDialog.user) return;
    const isApprove = confirmDialog.type === 'approve';
    try {
      setProcessingUserId(confirmDialog.user.id);
@@ -261,13 +418,12 @@ function AdminUsersPageContent() {
          ? `User "${confirmDialog.user.plexUsername}" has been approved`
          : `User "${confirmDialog.user.plexUsername}" has been rejected`
      );
-      mutatePending(); // Refresh pending users list
+      mutatePending();
-      if (isApprove) mutate(); // Refresh approved users list
+      if (isApprove) mutate();
      closeConfirmDialog();
    } catch (err) {
      const errorMsg = err instanceof Error ? err.message : `Failed to ${isApprove ? 'approve' : 'reject'} user`;
      toast.error(errorMsg);
      console.error(err);
    } finally {
      setProcessingUserId(null);
    }
@@ -278,25 +434,23 @@ function AdminUsersPageContent() {
  };
  const closeDeleteDialog = () => {
-    if (deleting) return; // Don't close while processing
+    if (deleting) return;
    setDeleteDialog({ isOpen: false, user: null });
  };
  const handleDeleteUser = async () => {
    if (!deleteDialog.user) return;
    try {
      setDeleting(true);
      const response = await fetchJSON(`/api/admin/users/${deleteDialog.user.id}`, {
        method: 'DELETE',
      });
      toast.success(response.message || `User "${deleteDialog.user.plexUsername}" has been deleted`);
-      mutate(); // Refresh users list
+      mutate();
      closeDeleteDialog();
    } catch (err) {
      const errorMsg = err instanceof Error ? err.message : 'Failed to delete user';
      toast.error(errorMsg);
      console.error(err);
    } finally {
      setDeleting(false);
    }
@@ -307,7 +461,6 @@ function AdminUsersPageContent() {
      await navigator.clipboard.writeText(text);
      toast.success(`${label} copied to clipboard`);
    } catch (err) {
      console.error('Failed to copy to clipboard:', err);
      toast.error('Failed to copy to clipboard');
    }
  };
@@ -327,9 +480,7 @@ function AdminUsersPageContent() {
      <div className="min-h-screen bg-gray-50 dark:bg-gray-900 p-8">
        <div className="max-w-7xl mx-auto">
          <div className="bg-red-50 dark:bg-red-900/20 border border-red-200 dark:border-red-800 rounded-lg p-4">
-            <h3 className="text-sm font-medium text-red-800 dark:text-red-200">
+            <h3 className="text-sm font-medium text-red-800 dark:text-red-200">Error Loading Users</h3>
              Error Loading Users
            </h3>
            <p className="text-sm text-red-700 dark:text-red-300 mt-1">
              {error?.message || 'Failed to load users'}
            </p>
@@ -344,80 +495,81 @@ function AdminUsersPageContent() {
  return (
    <div className="min-h-screen bg-gray-50 dark:bg-gray-900">
-      <div className="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 py-8">
+      <div className="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 py-6 sm:py-8">
-        {/* Header */}
+
-        <div className="sticky top-0 z-10 mb-8 flex items-center justify-between bg-gray-50 dark:bg-gray-900 py-4 -mx-4 px-4 sm:-mx-6 sm:px-6 lg:-mx-8 lg:px-8 border-b border-gray-200 dark:border-gray-800">
+        {/* Header — stacks on mobile, row on sm+ */}
-          <div>
+        <div className="sticky top-0 z-10 mb-6 sm:mb-8 bg-gray-50 dark:bg-gray-900 py-4 -mx-4 px-4 sm:-mx-6 sm:px-6 lg:-mx-8 lg:px-8 border-b border-gray-200 dark:border-gray-800">
-            <h1 className="text-3xl font-bold text-gray-900 dark:text-gray-100">
+          <div className="flex flex-col gap-3 sm:flex-row sm:items-center sm:justify-between">
-              User Management
+            <div>
-            </h1>
+              <h1 className="text-2xl sm:text-3xl font-bold text-gray-900 dark:text-gray-100">
-            <p className="text-gray-600 dark:text-gray-400 mt-2">
+                User Management
-              Manage user roles and permissions
+              </h1>
-            </p>
+              <p className="text-sm text-gray-600 dark:text-gray-400 mt-1">
-          </div>
+                Manage user roles and permissions
-          <div className="flex items-center gap-3">
+              </p>
-            <button
+            </div>
-              onClick={() => setGlobalSettingsOpen(true)}
+            <div className="flex items-center gap-2 self-start sm:self-auto flex-shrink-0">
-              className="inline-flex items-center gap-2 px-4 py-2 bg-blue-600 hover:bg-blue-700 text-white rounded-lg transition-colors"
+              <button
-            >
+                onClick={() => setGlobalSettingsOpen(true)}
-              <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                className="inline-flex items-center gap-2 px-3 sm:px-4 py-2.5 bg-blue-600 hover:bg-blue-700 text-white rounded-lg transition-colors text-sm font-medium"
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M10.325 4.317c.426-1.756 2.924-1.756 3.35 0a1.724 1.724 0 002.573 1.066c1.543-.94 3.31.826 2.37 2.37a1.724 1.724 0 001.066 2.573c1.756.426 1.756 2.924 0 3.35a1.724 1.724 0 00-1.066 2.573c.94 1.543-.826 3.31-2.37 2.37a1.724 1.724 0 00-2.573 1.066c-.426 1.756-2.924 1.756-3.35 0a1.724 1.724 0 00-2.573-1.066c-1.543.94-3.31-.826-2.37-2.37a1.724 1.724 0 00-1.066-2.573c-1.756-.426-1.756-2.924 0-3.35a1.724 1.724 0 001.066-2.573c-.94-1.543.826-3.31 2.37-2.37.996.608 2.296.07 2.572-1.065z" />
+              >
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M15 12a3 3 0 11-6 0 3 3 0 016 0z" />
+                <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              </svg>
+                  <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M10.325 4.317c.426-1.756 2.924-1.756 3.35 0a1.724 1.724 0 002.573 1.066c1.543-.94 3.31.826 2.37 2.37a1.724 1.724 0 001.066 2.573c1.756.426 1.756 2.924 0 3.35a1.724 1.724 0 00-1.066 2.573c.94 1.543-.826 3.31-2.37 2.37a1.724 1.724 0 00-2.573 1.066c-.426 1.756-2.924 1.756-3.35 0a1.724 1.724 0 00-2.573-1.066c-1.543.94-3.31-.826-2.37-2.37a1.724 1.724 0 00-1.066-2.573c-1.756-.426-1.756-2.924 0-3.35a1.724 1.724 0 001.066-2.573c-.94-1.543.826-3.31 2.37-2.37.996.608 2.296.07 2.572-1.065z" />
-              <span>Global User Permissions</span>
+                  <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M15 12a3 3 0 11-6 0 3 3 0 016 0z" />
-            </button>
+                </svg>
-            <Link
+                <span className="hidden sm:inline">Global User Permissions</span>
-              href="/admin"
+                <span className="sm:hidden">Permissions</span>
-              className="inline-flex items-center gap-2 px-4 py-2 bg-gray-200 dark:bg-gray-700 hover:bg-gray-300 dark:hover:bg-gray-600 text-gray-900 dark:text-gray-100 rounded-lg transition-colors"
+              </button>
-            >
+              <Link
-              <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                href="/admin"
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M10 19l-7-7m0 0l7-7m-7 7h18" />
+                className="inline-flex items-center gap-2 px-3 sm:px-4 py-2.5 bg-gray-200 dark:bg-gray-700 hover:bg-gray-300 dark:hover:bg-gray-600 text-gray-900 dark:text-gray-100 rounded-lg transition-colors text-sm font-medium"
-              </svg>
+              >
-              <span>Back to Dashboard</span>
+                <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-            </Link>
+                  <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M10 19l-7-7m0 0l7-7m-7 7h18" />
                </svg>
                <span>Back</span>
              </Link>
            </div>
          </div>
        </div>
        {/* Pending Users Section */}
        {pendingUsers.length > 0 && (
-          <div className="mb-8">
+          <div className="mb-6 sm:mb-8">
-            <div className="bg-yellow-50 dark:bg-yellow-900/20 border border-yellow-200 dark:border-yellow-800 rounded-lg p-4 mb-4">
+            <div className="bg-amber-50 dark:bg-amber-900/10 border border-amber-200 dark:border-amber-800/60 rounded-xl p-4">
-              <h2 className="text-lg font-semibold text-yellow-900 dark:text-yellow-200 mb-4 flex items-center gap-2">
+              <h2 className="text-base font-semibold text-amber-900 dark:text-amber-200 mb-1 flex items-center gap-2">
-                <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                <svg className="w-4 h-4 flex-shrink-0" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                  <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
                </svg>
                Pending Registrations ({pendingUsers.length})
              </h2>
-              <p className="text-sm text-yellow-800 dark:text-yellow-300 mb-4">
+              <p className="text-xs text-amber-700 dark:text-amber-300/80 mb-4">
                The following users are awaiting approval to access the system.
              </p>
              <div className="space-y-3">
                {pendingUsers.map((user) => (
                  <div
                    key={user.id}
-                    className="bg-white dark:bg-gray-800 border border-yellow-200 dark:border-yellow-800 rounded-lg p-4 flex items-center justify-between"
+                    className="bg-white dark:bg-gray-800 border border-amber-200 dark:border-amber-800/40 rounded-xl overflow-hidden"
                  >
-                    <div className="flex-1">
+                    {/* Pending card — info */}
-                      <div className="flex items-center gap-3">
+                    <div className="px-4 py-3">
-                        <div>
+                      <div className="font-medium text-gray-900 dark:text-gray-100 text-sm">
-                          <div className="font-medium text-gray-900 dark:text-gray-100">
+                        {user.plexUsername}
-                            {user.plexUsername}
+                      </div>
-                          </div>
+                      <div className="text-sm text-gray-500 dark:text-gray-400">
-                          <div className="text-sm text-gray-500 dark:text-gray-400">
+                        {user.plexEmail || 'No email'}
-                            {user.plexEmail || 'No email'}
+                      </div>
-                          </div>
+                      <div className="text-xs text-gray-400 dark:text-gray-500 mt-1">
-                          <div className="text-xs text-gray-400 dark:text-gray-500 mt-1">
+                        Registered: {new Date(user.createdAt).toLocaleString()} &middot; Provider: {user.authProvider}
                            Registered: {new Date(user.createdAt).toLocaleString()} •
                            Provider: {user.authProvider}
                          </div>
                        </div>
                      </div>
                    </div>
-                    <div className="flex items-center gap-2">
+                    {/* Pending card — actions, full-width on mobile */}
                    <div className="px-4 py-3 border-t border-amber-100 dark:border-amber-800/30 flex gap-2">
                      <button
                        onClick={() => showApproveDialog(user)}
                        disabled={processingUserId === user.id}
-                        className="px-4 py-2 bg-green-600 hover:bg-green-700 text-white text-sm font-medium rounded-lg transition-colors disabled:opacity-50 disabled:cursor-not-allowed flex items-center gap-2"
+                        className="flex-1 inline-flex items-center justify-center gap-2 px-3 py-2.5 bg-emerald-50 dark:bg-emerald-500/10 hover:bg-emerald-100 dark:hover:bg-emerald-500/20 text-emerald-700 dark:text-emerald-400 border border-emerald-200/60 dark:border-emerald-500/20 rounded-xl text-sm font-medium transition-colors disabled:opacity-50 disabled:cursor-not-allowed"
                      >
                        <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                          <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M5 13l4 4L19 7" />
@@ -427,7 +579,7 @@ function AdminUsersPageContent() {
                      <button
                        onClick={() => showRejectDialog(user)}
                        disabled={processingUserId === user.id}
-                        className="px-4 py-2 bg-red-600 hover:bg-red-700 text-white text-sm font-medium rounded-lg transition-colors disabled:opacity-50 disabled:cursor-not-allowed flex items-center gap-2"
+                        className="flex-1 inline-flex items-center justify-center gap-2 px-3 py-2.5 bg-red-50 dark:bg-red-500/10 hover:bg-red-100 dark:hover:bg-red-500/20 text-red-700 dark:text-red-400 border border-red-200/60 dark:border-red-500/20 rounded-xl text-sm font-medium transition-colors disabled:opacity-50 disabled:cursor-not-allowed"
                      >
                        <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                          <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M6 18L18 6M6 6l12 12" />
@@ -442,8 +594,104 @@ function AdminUsersPageContent() {
          </div>
        )}
-        {/* Users Table */}
+        {/* Users — Mobile card list (sm:hidden) */}
-        <div className="bg-white dark:bg-gray-800 rounded-lg shadow overflow-x-auto">
+        <div className="space-y-3 sm:hidden">
          {users.map((user) => (
            <div
              key={user.id}
              className="bg-white dark:bg-gray-800 rounded-xl border border-gray-200 dark:border-gray-700 overflow-hidden"
            >
              {/* Card header — avatar + name + role badge */}
              <div className="px-4 py-3 flex items-start gap-3">
                {user.avatarUrl ? (
                  <img
                    src={user.avatarUrl}
                    alt={user.plexUsername}
                    className="h-10 w-10 rounded-full flex-shrink-0 mt-0.5"
                  />
                ) : (
                  <div className="h-10 w-10 rounded-full flex-shrink-0 mt-0.5 bg-gray-200 dark:bg-gray-700 flex items-center justify-center">
                    <svg className="w-5 h-5 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                      <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M16 7a4 4 0 11-8 0 4 4 0 018 0zM12 14a7 7 0 00-7 7h14a7 7 0 00-7-7z" />
                    </svg>
                  </div>
                )}
                <div className="flex-1 min-w-0">
                  <div className="flex items-start justify-between gap-2">
                    <div className="font-semibold text-gray-900 dark:text-gray-100 text-sm leading-snug truncate">
                      {user.plexUsername}
                    </div>
                    <RoleBadge role={user.role} isSetupAdmin={user.isSetupAdmin} />
                  </div>
                  <div className="text-xs text-gray-500 dark:text-gray-400 mt-0.5 truncate">
                    {user.plexEmail || 'No email'}
                  </div>
                </div>
              </div>
              {/* Card body — labeled fields */}
              <div className="px-4 pb-3 pt-2 space-y-2 border-t border-gray-100 dark:border-gray-700/60">
                <div className="grid grid-cols-2 gap-2">
                  <div>
                    <div className="text-xs font-medium text-gray-500 dark:text-gray-400 uppercase tracking-wide mb-0.5">
                      Permissions
                    </div>
                    <PermissionBadge
                      user={user}
                      globalAutoApprove={globalAutoApprove}
                      onClick={() => setPermissionsUserId(user.id)}
                    />
                  </div>
                  <div>
                    <div className="text-xs font-medium text-gray-500 dark:text-gray-400 uppercase tracking-wide mb-0.5">
                      Requests
                    </div>
                    <div className="text-sm text-gray-900 dark:text-gray-100">
                      {user._count.requests}
                    </div>
                  </div>
                </div>
                <div>
                  <div className="text-xs font-medium text-gray-500 dark:text-gray-400 uppercase tracking-wide mb-0.5">
                    Last Login
                  </div>
                  <div className="text-sm text-gray-700 dark:text-gray-300">
                    {user.lastLoginAt
                      ? new Date(user.lastLoginAt).toLocaleDateString()
                      : 'Never'}
                  </div>
                </div>
                <div>
                  <div className="text-xs font-medium text-gray-500 dark:text-gray-400 uppercase tracking-wide mb-0.5">
                    User ID
                  </div>
                  <button
                    onClick={() => copyToClipboard(user.plexId, 'User ID')}
                    className="text-xs text-gray-500 dark:text-gray-400 hover:text-gray-700 dark:hover:text-gray-300 transition-colors inline-flex items-center gap-1"
                  >
                    <svg className="w-3 h-3" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                      <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M8 16H6a2 2 0 01-2-2V6a2 2 0 012-2h8a2 2 0 012 2v2m-6 12h8a2 2 0 002-2v-8a2 2 0 00-2-2h-8a2 2 0 00-2 2v8a2 2 0 002 2z" />
                    </svg>
                    {user.plexId.length > 16 ? `${user.plexId.substring(0, 16)}…` : user.plexId}
                  </button>
                </div>
              </div>
              {/* Card actions */}
              <div className="px-4 py-3 border-t border-gray-100 dark:border-gray-700/60">
                <UserActionsCell user={user} onEdit={showEditDialog} onDelete={showDeleteDialog} />
              </div>
            </div>
          ))}
          {users.length === 0 && (
            <div className="text-center py-12">
              <p className="text-gray-500 dark:text-gray-400">No users found</p>
            </div>
          )}
        </div>
        {/* Users Table — hidden on mobile, visible on sm+ */}
        <div className="hidden sm:block bg-white dark:bg-gray-800 rounded-lg shadow overflow-x-auto">
          <table className="min-w-full divide-y divide-gray-200 dark:divide-gray-700">
            <thead className="bg-gray-50 dark:bg-gray-900">
              <tr>
@@ -472,15 +720,21 @@ function AdminUsersPageContent() {
            </thead>
            <tbody className="bg-white dark:bg-gray-800 divide-y divide-gray-200 dark:divide-gray-700">
              {users.map((user) => (
-                <tr key={user.id}>
+                <tr key={user.id} className="hover:bg-gray-50 dark:hover:bg-gray-700/40 transition-colors">
                  <td className="px-6 py-4 whitespace-nowrap">
                    <div className="flex items-center">
-                      {user.avatarUrl && (
+                      {user.avatarUrl ? (
                        <img
                          src={user.avatarUrl}
                          alt={user.plexUsername}
-                          className="h-10 w-10 rounded-full mr-3"
+                          className="h-10 w-10 rounded-full mr-3 flex-shrink-0"
                        />
                      ) : (
                        <div className="h-10 w-10 rounded-full mr-3 flex-shrink-0 bg-gray-200 dark:bg-gray-700 flex items-center justify-center">
                          <svg className="w-5 h-5 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M16 7a4 4 0 11-8 0 4 4 0 018 0zM12 14a7 7 0 00-7 7h14a7 7 0 00-7-7z" />
                          </svg>
                        </div>
                      )}
                      <div>
                        <div className="text-sm font-medium text-gray-900 dark:text-gray-100">
@@ -507,52 +761,14 @@ function AdminUsersPageContent() {
                    </div>
                  </td>
                  <td className="px-6 py-4 whitespace-nowrap">
-                    <div className="flex items-center gap-2">
+                    <RoleBadge role={user.role} isSetupAdmin={user.isSetupAdmin} />
                      <span
                        className={`px-2 inline-flex text-xs leading-5 font-semibold rounded-full ${
                          user.role === 'admin'
                            ? 'bg-purple-100 text-purple-800 dark:bg-purple-900/30 dark:text-purple-400'
                            : 'bg-gray-100 text-gray-800 dark:bg-gray-700 dark:text-gray-400'
                        }`}
                      >
                        {user.role.toUpperCase()}
                      </span>
                      {user.isSetupAdmin && (
                        <span className="px-2 inline-flex text-xs leading-5 font-semibold rounded-full bg-blue-100 text-blue-800 dark:bg-blue-900/30 dark:text-blue-400">
                          SETUP ADMIN
                        </span>
                      )}
                    </div>
                  </td>
                  <td className="px-6 py-4 whitespace-nowrap">
-                    <button
+                    <PermissionBadge
                      user={user}
                      globalAutoApprove={globalAutoApprove}
                      onClick={() => setPermissionsUserId(user.id)}
-                      className="inline-flex items-center gap-1.5 text-sm text-blue-600 hover:text-blue-800 dark:text-blue-400 dark:hover:text-blue-300 transition-colors"
+                    />
                    >
                      {user.role === 'admin' ? (
                        <span className="inline-flex items-center gap-1 px-2 py-0.5 text-xs font-medium rounded-full bg-purple-100 text-purple-700 dark:bg-purple-900/30 dark:text-purple-400">
                          <svg className="w-3 h-3" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 15v2m-6 4h12a2 2 0 002-2v-6a2 2 0 00-2-2H6a2 2 0 00-2 2v6a2 2 0 002 2zm10-10V7a4 4 0 00-8 0v4h8z" />
                          </svg>
                          Full Access
                        </span>
                      ) : globalAutoApprove ? (
                        <span className="inline-flex items-center gap-1 px-2 py-0.5 text-xs font-medium rounded-full bg-blue-100 text-blue-700 dark:bg-blue-900/30 dark:text-blue-400">
                          Global Default
                        </span>
                      ) : (user.autoApproveRequests ?? false) ? (
                        <span className="inline-flex items-center gap-1 px-2 py-0.5 text-xs font-medium rounded-full bg-green-100 text-green-700 dark:bg-green-900/30 dark:text-green-400">
                          Auto-Approve
                        </span>
                      ) : (
                        <span className="inline-flex items-center gap-1 px-2 py-0.5 text-xs font-medium rounded-full bg-gray-100 text-gray-600 dark:bg-gray-700 dark:text-gray-400">
                          Manual
                        </span>
                      )}
                      <svg className="w-3.5 h-3.5 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                        <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 5l7 7-7 7" />
                      </svg>
                    </button>
                  </td>
                  <td className="px-6 py-4 whitespace-nowrap text-sm text-gray-500 dark:text-gray-400">
                    {user._count.requests}
@@ -563,65 +779,7 @@ function AdminUsersPageContent() {
                      : 'Never'}
                  </td>
                  <td className="px-6 py-4 whitespace-nowrap text-right text-sm font-medium">
-                    <div className="flex items-center justify-end gap-3">
+                    <UserActionsCell user={user} onEdit={showEditDialog} onDelete={showDeleteDialog} />
                      {user.isSetupAdmin ? (
                        <span className="inline-flex items-center gap-1 text-gray-400 dark:text-gray-600 cursor-not-allowed" title="Setup admin role cannot be changed">
                          <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 15v2m-6 4h12a2 2 0 002-2v-6a2 2 0 00-2-2H6a2 2 0 00-2 2v6a2 2 0 002 2zm10-10V7a4 4 0 00-8 0v4h8z" />
                          </svg>
                          <span>Protected</span>
                        </span>
                      ) : user.authProvider === 'oidc' ? (
                        <span className="inline-flex items-center gap-1 text-gray-400 dark:text-gray-600 cursor-not-allowed" title="OIDC user roles are managed by the identity provider (use admin role mapping in settings)">
                          <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M13 16h-1v-4h-1m1-4h.01M21 12a9 9 0 11-18 0 9 9 0 0118 0z" />
                          </svg>
                          <span>OIDC Managed</span>
                        </span>
                      ) : user.authProvider === 'plex' ? (
                        <button
                          onClick={() => showEditDialog(user)}
                          className="inline-flex items-center gap-1 text-blue-600 hover:text-blue-900 dark:text-blue-400 dark:hover:text-blue-300"
                        >
                          <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M11 5H6a2 2 0 00-2 2v11a2 2 0 002 2h11a2 2 0 002-2v-5m-1.414-9.414a2 2 0 112.828 2.828L11.828 15H9v-2.828l8.586-8.586z" />
                          </svg>
                          <span>Edit Role</span>
                        </button>
                      ) : user.authProvider === 'local' ? (
                        <>
                          <button
                            onClick={() => showEditDialog(user)}
                            className="inline-flex items-center gap-1 text-blue-600 hover:text-blue-900 dark:text-blue-400 dark:hover:text-blue-300"
                          >
                            <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M11 5H6a2 2 0 00-2 2v11a2 2 0 002 2h11a2 2 0 002-2v-5m-1.414-9.414a2 2 0 112.828 2.828L11.828 15H9v-2.828l8.586-8.586z" />
                            </svg>
                            <span>Edit Role</span>
                          </button>
                          <button
                            onClick={() => showDeleteDialog(user)}
                            className="inline-flex items-center gap-1 text-red-600 hover:text-red-900 dark:text-red-400 dark:hover:text-red-300"
                            title="Delete user and all their requests"
                          >
                            <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M19 7l-.867 12.142A2 2 0 0116.138 21H7.862a2 2 0 01-1.995-1.858L5 7m5 4v6m4-6v6m1-10V4a1 1 0 00-1-1h-4a1 1 0 00-1 1v3M4 7h16" />
                            </svg>
                            <span>Delete</span>
                          </button>
                        </>
                      ) : (
                        <button
                          onClick={() => showEditDialog(user)}
                          className="inline-flex items-center gap-1 text-blue-600 hover:text-blue-900 dark:text-blue-400 dark:hover:text-blue-300"
                        >
                          <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M11 5H6a2 2 0 00-2 2v11a2 2 0 002 2h11a2 2 0 002-2v-5m-1.414-9.414a2 2 0 112.828 2.828L11.828 15H9v-2.828l8.586-8.586z" />
                          </svg>
                          <span>Edit Role</span>
                        </button>
                      )}
                    </div>
                  </td>
                </tr>
              ))}
@@ -643,31 +801,50 @@ function AdminUsersPageContent() {
          <ul className="text-sm text-blue-700 dark:text-blue-300 space-y-1">
            <li>• <strong>User:</strong> Can request audiobooks, view own requests, and search the catalog</li>
            <li>• <strong>Admin:</strong> Full system access including settings, user management, and all requests</li>
-            <li>• <strong>Setup Admin:</strong> The initial admin account created during setup - this account is protected and cannot be changed or deleted</li>
+            <li>• <strong>Setup Admin:</strong> The initial admin account — protected, cannot be changed or deleted</li>
-            <li>• <strong>Permissions:</strong> Click a user&apos;s permission badge to manage individual settings (auto-approve, interactive search). Use Global User Permissions to control system-wide defaults. Admins always have full access.</li>
+            <li>• <strong>Permissions:</strong> Click a user&apos;s permission badge to manage individual settings. Use Global User Permissions for system-wide defaults. Admins always have full access.</li>
-            <li>• <strong>OIDC Users:</strong> Role management is handled by the identity provider - use admin role mapping in OIDC settings. Cannot be deleted as access is managed externally.</li>
+            <li>• <strong>OIDC Users:</strong> Role management is handled by the identity provider. Cannot be deleted.</li>
-            <li>• <strong>Plex Users:</strong> Can have their roles changed, but cannot be deleted as access is managed by Plex.</li>
+            <li>• <strong>Plex Users:</strong> Role can be changed, but cannot be deleted (access managed by Plex).</li>
-            <li>• <strong>Local Users:</strong> Can be freely assigned user or admin roles (except setup admin). Can be deleted (their requests are preserved for historical records).</li>
+            <li>• <strong>Local Users:</strong> Can have roles freely assigned. Can be deleted (requests are preserved).</li>
            <li>• You cannot change your own role or delete yourself for security reasons</li>
          </ul>
        </div>
-        {/* Edit User Dialog */}
+        {/* Edit User Dialog — bottom sheet on mobile */}
        {editDialog.isOpen && editDialog.user && (
-          <div className="fixed inset-0 z-50 flex items-center justify-center bg-black bg-opacity-50 p-4">
+          <div className="fixed inset-0 z-50 flex items-end sm:items-center justify-center bg-black bg-opacity-50 p-0 sm:p-4">
-            <div className="bg-white dark:bg-gray-800 rounded-lg shadow-xl max-w-md w-full p-6">
+            <div className="bg-white dark:bg-gray-800 rounded-t-2xl sm:rounded-2xl shadow-xl w-full sm:max-w-md">
-              <h3 className="text-lg font-semibold text-gray-900 dark:text-gray-100 mb-4">
+              {/* Dialog header */}
-                Edit User Role
+              <div className="sticky top-0 bg-white dark:bg-gray-800 px-5 py-4 border-b border-gray-200 dark:border-gray-700 rounded-t-2xl flex items-center justify-between">
-              </h3>
+                <h3 className="text-lg font-semibold text-gray-900 dark:text-gray-100">
-              <div className="space-y-4 mb-6">
+                  Edit User Role
                </h3>
                <button
                  onClick={hideEditDialog}
                  className="p-2 -mr-1 text-gray-400 hover:text-gray-600 dark:hover:text-gray-200 rounded-lg hover:bg-gray-100 dark:hover:bg-gray-700 transition-colors"
                  aria-label="Close dialog"
                >
                  <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                    <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M6 18L18 6M6 6l12 12" />
                  </svg>
                </button>
              </div>
              <div className="px-5 py-5 space-y-4">
                {/* User Info */}
-                <div className="flex items-center gap-3 p-3 bg-gray-50 dark:bg-gray-700 rounded-lg">
+                <div className="flex items-center gap-3 p-3 bg-gray-50 dark:bg-gray-700 rounded-xl">
-                  {editDialog.user.avatarUrl && (
+                  {editDialog.user.avatarUrl ? (
                    <img
                      src={editDialog.user.avatarUrl}
                      alt={editDialog.user.plexUsername}
-                      className="h-12 w-12 rounded-full"
+                      className="h-12 w-12 rounded-full flex-shrink-0"
                    />
                  ) : (
                    <div className="h-12 w-12 rounded-full flex-shrink-0 bg-gray-200 dark:bg-gray-600 flex items-center justify-center">
                      <svg className="w-6 h-6 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                        <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M16 7a4 4 0 11-8 0 4 4 0 018 0zM12 14a7 7 0 00-7 7h14a7 7 0 00-7-7z" />
                      </svg>
                    </div>
                  )}
                  <div>
                    <div className="text-sm font-medium text-gray-900 dark:text-gray-100">
@@ -685,38 +862,34 @@ function AdminUsersPageContent() {
                    Role
                  </label>
                  <div className="space-y-2">
-                    <label className="flex items-start gap-3 p-3 border border-gray-300 dark:border-gray-600 rounded-lg hover:bg-gray-50 dark:hover:bg-gray-700 cursor-pointer">
+                    <label className="flex items-start gap-3 p-3 border border-gray-300 dark:border-gray-600 rounded-xl hover:bg-gray-50 dark:hover:bg-gray-700 cursor-pointer transition-colors">
                      <input
                        type="radio"
                        name="role"
                        value="user"
                        checked={editRole === 'user'}
                        onChange={(e) => setEditRole(e.target.value as 'user' | 'admin')}
-                        className="mt-1 w-4 h-4 text-blue-600 bg-gray-100 border-gray-300 focus:ring-blue-500 dark:bg-gray-700 dark:border-gray-600"
+                        className="mt-1 w-4 h-4 text-blue-600 bg-gray-100 border-gray-300 focus:ring-blue-500 dark:bg-gray-700 dark:border-gray-600 flex-shrink-0"
                      />
                      <div className="flex-1">
-                        <div className="text-sm font-medium text-gray-900 dark:text-gray-100">
+                        <div className="text-sm font-medium text-gray-900 dark:text-gray-100">User</div>
-                          User
+                        <div className="text-xs text-gray-500 dark:text-gray-400 mt-0.5">
                        </div>
                        <div className="text-xs text-gray-500 dark:text-gray-400 mt-1">
                          Can request audiobooks and view own requests
                        </div>
                      </div>
                    </label>
-                    <label className="flex items-start gap-3 p-3 border border-gray-300 dark:border-gray-600 rounded-lg hover:bg-gray-50 dark:hover:bg-gray-700 cursor-pointer">
+                    <label className="flex items-start gap-3 p-3 border border-gray-300 dark:border-gray-600 rounded-xl hover:bg-gray-50 dark:hover:bg-gray-700 cursor-pointer transition-colors">
                      <input
                        type="radio"
                        name="role"
                        value="admin"
                        checked={editRole === 'admin'}
                        onChange={(e) => setEditRole(e.target.value as 'user' | 'admin')}
-                        className="mt-1 w-4 h-4 text-blue-600 bg-gray-100 border-gray-300 focus:ring-blue-500 dark:bg-gray-700 dark:border-gray-600"
+                        className="mt-1 w-4 h-4 text-blue-600 bg-gray-100 border-gray-300 focus:ring-blue-500 dark:bg-gray-700 dark:border-gray-600 flex-shrink-0"
                      />
                      <div className="flex-1">
-                        <div className="text-sm font-medium text-gray-900 dark:text-gray-100">
+                        <div className="text-sm font-medium text-gray-900 dark:text-gray-100">Admin</div>
-                          Admin
+                        <div className="text-xs text-gray-500 dark:text-gray-400 mt-0.5">
                        </div>
                        <div className="text-xs text-gray-500 dark:text-gray-400 mt-1">
                          Full system access including settings and user management
                        </div>
                      </div>
@@ -725,19 +898,19 @@ function AdminUsersPageContent() {
                </div>
              </div>
-              {/* Actions */}
+              {/* Dialog footer */}
-              <div className="flex justify-end gap-3">
+              <div className="sticky bottom-0 bg-white dark:bg-gray-800 px-5 py-4 border-t border-gray-200 dark:border-gray-700 flex gap-3">
                <button
                  onClick={hideEditDialog}
                  disabled={saving}
-                  className="px-4 py-2 text-gray-700 dark:text-gray-300 bg-gray-100 dark:bg-gray-700 hover:bg-gray-200 dark:hover:bg-gray-600 rounded-lg transition-colors disabled:opacity-50 disabled:cursor-not-allowed"
+                  className="flex-1 px-4 py-2.5 text-gray-700 dark:text-gray-300 bg-gray-100 dark:bg-gray-700 hover:bg-gray-200 dark:hover:bg-gray-600 rounded-lg transition-colors text-sm font-medium disabled:opacity-50 disabled:cursor-not-allowed"
                >
                  Cancel
                </button>
                <button
                  onClick={saveUserRole}
                  disabled={saving}
-                  className="px-4 py-2 text-white bg-blue-600 hover:bg-blue-700 rounded-lg transition-colors disabled:opacity-50 disabled:cursor-not-allowed"
+                  className="flex-1 px-4 py-2.5 text-white bg-blue-600 hover:bg-blue-700 rounded-lg transition-colors text-sm font-medium disabled:opacity-50 disabled:cursor-not-allowed"
                >
                  {saving ? 'Saving...' : 'Save Changes'}
                </button>
@@ -788,6 +961,8 @@ function AdminUsersPageContent() {
          onToggleAutoApprove={handleGlobalAutoApproveToggle}
          globalInteractiveSearch={globalInteractiveSearch}
          onToggleInteractiveSearch={handleGlobalInteractiveSearchToggle}
          globalDownloadAccess={globalDownloadAccess}
          onToggleDownloadAccess={handleGlobalDownloadAccessToggle}
        />
        {/* User Permissions Modal */}
@@ -797,12 +972,16 @@ function AdminUsersPageContent() {
          user={permissionsUser}
          globalAutoApprove={globalAutoApprove}
          globalInteractiveSearch={globalInteractiveSearch}
          globalDownloadAccess={globalDownloadAccess}
          onToggleAutoApprove={(user, newValue) => {
            handleUserAutoApproveToggle(user as User, newValue);
          }}
          onToggleInteractiveSearch={(user, newValue) => {
            handleUserInteractiveSearchToggle(user as User, newValue);
          }}
          onToggleDownloadAccess={(user, newValue) => {
            handleUserDownloadAccessToggle(user as User, newValue);
          }}
        />
      </div>
    </div>
@@ -0,0 +1,142 @@
 /**
 * Component: Interactive API Documentation Page
 * Documentation: documentation/backend/services/api-tokens.md
 *
 * Lists all API token-accessible endpoints with "Try it out" functionality.
 * Users can test with a custom API token or their current browser session.
 */
 'use client';
 import { useState } from 'react';
 import { Header } from '@/components/layout/Header';
 import { ProtectedRoute } from '@/components/auth/ProtectedRoute';
 import { TokenInput } from '@/components/api-docs/TokenInput';
 import { EndpointCard } from '@/components/api-docs/EndpointCard';
 import { API_TOKEN_ENDPOINT_DOCS } from '@/lib/constants/api-tokens';
 import { useAuth } from '@/contexts/AuthContext';
 import { getInstanceUrl } from '@/lib/utils/client-url';
 import Link from 'next/link';
 export default function ApiDocsPage() {
  const { user } = useAuth();
  const [token, setToken] = useState('');
  const [useSession, setUseSession] = useState(false);
  const isAdmin = user?.role === 'admin';
  return (
    <ProtectedRoute>
      <div className="min-h-screen bg-gray-50 dark:bg-gray-950">
        <Header />
        <main className="max-w-4xl mx-auto px-4 sm:px-6 pt-8 pb-16">
          {/* Page header */}
          <div className="mb-8">
            <div className="flex items-center gap-2 text-sm text-gray-500 dark:text-gray-400 mb-4">
              <Link
                href="/profile"
                className="hover:text-gray-700 dark:hover:text-gray-200 transition-colors"
              >
                Profile
              </Link>
              <svg className="w-3.5 h-3.5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 5l7 7-7 7" />
              </svg>
              <span className="text-gray-900 dark:text-white font-medium">API Documentation</span>
            </div>
            <h1 className="text-3xl font-bold text-gray-900 dark:text-white tracking-tight">
              API Reference
            </h1>
            <p className="mt-2 text-base text-gray-500 dark:text-gray-400 leading-relaxed max-w-2xl">
              Interact with ReadMeABook programmatically using API tokens. These endpoints are
              available for external integrations, dashboards, and automation tools.
            </p>
            {/* Quick links */}
            <div className="flex flex-wrap gap-3 mt-4">
              <Link
                href="/profile"
                className="inline-flex items-center gap-1.5 text-sm font-medium text-blue-600 dark:text-blue-400 hover:text-blue-700 dark:hover:text-blue-300 transition-colors"
              >
                <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                  <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M15 7a2 2 0 012 2m4 0a6 6 0 01-7.743 5.743L11 17H9v2H7v2H4a1 1 0 01-1-1v-2.586a1 1 0 01.293-.707l5.964-5.964A6 6 0 1121 9z" />
                </svg>
                Manage your tokens
              </Link>
              {isAdmin && (
                <>
                  <span className="text-gray-300 dark:text-gray-600">|</span>
                  <Link
                    href="/admin/settings"
                    className="inline-flex items-center gap-1.5 text-sm font-medium text-blue-600 dark:text-blue-400 hover:text-blue-700 dark:hover:text-blue-300 transition-colors"
                  >
                    <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                      <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M10.325 4.317c.426-1.756 2.924-1.756 3.35 0a1.724 1.724 0 002.573 1.066c1.543-.94 3.31.826 2.37 2.37a1.724 1.724 0 001.066 2.573c1.756.426 1.756 2.924 0 3.35a1.724 1.724 0 00-1.066 2.573c.94 1.543-.826 3.31-2.37 2.37a1.724 1.724 0 00-2.573 1.066c-.426 1.756-2.924 1.756-3.35 0a1.724 1.724 0 00-2.573-1.066c-1.543.94-3.31-.826-2.37-2.37a1.724 1.724 0 00-1.066-2.573c-1.756-.426-1.756-2.924 0-3.35a1.724 1.724 0 001.066-2.573c-.94-1.543.826-3.31 2.37-2.37.996.608 2.296.07 2.572-1.065z" />
                      <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M15 12a3 3 0 11-6 0 3 3 0 016 0z" />
                    </svg>
                    Admin token management
                  </Link>
                </>
              )}
            </div>
          </div>
          {/* Authentication section */}
          <div className="mb-8">
            <TokenInput
              token={token}
              onTokenChange={setToken}
              useSession={useSession}
              onUseSessionChange={setUseSession}
            />
          </div>
          {/* Usage instructions card */}
          <div className="mb-8 rounded-2xl border border-gray-200 dark:border-gray-700/50 bg-white dark:bg-gray-800 p-5 shadow-sm">
            <h3 className="text-sm font-semibold text-gray-900 dark:text-white mb-2">
              Quick Start
            </h3>
            <p className="text-sm text-gray-500 dark:text-gray-400 mb-3">
              Include your API token in the <code className="px-1.5 py-0.5 bg-gray-100 dark:bg-gray-900 rounded text-xs font-mono">Authorization</code> header as a Bearer token:
            </p>
            <pre className="text-xs bg-gray-900 dark:bg-black text-gray-100 p-4 rounded-xl overflow-x-auto font-mono leading-relaxed">
 {`curl -H "Authorization: Bearer rmab_your_token_here" \\
  ${getInstanceUrl()}/api/requests`}
            </pre>
          </div>
          {/* Endpoints section header */}
          <div className="flex items-center gap-3 mb-5">
            <h2 className="text-lg font-semibold text-gray-900 dark:text-white">
              Available Endpoints
            </h2>
            <span className="inline-flex items-center px-2 py-0.5 rounded-md text-xs font-medium bg-gray-100 dark:bg-gray-800 text-gray-600 dark:text-gray-400">
              {API_TOKEN_ENDPOINT_DOCS.length} endpoints
            </span>
          </div>
          {/* Endpoint cards */}
          <div className="space-y-4">
            {API_TOKEN_ENDPOINT_DOCS.map((endpoint) => (
              <EndpointCard
                key={`${endpoint.method}:${endpoint.path}`}
                endpoint={endpoint}
                token={token}
                useSession={useSession}
              />
            ))}
          </div>
          {/* Footer note */}
          <div className="mt-10 text-center">
            <p className="text-xs text-gray-400 dark:text-gray-500">
              API tokens are restricted to the endpoints listed above.
              JWT session authentication has access to all endpoints.
            </p>
          </div>
        </main>
      </div>
    </ProtectedRoute>
  );
 }
@@ -0,0 +1,56 @@
 /**
 * Component: API Token Delete Route
 * Documentation: documentation/backend/services/api-tokens.md
 */
 import { NextRequest, NextResponse } from 'next/server';
 import { requireAuth, requireAdmin, AuthenticatedRequest } from '@/lib/middleware/auth';
 import { prisma } from '@/lib/db';
 import { RMABLogger } from '@/lib/utils/logger';
 import { checkApiTokenRevokeRateLimit } from '@/lib/utils/apiTokenRateLimit';
 const logger = RMABLogger.create('API.Admin.ApiTokens');
 /**
 * DELETE /api/admin/api-tokens/[id]
 * Revoke (delete) an API token
 */
 export async function DELETE(
  request: NextRequest,
  { params }: { params: Promise<{ id: string }> }
 ) {
  return requireAuth(request, (req: AuthenticatedRequest) =>
    requireAdmin(req, async () => {
      try {
        const rateLimit = checkApiTokenRevokeRateLimit(req.user!.id);
        if (!rateLimit.allowed) {
          return NextResponse.json(
            { error: 'Too many API token revoke attempts. Please try again later.' },
            {
              status: 429,
              headers: {
                'Retry-After': String(rateLimit.retryAfterSeconds),
              },
            }
          );
        }
        const { id } = await params;
        const token = await prisma.apiToken.findUnique({ where: { id } });
        if (!token) {
          return NextResponse.json({ error: 'Token not found' }, { status: 404 });
        }
        await prisma.apiToken.delete({ where: { id } });
        logger.info('API token revoked', { tokenId: id, name: token.name, revokedBy: req.user!.username });
        return NextResponse.json({ success: true });
      } catch (error) {
        logger.error('Failed to revoke API token', { error: error instanceof Error ? error.message : String(error) });
        return NextResponse.json({ error: 'Failed to revoke API token' }, { status: 500 });
      }
    })
  );
 }
@@ -0,0 +1,190 @@
 /**
 * Component: Admin API Token Management Routes
 * Documentation: documentation/backend/services/api-tokens.md
 */
 import { NextRequest, NextResponse } from 'next/server';
 import { requireAuth, requireAdmin, AuthenticatedRequest } from '@/lib/middleware/auth';
 import { prisma } from '@/lib/db';
 import { RMABLogger } from '@/lib/utils/logger';
 import { checkApiTokenCreateRateLimit } from '@/lib/utils/apiTokenRateLimit';
 import { MAX_TOKENS_PER_USER } from '@/lib/constants/api-tokens';
 import { generateApiToken } from '@/lib/utils/api-token';
 import { z } from 'zod';
 const logger = RMABLogger.create('API.Admin.ApiTokens');
 const CreateTokenSchema = z.object({
  name: z.string().min(1).max(100),
  expiresAt: z.string().datetime().nullable().optional(),
  userId: z.string().uuid().optional(), // Admin can specify which user the token acts as
  role: z.enum(['admin', 'user']).optional(), // Accepted for compatibility, but cannot differ from target user role
 });
 /**
 * GET /api/admin/api-tokens
 * List ALL API tokens across all users
 */
 export async function GET(request: NextRequest) {
  return requireAuth(request, (req: AuthenticatedRequest) =>
    requireAdmin(req, async () => {
      try {
        const tokens = await prisma.apiToken.findMany({
          include: {
            createdBy: {
              select: { id: true, plexUsername: true },
            },
            tokenUser: {
              select: { id: true, plexUsername: true, role: true },
            },
          },
          orderBy: { createdAt: 'desc' },
        });
        const sanitized = tokens.map((t) => ({
          id: t.id,
          name: t.name,
          tokenPrefix: t.tokenPrefix,
          role: t.role,
          createdBy: t.createdBy.plexUsername,
          createdById: t.createdBy.id,
          tokenUser: t.tokenUser.plexUsername,
          tokenUserId: t.tokenUser.id,
          lastUsedAt: t.lastUsedAt,
          expiresAt: t.expiresAt,
          createdAt: t.createdAt,
        }));
        return NextResponse.json({ tokens: sanitized });
      } catch (error) {
        logger.error('Failed to list API tokens', { error: error instanceof Error ? error.message : String(error) });
        return NextResponse.json({ error: 'Failed to list API tokens' }, { status: 500 });
      }
    })
  );
 }
 /**
 * POST /api/admin/api-tokens
 * Create a new API token. Admin can optionally specify userId.
 * Token role is always derived from the target user's current role.
 * Returns the full token ONCE.
 */
 export async function POST(request: NextRequest) {
  return requireAuth(request, (req: AuthenticatedRequest) =>
    requireAdmin(req, async () => {
      try {
        const rateLimit = checkApiTokenCreateRateLimit(req.user!.id);
        if (!rateLimit.allowed) {
          return NextResponse.json(
            { error: 'Too many API token create attempts. Please try again later.' },
            {
              status: 429,
              headers: {
                'Retry-After': String(rateLimit.retryAfterSeconds),
              },
            }
          );
        }
        const body = await req.json();
        const { name, expiresAt, userId, role } = CreateTokenSchema.parse(body);
        // Determine target user (defaults to the admin themselves)
        const targetUserId = userId || req.user!.id;
        // Verify the target user exists
        const targetUser = await prisma.user.findUnique({
          where: { id: targetUserId },
          select: { id: true, role: true, plexUsername: true },
        });
        if (!targetUser) {
          return NextResponse.json({ error: 'Target user not found' }, { status: 404 });
        }
        // Enforce per-user token cap (count only active, non-expired tokens)
        const activeTokenCount = await prisma.apiToken.count({
          where: {
            userId: targetUserId,
            OR: [
              { expiresAt: null },
              { expiresAt: { gt: new Date() } },
            ],
          },
        });
        if (activeTokenCount >= MAX_TOKENS_PER_USER) {
          return NextResponse.json(
            { error: `Token limit reached. Users may have at most ${MAX_TOKENS_PER_USER} active API tokens.` },
            { status: 403 }
          );
        }
        // Security guard: token role must always match the target user's persisted role.
        // This avoids role/identity mismatch (for example: acting as user A with admin role).
        if (role && role !== targetUser.role) {
          logger.warn('Admin attempted token role override that differs from target user role', {
            requestedRole: role,
            userActualRole: targetUser.role,
            targetUser: targetUser.plexUsername,
            createdBy: req.user!.username,
          });
          return NextResponse.json(
            {
              error: `Token role must match target user's role (${targetUser.role}).`,
            },
            { status: 400 }
          );
        }
        const tokenRole = targetUser.role;
        // Generate the token
        const { fullToken, tokenHash, tokenPrefix } = generateApiToken();
        const apiToken = await prisma.apiToken.create({
          data: {
            name,
            tokenHash,
            tokenPrefix,
            role: tokenRole,
            createdById: req.user!.id,
            userId: targetUserId,
            expiresAt: expiresAt ? new Date(expiresAt) : null,
          },
        });
        logger.info('Admin API token created', {
          tokenId: apiToken.id,
          name,
          createdBy: req.user!.username,
          targetUser: targetUser.plexUsername,
          role: tokenRole,
        });
        return NextResponse.json({
          token: {
            id: apiToken.id,
            name: apiToken.name,
            tokenPrefix: apiToken.tokenPrefix,
            role: apiToken.role,
            expiresAt: apiToken.expiresAt,
            createdAt: apiToken.createdAt,
          },
          // Full token is returned ONLY on creation
          fullToken,
        }, { status: 201 });
      } catch (error) {
        logger.error('Failed to create API token', { error: error instanceof Error ? error.message : String(error) });
        if (error instanceof z.ZodError) {
          return NextResponse.json({ error: 'Validation error', details: error.errors }, { status: 400 });
        }
        return NextResponse.json({ error: 'Failed to create API token' }, { status: 500 });
      }
    })
  );
 }
@@ -0,0 +1,208 @@
 /**
 * Component: Admin Filesystem Browse API
 * Documentation: documentation/features/manual-import.md
 *
 * Lets admins browse server directories for manual audiobook import.
 * Restricted to download_dir and media_dir roots only.
 */
 import { NextRequest, NextResponse } from 'next/server';
 import { requireAuth, requireAdmin, AuthenticatedRequest } from '@/lib/middleware/auth';
 import { prisma } from '@/lib/db';
 import { RMABLogger } from '@/lib/utils/logger';
 import { AUDIO_EXTENSIONS } from '@/lib/constants/audio-formats';
 const logger = RMABLogger.create('API.Admin.Filesystem.Browse');
 interface DirectoryEntry {
  name: string;
  type: 'directory';
  audioFileCount: number;
  subfolderCount: number;
  totalSize: number;
 }
 /**
 * Scan immediate children of a directory to gather audio file and subfolder stats.
 */
 async function getDirectoryStats(
  dirPath: string
 ): Promise<{ audioFileCount: number; subfolderCount: number; totalSize: number }> {
  const fs = await import('fs/promises');
  const pathModule = await import('path');
  let audioFileCount = 0;
  let subfolderCount = 0;
  let totalSize = 0;
  try {
    const children = await fs.readdir(dirPath, { withFileTypes: true });
    for (const child of children) {
      if (child.isDirectory()) {
        subfolderCount++;
      } else if (child.isFile()) {
        const ext = pathModule.extname(child.name).toLowerCase();
        if ((AUDIO_EXTENSIONS as readonly string[]).includes(ext)) {
          audioFileCount++;
          try {
            const stat = await fs.stat(pathModule.join(dirPath, child.name));
            totalSize += stat.size;
          } catch {
            /* skip unreadable files */
          }
        }
      }
    }
  } catch {
    /* directory not readable */
  }
  return { audioFileCount, subfolderCount, totalSize };
 }
 /**
 * Load allowed root directories from Configuration table.
 */
 const BOOKDROP_PATH = '/bookdrop';
 async function getAllowedRoots(): Promise<{ downloadDir: string | null; mediaDir: string | null; bookdropExists: boolean }> {
  const downloadDirConfig = await prisma.configuration.findUnique({
    where: { key: 'download_dir' },
  });
  const mediaDirConfig = await prisma.configuration.findUnique({
    where: { key: 'media_dir' },
  });
  let bookdropExists = false;
  try {
    const fs = await import('fs/promises');
    const stat = await fs.stat(BOOKDROP_PATH);
    bookdropExists = stat.isDirectory();
  } catch {
    /* not mounted */
  }
  return {
    downloadDir: downloadDirConfig?.value || null,
    mediaDir: mediaDirConfig?.value || null,
    bookdropExists,
  };
 }
 /**
 * Check if a normalized path is within one of the allowed roots.
 */
 function isPathAllowed(normalizedPath: string, roots: string[]): boolean {
  return roots.some(
    (root) => normalizedPath === root || normalizedPath.startsWith(root + '/')
  );
 }
 export async function GET(request: NextRequest) {
  return requireAuth(request, async (req: AuthenticatedRequest) => {
    return requireAdmin(req, async () => {
      try {
        const pathModule = await import('path');
        const fs = await import('fs/promises');
        const { downloadDir, mediaDir, bookdropExists } = await getAllowedRoots();
        const requestedPath = request.nextUrl.searchParams.get('path');
        // No path param: return root directories
        if (!requestedPath) {
          const roots: Array<{ name: string; path: string; icon: string }> = [];
          if (downloadDir) {
            roots.push({ name: 'Downloads', path: downloadDir, icon: 'download' });
          }
          if (mediaDir) {
            roots.push({ name: 'Media Library', path: mediaDir, icon: 'library' });
          }
          if (bookdropExists) {
            roots.push({ name: 'Book Drop', path: BOOKDROP_PATH, icon: 'bookdrop' });
          }
          if (roots.length === 0) {
            return NextResponse.json(
              { error: 'No browsable directories available' },
              { status: 400 }
            );
          }
          return NextResponse.json({ roots });
        }
        // Path param provided: browse that directory
        // Normalize to forward slashes and resolve
        const normalizedPath = pathModule.resolve(requestedPath).replace(/\\/g, '/');
        // Build list of allowed roots (normalized)
        const allowedRoots: string[] = [];
        if (downloadDir) allowedRoots.push(pathModule.resolve(downloadDir).replace(/\\/g, '/'));
        if (mediaDir) allowedRoots.push(pathModule.resolve(mediaDir).replace(/\\/g, '/'));
        if (bookdropExists) allowedRoots.push(pathModule.resolve(BOOKDROP_PATH).replace(/\\/g, '/'));
        if (!isPathAllowed(normalizedPath, allowedRoots)) {
          logger.warn(`Access denied: ${normalizedPath} is outside allowed directories`);
          return NextResponse.json(
            { error: 'Access denied: path outside allowed directories' },
            { status: 403 }
          );
        }
        // Read directory entries
        const dirEntries = await fs.readdir(normalizedPath, { withFileTypes: true });
        // Gather stats for each subdirectory (parallel for performance)
        const directoryEntries = dirEntries.filter((e) => e.isDirectory());
        const statsPromises = directoryEntries.map(async (entry): Promise<DirectoryEntry> => {
          const fullPath = pathModule.join(normalizedPath, entry.name);
          const stats = await getDirectoryStats(fullPath);
          return {
            name: entry.name,
            type: 'directory',
            ...stats,
          };
        });
        const entries = await Promise.all(statsPromises);
        entries.sort((a, b) => a.name.localeCompare(b.name));
        // Gather audio files in the current directory
        const audioFiles: Array<{ name: string; size: number }> = [];
        for (const entry of dirEntries) {
          if (entry.isFile()) {
            const ext = pathModule.extname(entry.name).toLowerCase();
            if ((AUDIO_EXTENSIONS as readonly string[]).includes(ext)) {
              try {
                const stat = await fs.stat(pathModule.join(normalizedPath, entry.name));
                audioFiles.push({ name: entry.name, size: stat.size });
              } catch {
                audioFiles.push({ name: entry.name, size: 0 });
              }
            }
          }
        }
        audioFiles.sort((a, b) => a.name.localeCompare(b.name));
        return NextResponse.json({ path: normalizedPath, entries, audioFiles });
      } catch (error) {
        const code = (error as NodeJS.ErrnoException).code;
        if (code === 'ENOENT') {
          return NextResponse.json({ error: 'Directory not found' }, { status: 404 });
        }
        if (code === 'EACCES' || code === 'EPERM') {
          return NextResponse.json({ error: 'Permission denied' }, { status: 403 });
        }
        logger.error('Failed to browse directory', {
          error: error instanceof Error ? error.message : String(error),
        });
        return NextResponse.json(
          { error: 'Failed to browse directory' },
          { status: 500 }
        );
      }
    });
  });
 }
@@ -0,0 +1,308 @@
 /**
 * Component: Admin Manual Import API
 * Documentation: documentation/features/manual-import.md
 *
 * Triggers the organize_files pipeline for a manually-selected folder.
 * Creates or recycles a request, then queues the organize job.
 */
 import { NextRequest, NextResponse } from 'next/server';
 import { requireAuth, requireAdmin, AuthenticatedRequest } from '@/lib/middleware/auth';
 import { prisma } from '@/lib/db';
 import { getJobQueueService } from '@/lib/services/job-queue.service';
 import { RMABLogger } from '@/lib/utils/logger';
 import { AUDIO_EXTENSIONS } from '@/lib/constants/audio-formats';
 import { getAudibleService } from '@/lib/integrations/audible.service';
 const logger = RMABLogger.create('API.Admin.ManualImport');
 /** Statuses that indicate the request is actively being worked on. */
 const ACTIVE_STATUSES = ['searching', 'downloading', 'processing', 'awaiting_import'];
 /** Statuses that can be recycled for a new manual import. */
 const RECYCLABLE_STATUSES = ['failed', 'warn', 'cancelled', 'denied', 'pending', 'awaiting_search', 'awaiting_approval'];
 /**
 * Check if a directory contains at least one audio file (immediate children only).
 */
 async function hasAudioFiles(dirPath: string): Promise<{ found: boolean; count: number }> {
  const fs = await import('fs/promises');
  const pathModule = await import('path');
  let count = 0;
  try {
    const children = await fs.readdir(dirPath, { withFileTypes: true });
    for (const child of children) {
      if (child.isFile()) {
        const ext = pathModule.extname(child.name).toLowerCase();
        if ((AUDIO_EXTENSIONS as readonly string[]).includes(ext)) {
          count++;
        }
      }
    }
  } catch {
    /* directory not readable */
  }
  return { found: count > 0, count };
 }
 export async function POST(request: NextRequest) {
  return requireAuth(request, async (req: AuthenticatedRequest) => {
    return requireAdmin(req, async () => {
      try {
        const pathModule = await import('path');
        const fs = await import('fs/promises');
        const body = await request.json();
        const { folderPath, asin, cleanupSource } = body;
        let { audiobookId } = body;
        // Validate required fields
        if ((!audiobookId && !asin) || !folderPath) {
          return NextResponse.json(
            { error: 'folderPath and either audiobookId or asin are required' },
            { status: 400 }
          );
        }
        // Load allowed roots
        const BOOKDROP_PATH = '/bookdrop';
        const downloadDirConfig = await prisma.configuration.findUnique({
          where: { key: 'download_dir' },
        });
        const mediaDirConfig = await prisma.configuration.findUnique({
          where: { key: 'media_dir' },
        });
        const allowedRoots: string[] = [];
        if (downloadDirConfig?.value) {
          allowedRoots.push(pathModule.resolve(downloadDirConfig.value).replace(/\\/g, '/'));
        }
        if (mediaDirConfig?.value) {
          allowedRoots.push(pathModule.resolve(mediaDirConfig.value).replace(/\\/g, '/'));
        }
        try {
          const bookdropStat = await fs.stat(BOOKDROP_PATH);
          if (bookdropStat.isDirectory()) {
            allowedRoots.push(pathModule.resolve(BOOKDROP_PATH).replace(/\\/g, '/'));
          }
        } catch {
          /* not mounted */
        }
        // Normalize and validate path
        const normalizedPath = pathModule.resolve(folderPath).replace(/\\/g, '/');
        const isAllowed = allowedRoots.some(
          (root) => normalizedPath === root || normalizedPath.startsWith(root + '/')
        );
        if (!isAllowed) {
          return NextResponse.json(
            { error: 'Access denied: path outside allowed directories' },
            { status: 403 }
          );
        }
        // Verify folder exists and is a directory
        try {
          const stat = await fs.stat(normalizedPath);
          if (!stat.isDirectory()) {
            return NextResponse.json(
              { error: 'Path is not a directory' },
              { status: 400 }
            );
          }
        } catch {
          return NextResponse.json(
            { error: 'Directory not found' },
            { status: 404 }
          );
        }
        // Verify folder contains audio files
        const audioCheck = await hasAudioFiles(normalizedPath);
        if (!audioCheck.found) {
          return NextResponse.json(
            { error: 'No audio files found in the selected directory' },
            { status: 400 }
          );
        }
        // Resolve audiobook by ASIN if audiobookId not provided
        if (!audiobookId && asin) {
          const byAsin = await prisma.audiobook.findFirst({
            where: { audibleAsin: asin },
          });
          if (byAsin) {
            audiobookId = byAsin.id;
          } else {
            // Create audiobook record from Audible cache if available
            const cached = await prisma.audibleCache.findUnique({
              where: { asin },
            });
            if (cached) {
              const newBook = await prisma.audiobook.create({
                data: {
                  audibleAsin: asin,
                  title: cached.title,
                  author: cached.author,
                  coverArtUrl: cached.coverArtUrl,
                  narrator: cached.narrator,
                  status: 'pending',
                },
              });
              audiobookId = newBook.id;
              logger.info(`Created audiobook record from cache for ASIN ${asin}: ${newBook.id}`);
            } else {
              return NextResponse.json(
                { error: 'Audiobook not found for the given ASIN' },
                { status: 404 }
              );
            }
          }
        }
        // Verify audiobook exists
        const audiobook = await prisma.audiobook.findUnique({
          where: { id: audiobookId },
        });
        if (!audiobook) {
          return NextResponse.json(
            { error: 'Audiobook not found' },
            { status: 404 }
          );
        }
        // Enrich missing series/year data from Audnexus (mirrors request-creator.service.ts)
        if (audiobook.audibleAsin && (!audiobook.series || !audiobook.year)) {
          try {
            const audibleService = getAudibleService();
            const audnexusData = await audibleService.getAudiobookDetails(audiobook.audibleAsin);
            if (audnexusData) {
              const updates: Record<string, any> = {};
              if (!audiobook.series && audnexusData.series) {
                updates.series = audnexusData.series;
              }
              if (!audiobook.seriesPart && audnexusData.seriesPart) {
                updates.seriesPart = audnexusData.seriesPart;
              }
              if (!audiobook.seriesAsin && audnexusData.seriesAsin) {
                updates.seriesAsin = audnexusData.seriesAsin;
              }
              if (!audiobook.year && audnexusData.releaseDate) {
                const releaseYear = new Date(audnexusData.releaseDate).getFullYear();
                if (!isNaN(releaseYear)) {
                  updates.year = releaseYear;
                }
              }
              if (!audiobook.narrator && audnexusData.narrator) {
                updates.narrator = audnexusData.narrator;
              }
              if (Object.keys(updates).length > 0) {
                await prisma.audiobook.update({
                  where: { id: audiobook.id },
                  data: updates,
                });
                logger.info(`Enriched audiobook metadata from Audnexus for ASIN ${audiobook.audibleAsin}`, updates);
              }
            }
          } catch (error) {
            // Non-fatal: series enrichment failure should never block the import
            logger.warn(`Failed to enrich metadata from Audnexus for ASIN ${audiobook.audibleAsin}: ${error instanceof Error ? error.message : String(error)}`);
          }
        }
        // Check for existing requests
        const existingRequest = await prisma.request.findFirst({
          where: {
            audiobookId,
            type: 'audiobook',
            deletedAt: null,
          },
          orderBy: { createdAt: 'desc' },
        });
        let requestId: string;
        if (existingRequest) {
          // Check if already in an active state
          if (ACTIVE_STATUSES.includes(existingRequest.status)) {
            return NextResponse.json(
              { error: 'This audiobook is already being processed' },
              { status: 409 }
            );
          }
          // Recycle the existing request
          if (RECYCLABLE_STATUSES.includes(existingRequest.status) ||
              existingRequest.status === 'downloaded' ||
              existingRequest.status === 'available') {
            await prisma.request.update({
              where: { id: existingRequest.id },
              data: {
                status: 'processing',
                progress: 100,
                errorMessage: null,
                importAttempts: 0,
                updatedAt: new Date(),
              },
            });
            requestId = existingRequest.id;
            logger.info(`Recycled existing request ${requestId} for manual import`);
          } else {
            // Unknown status - create new
            const newRequest = await prisma.request.create({
              data: {
                userId: req.user!.id,
                audiobookId,
                type: 'audiobook',
                status: 'processing',
                progress: 100,
              },
            });
            requestId = newRequest.id;
            logger.info(`Created new request ${requestId} (existing had status: ${existingRequest.status})`);
          }
        } else {
          // No existing request - create one
          const newRequest = await prisma.request.create({
            data: {
              userId: req.user!.id,
              audiobookId,
              type: 'audiobook',
              status: 'processing',
              progress: 100,
            },
          });
          requestId = newRequest.id;
          logger.info(`Created new request ${requestId} for manual import`);
        }
        // Queue organize_files job
        const jobQueue = getJobQueueService();
        await jobQueue.addOrganizeJob(requestId, audiobookId, normalizedPath, undefined, cleanupSource === true);
        logger.info(`Manual import queued: request=${requestId}, path=${normalizedPath}, audioFiles=${audioCheck.count}`);
        return NextResponse.json({
          success: true,
          requestId,
          message: `Import started for ${audiobook.title}`,
        });
      } catch (error) {
        logger.error('Manual import failed', {
          error: error instanceof Error ? error.message : String(error),
        });
        return NextResponse.json(
          { error: error instanceof Error ? error.message : 'Manual import failed' },
          { status: 500 }
        );
      }
    });
  });
 }
@@ -6,7 +6,8 @@
 import { NextRequest, NextResponse } from 'next/server';
 import { requireAuth, requireAdmin, AuthenticatedRequest } from '@/lib/middleware/auth';
 import { prisma } from '@/lib/db';
-import { getNotificationService, NotificationBackendType } from '@/lib/services/notification.service';
+import { getNotificationService } from '@/lib/services/notification';
 import { NOTIFICATION_EVENT_KEYS } from '@/lib/constants/notification-events';
 import { RMABLogger } from '@/lib/utils/logger';
 import { z } from 'zod';
@@ -15,7 +16,7 @@ const logger = RMABLogger.create('API.Admin.Notifications.Id');
 const UpdateBackendSchema = z.object({
  name: z.string().min(1).optional(),
  config: z.record(z.any()).optional(),
-  events: z.array(z.enum(['request_pending_approval', 'request_approved', 'request_available', 'request_error'])).min(1).optional(),
+  events: z.array(z.enum(NOTIFICATION_EVENT_KEYS)).min(1).optional(),
  enabled: z.boolean().optional(),
 });
@@ -50,7 +51,7 @@ export async function GET(
          success: true,
          backend: {
            ...backend,
-            config: notificationService.maskConfig(backend.type as NotificationBackendType, backend.config),
+            config: notificationService.maskConfig(backend.type, backend.config),
          },
        });
      } catch (error) {
@@ -114,7 +115,7 @@ export async function PUT(
          });
          // Encrypt new/changed values
-          finalConfig = notificationService.encryptConfig(existing.type as NotificationBackendType, updatedConfig);
+          finalConfig = notificationService.encryptConfig(existing.type, updatedConfig);
        }
        // Update backend
@@ -139,7 +140,7 @@ export async function PUT(
          success: true,
          backend: {
            ...updated,
-            config: notificationService.maskConfig(updated.type as NotificationBackendType, updated.config),
+            config: notificationService.maskConfig(updated.type, updated.config),
          },
        });
      } catch (error) {
@@ -0,0 +1,42 @@
 /**
 * Component: Notification Providers Metadata API
 * Documentation: documentation/backend/services/notifications.md
 */
 import { NextRequest, NextResponse } from 'next/server';
 import { requireAuth, requireAdmin, AuthenticatedRequest } from '@/lib/middleware/auth';
 import { getAllProviderMetadata } from '@/lib/services/notification';
 import { RMABLogger } from '@/lib/utils/logger';
 const logger = RMABLogger.create('API.Admin.Notifications.Providers');
 /**
 * GET /api/admin/notifications/providers
 * Returns metadata for all registered notification providers
 */
 export async function GET(request: NextRequest) {
  return requireAuth(request, async (req: AuthenticatedRequest) => {
    return requireAdmin(req, async () => {
      try {
        const providers = getAllProviderMetadata();
        return NextResponse.json({
          success: true,
          providers,
        });
      } catch (error) {
        logger.error('Failed to fetch provider metadata', {
          error: error instanceof Error ? error.message : String(error),
        });
        return NextResponse.json(
          {
            error: 'FetchError',
            message: 'Failed to fetch provider metadata',
          },
          { status: 500 }
        );
      }
    });
  });
 }
@@ -6,17 +6,18 @@
 import { NextRequest, NextResponse } from 'next/server';
 import { requireAuth, requireAdmin, AuthenticatedRequest } from '@/lib/middleware/auth';
 import { prisma } from '@/lib/db';
-import { getNotificationService, NotificationBackendType } from '@/lib/services/notification.service';
+import { getNotificationService, getRegisteredProviderTypes } from '@/lib/services/notification';
 import { NOTIFICATION_EVENT_KEYS } from '@/lib/constants/notification-events';
 import { RMABLogger } from '@/lib/utils/logger';
 import { z } from 'zod';
 const logger = RMABLogger.create('API.Admin.Notifications');
 const CreateBackendSchema = z.object({
-  type: z.enum(['discord', 'pushover', 'email', 'slack', 'telegram', 'webhook']),
+  type: z.string().refine((val) => getRegisteredProviderTypes().includes(val), { message: 'Unsupported notification provider type' }),
  name: z.string().min(1),
  config: z.record(z.any()),
-  events: z.array(z.enum(['request_pending_approval', 'request_approved', 'request_available', 'request_error'])).min(1),
+  events: z.array(z.enum(NOTIFICATION_EVENT_KEYS)).min(1),
  enabled: z.boolean().default(true),
 });
@@ -37,7 +38,7 @@ export async function GET(request: NextRequest) {
        // Mask sensitive config values
        const maskedBackends = backends.map((backend) => ({
          ...backend,
-          config: notificationService.maskConfig(backend.type as NotificationBackendType, backend.config),
+          config: notificationService.maskConfig(backend.type, backend.config),
        }));
        return NextResponse.json({
@@ -5,31 +5,17 @@
 import { NextRequest, NextResponse } from 'next/server';
 import { requireAuth, requireAdmin, AuthenticatedRequest } from '@/lib/middleware/auth';
-import { getNotificationService, NotificationBackendType, NotificationPayload } from '@/lib/services/notification.service';
+import { getNotificationService, getRegisteredProviderTypes, NotificationPayload } from '@/lib/services/notification';
 import { RMABLogger } from '@/lib/utils/logger';
 import { z } from 'zod';
 import { prisma } from '@/lib/db';
 const logger = RMABLogger.create('API.Admin.Notifications.Test');
-const TestNotificationSchema = z.discriminatedUnion('mode', [
+// Flexible schema: supports both backendId and type+config formats
-  // Test existing backend by ID (uses stored config)
+const TestNotificationSchema = z.object({
  z.object({
    mode: z.literal('backend'),
    backendId: z.string(),
  }),
  // Test new config before saving
  z.object({
    mode: z.literal('config'),
    type: z.enum(['discord', 'pushover', 'email', 'slack', 'telegram', 'webhook']),
    config: z.record(z.any()),
  }),
 ]);
 // Support legacy format without mode
 const LegacyTestNotificationSchema = z.object({
  backendId: z.string().optional(),
-  type: z.enum(['discord', 'pushover', 'email', 'slack', 'telegram', 'webhook']).optional(),
+  type: z.string().refine((val) => getRegisteredProviderTypes().includes(val), { message: 'Unsupported notification provider type' }).optional(),
  config: z.record(z.any()).optional(),
 });
@@ -42,66 +28,37 @@ export async function POST(request: NextRequest) {
    return requireAdmin(req, async () => {
      try {
        const body = await request.json();
        const parsed = TestNotificationSchema.parse(body);
-        // Support legacy format for backward compatibility
+        let type: string;
        const legacyParsed = LegacyTestNotificationSchema.safeParse(body);
        let type: NotificationBackendType;
        let encryptedConfig: any;
        const notificationService = getNotificationService();
-        if (legacyParsed.success) {
+        if (parsed.backendId) {
-          // Legacy format
+          // Test existing backend by ID (uses stored config)
-          if (legacyParsed.data.backendId) {
+          const backend = await prisma.notificationBackend.findUnique({
-            // Test existing backend
+            where: { id: parsed.backendId },
-            const backend = await prisma.notificationBackend.findUnique({
+          });
              where: { id: legacyParsed.data.backendId },
            });
-            if (!backend) {
+          if (!backend) {
              return NextResponse.json(
                { error: 'NotFound', message: 'Backend not found' },
                { status: 404 }
              );
            }
            type = backend.type as NotificationBackendType;
            encryptedConfig = backend.config; // Already encrypted in DB
          } else if (legacyParsed.data.type && legacyParsed.data.config) {
            // Test new config
            type = legacyParsed.data.type as NotificationBackendType;
            encryptedConfig = notificationService.encryptConfig(type, legacyParsed.data.config);
          } else {
            return NextResponse.json(
-              { error: 'ValidationError', message: 'Must provide either backendId or type+config' },
+              { error: 'NotFound', message: 'Backend not found' },
-              { status: 400 }
+              { status: 404 }
            );
          }
          type = backend.type;
          encryptedConfig = backend.config; // Already encrypted in DB
        } else if (parsed.type && parsed.config) {
          // Test new config before saving
          type = parsed.type;
          encryptedConfig = notificationService.encryptConfig(type, parsed.config);
        } else {
-          // New format with discriminated union
+          return NextResponse.json(
-          const parsed = TestNotificationSchema.parse(body);
+            { error: 'ValidationError', message: 'Must provide either backendId or type+config' },
-
+            { status: 400 }
-          if (parsed.mode === 'backend') {
+          );
            // Test existing backend
            const backend = await prisma.notificationBackend.findUnique({
              where: { id: parsed.backendId },
            });
            if (!backend) {
              return NextResponse.json(
                { error: 'NotFound', message: 'Backend not found' },
                { status: 404 }
              );
            }
            type = backend.type as NotificationBackendType;
            encryptedConfig = backend.config; // Already encrypted in DB
          } else {
            // Test new config
            type = parsed.type;
            encryptedConfig = notificationService.encryptConfig(type, parsed.config);
          }
        }
        // Create test payload
@@ -111,13 +68,14 @@ export async function POST(request: NextRequest) {
          title: "The Hitchhiker's Guide to the Galaxy",
          author: 'Douglas Adams',
          userName: 'Test User',
          requestType: 'audiobook',
          timestamp: new Date(),
        };
        // Send test notification synchronously (not via job queue)
        try {
          // Call sendToBackend directly
-          await (notificationService as any).sendToBackend(type, encryptedConfig, testPayload);
+          await notificationService.sendToBackend(type, encryptedConfig, testPayload);
          logger.info(`Test notification sent successfully for ${type}`, {
            adminId: req.user?.sub,
@@ -0,0 +1,87 @@
 /**
 * Component: Admin Replace Audiobook API
 * Documentation: documentation/backend/services/reported-issues.md
 */
 import { NextRequest, NextResponse } from 'next/server';
 import { requireAuth, requireAdmin, AuthenticatedRequest } from '@/lib/middleware/auth';
 import { replaceAudiobook, ReportedIssueError } from '@/lib/services/reported-issue.service';
 import { z } from 'zod';
 import { RMABLogger } from '@/lib/utils/logger';
 const logger = RMABLogger.create('API.Admin.ReportedIssues.Replace');
 const ReplaceSchema = z.object({
  torrent: z.object({
    guid: z.string(),
    title: z.string(),
    size: z.number(),
    seeders: z.number().optional(),
    leechers: z.number().optional(),
    indexer: z.string(),
    indexerId: z.number().optional(),
    downloadUrl: z.string(),
    infoUrl: z.string().optional(),
    publishDate: z.string().transform((str) => new Date(str)),
    infoHash: z.string().optional(),
    format: z.enum(['M4B', 'M4A', 'MP3', 'OTHER']).optional(),
    bitrate: z.string().optional(),
    hasChapters: z.boolean().optional(),
    protocol: z.enum(['torrent', 'usenet']).optional(),
  }),
 });
 /**
 * POST /api/admin/reported-issues/[id]/replace
 * Atomically replace audiobook content: delete old → create new request → start download → resolve issue
 */
 export async function POST(
  request: NextRequest,
  { params }: { params: Promise<{ id: string }> }
 ) {
  return requireAuth(request, async (req: AuthenticatedRequest) => {
    return requireAdmin(req, async () => {
      try {
        if (!req.user) {
          return NextResponse.json(
            { error: 'Unauthorized', message: 'User not authenticated' },
            { status: 401 }
          );
        }
        const { id } = await params;
        const body = await req.json();
        const { torrent } = ReplaceSchema.parse(body);
        const result = await replaceAudiobook(id, req.user.id, torrent);
        return NextResponse.json({
          success: true,
          request: result.request,
        });
      } catch (error) {
        if (error instanceof z.ZodError) {
          return NextResponse.json(
            { error: 'ValidationError', details: error.errors },
            { status: 400 }
          );
        }
        if (error instanceof ReportedIssueError) {
          return NextResponse.json(
            { error: 'ReplaceError', message: error.message },
            { status: error.statusCode }
          );
        }
        logger.error('Failed to replace audiobook', {
          error: error instanceof Error ? error.message : String(error),
        });
        return NextResponse.json(
          { error: 'ServerError', message: 'Failed to replace audiobook' },
          { status: 500 }
        );
      }
    });
  });
 }
@@ -0,0 +1,74 @@
 /**
 * Component: Admin Resolve Reported Issue API
 * Documentation: documentation/backend/services/reported-issues.md
 */
 import { NextRequest, NextResponse } from 'next/server';
 import { requireAuth, requireAdmin, AuthenticatedRequest } from '@/lib/middleware/auth';
 import { dismissIssue, ReportedIssueError } from '@/lib/services/reported-issue.service';
 import { z } from 'zod';
 import { RMABLogger } from '@/lib/utils/logger';
 const logger = RMABLogger.create('API.Admin.ReportedIssues.Resolve');
 const ResolveSchema = z.object({
  action: z.enum(['dismiss']),
 });
 /**
 * POST /api/admin/reported-issues/[id]/resolve
 * Dismiss a reported issue
 */
 export async function POST(
  request: NextRequest,
  { params }: { params: Promise<{ id: string }> }
 ) {
  return requireAuth(request, async (req: AuthenticatedRequest) => {
    return requireAdmin(req, async () => {
      try {
        if (!req.user) {
          return NextResponse.json(
            { error: 'Unauthorized', message: 'User not authenticated' },
            { status: 401 }
          );
        }
        const { id } = await params;
        const body = await req.json();
        const { action } = ResolveSchema.parse(body);
        if (action === 'dismiss') {
          const issue = await dismissIssue(id, req.user.id);
          return NextResponse.json({ success: true, issue });
        }
        return NextResponse.json(
          { error: 'InvalidAction', message: 'Unknown action' },
          { status: 400 }
        );
      } catch (error) {
        if (error instanceof z.ZodError) {
          return NextResponse.json(
            { error: 'ValidationError', details: error.errors },
            { status: 400 }
          );
        }
        if (error instanceof ReportedIssueError) {
          return NextResponse.json(
            { error: 'ResolveError', message: error.message },
            { status: error.statusCode }
          );
        }
        logger.error('Failed to resolve issue', {
          error: error instanceof Error ? error.message : String(error),
        });
        return NextResponse.json(
          { error: 'ServerError', message: 'Failed to resolve issue' },
          { status: 500 }
        );
      }
    });
  });
 }
@@ -0,0 +1,39 @@
 /**
 * Component: Admin Reported Issues List API
 * Documentation: documentation/backend/services/reported-issues.md
 */
 import { NextRequest, NextResponse } from 'next/server';
 import { requireAuth, requireAdmin, AuthenticatedRequest } from '@/lib/middleware/auth';
 import { getOpenIssues } from '@/lib/services/reported-issue.service';
 import { RMABLogger } from '@/lib/utils/logger';
 const logger = RMABLogger.create('API.Admin.ReportedIssues');
 /**
 * GET /api/admin/reported-issues
 * Get all open reported issues with audiobook metadata and reporter info
 */
 export async function GET(request: NextRequest) {
  return requireAuth(request, async (req: AuthenticatedRequest) => {
    return requireAdmin(req, async () => {
      try {
        const issues = await getOpenIssues();
        return NextResponse.json({
          success: true,
          issues,
          count: issues.length,
        });
      } catch (error) {
        logger.error('Failed to fetch reported issues', {
          error: error instanceof Error ? error.message : String(error),
        });
        return NextResponse.json(
          { error: 'ServerError', message: 'Failed to fetch reported issues' },
          { status: 500 }
        );
      }
    });
  });
 }
@@ -14,6 +14,7 @@ const logger = RMABLogger.create('API.Admin.Requests.Approve');
 const ApprovalActionSchema = z.object({
  action: z.enum(['approve', 'deny']),
  selectedTorrent: z.any().optional(),
 });
 /**
@@ -37,8 +38,8 @@ export async function POST(
        const { id } = await params;
        const body = await request.json();
-        // Validate action
+        // Validate action and optional admin-selected torrent
-        const { action } = ApprovalActionSchema.parse(body);
+        const { action, selectedTorrent: adminSelectedTorrent } = ApprovalActionSchema.parse(body);
        // Fetch the request
        const existingRequest = await prisma.request.findUnique({
@@ -78,12 +79,15 @@ export async function POST(
          const jobQueue = getJobQueueService();
          const isEbookRequest = existingRequest.type === 'ebook';
-          // Check if request has a pre-selected torrent (from interactive search)
+          // Use admin-provided torrent (from admin interactive search) or fall back to user's pre-selected torrent
-          if (existingRequest.selectedTorrent) {
+          const effectiveTorrent = adminSelectedTorrent || existingRequest.selectedTorrent;
            const selectedTorrent = existingRequest.selectedTorrent as any;
-            // User pre-selected a specific torrent - download that torrent directly
+          if (effectiveTorrent) {
-            logger.info(`Request ${id} has pre-selected torrent, starting download`, {
+            const selectedTorrent = effectiveTorrent as any;
            const torrentSource = adminSelectedTorrent ? 'admin' : 'user';
            // Download the selected torrent directly
            logger.info(`Request ${id} has ${torrentSource}-selected torrent, starting download`, {
              requestId: id,
              userId: existingRequest.userId,
              adminId: req.user.sub,
@@ -167,17 +171,20 @@ export async function POST(
              logger.error('Failed to queue notification', { error: error instanceof Error ? error.message : String(error) });
            });
-            logger.info(`Request ${id} approved by admin ${req.user.sub}, downloading pre-selected torrent`, {
+            logger.info(`Request ${id} approved by admin ${req.user.sub}, downloading ${torrentSource}-selected torrent`, {
              requestId: id,
              userId: updatedRequest.userId,
              audiobookTitle: existingRequest.audiobook.title,
              adminId: req.user.sub,
              type: existingRequest.type,
              torrentSource,
            });
            return NextResponse.json({
              success: true,
-              message: 'Request approved and download started with pre-selected torrent',
+              message: adminSelectedTorrent
                ? 'Request approved and download started with admin-selected torrent'
                : 'Request approved and download started with pre-selected torrent',
              request: updatedRequest,
            });
          } else {
@@ -0,0 +1,271 @@
 /**
 * Component: Admin Retry Download API
 * Documentation: documentation/admin-dashboard.md
 *
 * Retries a failed download by either resuming monitoring of a still-alive
 * download in the client, or re-adding the download using metadata from the
 * most recent selected DownloadHistory record.
 */
 import { NextRequest, NextResponse } from 'next/server';
 import { requireAuth, requireAdmin, AuthenticatedRequest } from '@/lib/middleware/auth';
 import { prisma } from '@/lib/db';
 import { getJobQueueService } from '@/lib/services/job-queue.service';
 import { getConfigService } from '@/lib/services/config.service';
 import { getDownloadClientManager } from '@/lib/services/download-client-manager.service';
 import { CLIENT_PROTOCOL_MAP, DownloadClientType } from '@/lib/interfaces/download-client.interface';
 import { TorrentResult } from '@/lib/utils/ranking-algorithm';
 import { RMABLogger } from '@/lib/utils/logger';
 const logger = RMABLogger.create('API.Admin.Requests.RetryDownload');
 /** Download statuses considered "alive" — monitoring can be resumed */
 const ALIVE_STATUSES = new Set([
  'downloading',
  'queued',
  'paused',
  'checking',
  'seeding',
  'completed',
 ]);
 /**
 * POST /api/admin/requests/[id]/retry-download
 * Retry a failed download for an admin request.
 */
 export async function POST(
  request: NextRequest,
  { params }: { params: Promise<{ id: string }> }
 ) {
  return requireAuth(request, async (req: AuthenticatedRequest) => {
    return requireAdmin(req, async () => {
      try {
        if (!req.user) {
          return NextResponse.json(
            { error: 'Unauthorized', message: 'User not authenticated' },
            { status: 401 }
          );
        }
        const { id } = await params;
        // Fetch the request with audiobook info
        const existingRequest = await prisma.request.findFirst({
          where: { id, deletedAt: null },
          include: {
            audiobook: true,
          },
        });
        if (!existingRequest) {
          return NextResponse.json(
            { error: 'NotFound', message: 'Request not found' },
            { status: 404 }
          );
        }
        if (existingRequest.status !== 'failed') {
          return NextResponse.json(
            {
              error: 'InvalidStatus',
              message: `Request is not in a failed state (current status: ${existingRequest.status})`,
              currentStatus: existingRequest.status,
            },
            { status: 400 }
          );
        }
        // Find the most recent selected DownloadHistory record
        const downloadHistory = await prisma.downloadHistory.findFirst({
          where: { requestId: id, selected: true },
          orderBy: { createdAt: 'desc' },
        });
        if (!downloadHistory) {
          return NextResponse.json(
            {
              error: 'NoHistory',
              message: 'No previous download attempt found to retry',
            },
            { status: 400 }
          );
        }
        // Require a download URL to be able to re-add
        if (!downloadHistory.magnetLink) {
          return NextResponse.json(
            {
              error: 'NoDownloadUrl',
              message: 'No download URL available in history to retry',
            },
            { status: 400 }
          );
        }
        const jobQueue = getJobQueueService();
        let retryPath: 'resumed_monitoring' | 're_added';
        // Determine if we can attempt to resume monitoring.
        // downloadClient is stored as a plain string in the DB (can be 'qbittorrent', 'sabnzbd',
        // 'nzbget', 'transmission', 'deluge', 'direct', or null).
        const rawClientType: string | null = downloadHistory.downloadClient;
        const clientId = downloadHistory.downloadClientId;
        const isDirect = rawClientType === 'direct';
        // Only attempt to query the download client if we have a known DownloadClientType,
        // a clientId, and it is not a direct (HTTP) download.
        const canCheckClient = !isDirect && !!rawClientType && !!clientId;
        // Safe to cast here: we have already confirmed rawClientType is non-null and non-direct
        const clientType = rawClientType as DownloadClientType | null;
        if (canCheckClient) {
          // Try to look up the download in the client
          try {
            const protocol = CLIENT_PROTOCOL_MAP[clientType as DownloadClientType];
            const configService = getConfigService();
            const manager = getDownloadClientManager(configService);
            const client = await manager.getClientServiceForProtocol(protocol);
            if (client) {
              const downloadInfo = await client.getDownload(clientId!);
              if (downloadInfo && ALIVE_STATUSES.has(downloadInfo.status)) {
                // Download is still alive — restart monitoring
                logger.info(`Retry download: resuming monitoring for request ${id}`, {
                  requestId: id,
                  downloadClientId: clientId,
                  downloadStatus: downloadInfo.status,
                  adminId: req.user.sub,
                });
                await jobQueue.addMonitorJob(
                  id,
                  downloadHistory.id,
                  clientId!, // canCheckClient guard ensures clientId is non-null
                  clientType as DownloadClientType,
                  0 // no delay — start immediately
                );
                retryPath = 'resumed_monitoring';
              } else {
                // Download not found or is failed — re-add
                logger.info(`Retry download: download not alive (status: ${downloadInfo?.status ?? 'not found'}), re-adding for request ${id}`, {
                  requestId: id,
                  adminId: req.user.sub,
                });
                await reAddDownload(jobQueue, id, existingRequest.audiobook, downloadHistory);
                retryPath = 're_added';
              }
            } else {
              // No client configured for that protocol — fall through to re-add
              logger.warn(`Retry download: no ${protocol} client configured, re-adding for request ${id}`, {
                requestId: id,
                adminId: req.user.sub,
              });
              await reAddDownload(jobQueue, id, existingRequest.audiobook, downloadHistory);
              retryPath = 're_added';
            }
          } catch (clientError) {
            // Client lookup failed (connection error etc.) — re-add to be safe
            logger.warn(`Retry download: client check failed, re-adding for request ${id}`, {
              requestId: id,
              error: clientError instanceof Error ? clientError.message : String(clientError),
              adminId: req.user.sub,
            });
            await reAddDownload(jobQueue, id, existingRequest.audiobook, downloadHistory);
            retryPath = 're_added';
          }
        } else {
          // Direct download (ebook), no clientId, or no clientType — re-add
          logger.info(`Retry download: re-adding for request ${id} (direct=${isDirect}, hasClientId=${!!clientId})`, {
            requestId: id,
            adminId: req.user.sub,
          });
          await reAddDownload(jobQueue, id, existingRequest.audiobook, downloadHistory);
          retryPath = 're_added';
        }
        // Increment downloadAttempts, clear errorMessage, set status to downloading
        await prisma.request.update({
          where: { id },
          data: {
            status: 'downloading',
            errorMessage: null,
            downloadAttempts: { increment: 1 },
            updatedAt: new Date(),
          },
        });
        const message =
          retryPath === 'resumed_monitoring'
            ? 'Download monitoring resumed'
            : 'Download re-added to client';
        logger.info(`Retry download completed for request ${id} via ${retryPath}`, {
          requestId: id,
          adminId: req.user.sub,
          path: retryPath,
        });
        return NextResponse.json({
          success: true,
          message,
          path: retryPath,
        });
      } catch (error) {
        logger.error('Failed to retry download', {
          error: error instanceof Error ? error.message : String(error),
        });
        return NextResponse.json(
          {
            error: 'RetryError',
            message: 'Failed to retry download',
          },
          { status: 500 }
        );
      }
    });
  });
 }
 /**
 * Re-add the download to the queue using metadata from DownloadHistory.
 * Reconstructs a TorrentResult from the stored history fields.
 */
 async function reAddDownload(
  jobQueue: ReturnType<typeof getJobQueueService>,
  requestId: string,
  audiobook: { id: string; title: string; author: string },
  history: {
    torrentName: string | null;
    magnetLink: string | null;
    indexerName: string;
    indexerId: number | null;
    torrentSizeBytes: bigint | null;
    seeders: number | null;
    leechers: number | null;
    torrentHash: string | null;
    torrentUrl: string | null;
  }
 ): Promise<void> {
  const torrent: TorrentResult = {
    title: history.torrentName ?? audiobook.title,
    downloadUrl: history.magnetLink!, // Validated non-null before calling this function
    indexer: history.indexerName,
    indexerId: history.indexerId ?? undefined,
    size: history.torrentSizeBytes !== null ? Number(history.torrentSizeBytes) : 0,
    seeders: history.seeders ?? undefined,
    leechers: history.leechers ?? undefined,
    infoHash: history.torrentHash ?? undefined,
    infoUrl: history.torrentUrl ?? undefined,
    guid: history.torrentUrl ?? history.magnetLink!,
    publishDate: new Date(), // Not stored; use current date as a safe default
  };
  await jobQueue.addDownloadJob(requestId, audiobook, torrent);
 }
@@ -0,0 +1,133 @@
 /**
 * Component: Admin Custom Search Terms API
 * Documentation: documentation/admin-dashboard.md
 */
 import { NextRequest, NextResponse } from 'next/server';
 import { requireAuth, requireAdmin, AuthenticatedRequest } from '@/lib/middleware/auth';
 import { prisma } from '@/lib/db';
 import { RMABLogger } from '@/lib/utils/logger';
 const logger = RMABLogger.create('API.Admin.SearchTerms');
 /**
 * PATCH /api/admin/requests/[id]/search-terms
 * Update custom search terms for a request (admin only)
 * Body: { searchTerms: string | null, triggerSearch?: boolean }
 */
 export async function PATCH(
  request: NextRequest,
  { params }: { params: Promise<{ id: string }> }
 ) {
  return requireAuth(request, async (req: AuthenticatedRequest) => {
    return requireAdmin(req, async () => {
      try {
        if (!req.user) {
          return NextResponse.json(
            { error: 'Unauthorized', message: 'User not authenticated' },
            { status: 401 }
          );
        }
        const { id } = await params;
        // Parse body
        let body;
        try {
          body = await req.json();
        } catch {
          return NextResponse.json(
            { error: 'BadRequest', message: 'Invalid JSON body' },
            { status: 400 }
          );
        }
        const { searchTerms, triggerSearch } = body;
        // Validate searchTerms is string or null
        if (searchTerms !== null && searchTerms !== undefined && typeof searchTerms !== 'string') {
          return NextResponse.json(
            { error: 'BadRequest', message: 'searchTerms must be a string or null' },
            { status: 400 }
          );
        }
        // Trim and normalize
        const normalizedTerms = typeof searchTerms === 'string' ? searchTerms.trim() || null : null;
        // Find the request
        const existingRequest = await prisma.request.findUnique({
          where: { id },
          include: {
            audiobook: {
              select: { id: true, title: true, author: true, audibleAsin: true },
            },
          },
        });
        if (!existingRequest || existingRequest.deletedAt) {
          return NextResponse.json(
            { error: 'NotFound', message: 'Request not found' },
            { status: 404 }
          );
        }
        // Update custom search terms
        await prisma.request.update({
          where: { id },
          data: {
            customSearchTerms: normalizedTerms,
            updatedAt: new Date(),
          },
        });
        logger.info(`Custom search terms ${normalizedTerms ? 'set' : 'cleared'} for request ${id}`, {
          requestId: id,
          customSearchTerms: normalizedTerms,
          adminId: req.user.id,
        });
        // Optionally trigger a new search
        let searchTriggered = false;
        if (triggerSearch && ['pending', 'failed', 'awaiting_search'].includes(existingRequest.status)) {
          // Reset status to pending and clear error
          await prisma.request.update({
            where: { id },
            data: {
              status: 'pending',
              errorMessage: null,
              updatedAt: new Date(),
            },
          });
          // Queue search job
          const { getJobQueueService } = await import('@/lib/services/job-queue.service');
          const jobQueue = getJobQueueService();
          await jobQueue.addSearchJob(id, {
            id: existingRequest.audiobook.id,
            title: existingRequest.audiobook.title,
            author: existingRequest.audiobook.author,
            asin: existingRequest.audiobook.audibleAsin || undefined,
          });
          searchTriggered = true;
          logger.info(`Search triggered for request ${id} with custom terms`, { requestId: id });
        }
        return NextResponse.json({
          success: true,
          customSearchTerms: normalizedTerms,
          searchTriggered,
        });
      } catch (error) {
        logger.error('Failed to update search terms', {
          error: error instanceof Error ? error.message : String(error),
        });
        return NextResponse.json(
          { error: 'ServerError', message: 'Failed to update search terms' },
          { status: 500 }
        );
      }
    });
  });
 }
@@ -139,6 +139,8 @@ export async function GET(request: NextRequest) {
          completedAt: request.completedAt,
          errorMessage: request.errorMessage,
          torrentUrl: request.downloadHistory[0]?.torrentUrl || null,
          downloadAttempts: request.downloadAttempts,
          customSearchTerms: request.customSearchTerms || null,
        }));
        return NextResponse.json({
@@ -0,0 +1,91 @@
 /**
 * Component: Admin Download Access Settings API
 * Documentation: documentation/settings-pages.md
 */
 import { NextRequest, NextResponse } from 'next/server';
 import { requireAuth, requireAdmin, AuthenticatedRequest } from '@/lib/middleware/auth';
 import { prisma } from '@/lib/db';
 import { RMABLogger } from '@/lib/utils/logger';
 const logger = RMABLogger.create('API.Admin.Settings.DownloadAccess');
 const CONFIG_KEY = 'download_access';
 /**
 * GET /api/admin/settings/download-access
 * Get current global download access setting
 */
 export async function GET(request: NextRequest) {
  return requireAuth(request, async (req: AuthenticatedRequest) => {
    return requireAdmin(req, async () => {
      try {
        const config = await prisma.configuration.findUnique({
          where: { key: CONFIG_KEY },
        });
        // Default to true if not configured (backward compatibility)
        const downloadAccess = config === null ? true : config.value === 'true';
        return NextResponse.json({ downloadAccess });
      } catch (error) {
        logger.error('Failed to fetch download access setting', {
          error: error instanceof Error ? error.message : String(error)
        });
        return NextResponse.json(
          { error: 'Failed to fetch download access setting' },
          { status: 500 }
        );
      }
    });
  });
 }
 /**
 * PATCH /api/admin/settings/download-access
 * Update global download access setting
 */
 export async function PATCH(request: NextRequest) {
  return requireAuth(request, async (req: AuthenticatedRequest) => {
    return requireAdmin(req, async () => {
      try {
        const body = await request.json();
        const { downloadAccess } = body;
        // Validate input
        if (typeof downloadAccess !== 'boolean') {
          return NextResponse.json(
            { error: 'Invalid input. downloadAccess must be a boolean' },
            { status: 400 }
          );
        }
        // Update configuration
        await prisma.configuration.upsert({
          where: { key: CONFIG_KEY },
          create: {
            key: CONFIG_KEY,
            value: downloadAccess.toString(),
          },
          update: {
            value: downloadAccess.toString(),
          },
        });
        logger.info(`Download access setting updated to: ${downloadAccess}`, {
          userId: req.user?.sub,
        });
        return NextResponse.json({ downloadAccess });
      } catch (error) {
        logger.error('Failed to update download access setting', {
          error: error instanceof Error ? error.message : String(error)
        });
        return NextResponse.json(
          { error: 'Failed to update download access setting' },
          { status: 500 }
        );
      }
    });
  });
 }
@@ -38,6 +38,7 @@ export async function PUT(
          localPath,
          category,
          customPath,
          postImportCategory,
        } = body;
        const config = await getConfigService();
@@ -76,6 +77,7 @@ export async function PUT(
          localPath: localPath !== undefined ? localPath : existingClient.localPath,
          category: category !== undefined ? category : existingClient.category,
          customPath: customPath !== undefined ? (customPath || undefined) : existingClient.customPath,
          postImportCategory: postImportCategory !== undefined ? (postImportCategory || undefined) : existingClient.postImportCategory,
        };
        // Validate path mapping if enabled
@@ -0,0 +1,104 @@
 /**
 * Component: Fetch Download Client Categories API
 * Documentation: documentation/phase3/download-clients.md
 */
 import { NextRequest, NextResponse } from 'next/server';
 import { requireAuth, requireAdmin, AuthenticatedRequest } from '@/lib/middleware/auth';
 import { getConfigService } from '@/lib/services/config.service';
 import { getDownloadClientManager, DownloadClientConfig } from '@/lib/services/download-client-manager.service';
 import { SUPPORTED_CLIENT_TYPES } from '@/lib/interfaces/download-client.interface';
 import { RMABLogger } from '@/lib/utils/logger';
 const logger = RMABLogger.create('API.Admin.Settings.DownloadClients.Categories');
 /**
 * POST - Fetch categories from a download client
 * Accepts same connection config as the test endpoint
 */
 export async function POST(request: NextRequest) {
  return requireAuth(request, async (req: AuthenticatedRequest) => {
    return requireAdmin(req, async () => {
      try {
        const body = await request.json();
        const {
          clientId,
          type,
          name: clientName,
          url,
          username,
          password,
          disableSSLVerify,
          remotePathMappingEnabled,
          remotePath,
          localPath,
        } = body;
        if (!SUPPORTED_CLIENT_TYPES.includes(type)) {
          return NextResponse.json(
            { error: `Invalid client type. Must be one of: ${SUPPORTED_CLIENT_TYPES.join(', ')}` },
            { status: 400 }
          );
        }
        if (!url) {
          return NextResponse.json(
            { error: 'URL is required' },
            { status: 400 }
          );
        }
        const config = await getConfigService();
        const manager = getDownloadClientManager(config);
        // If editing and password not provided, use stored password
        let effectivePassword = password;
        let effectiveUsername = username;
        if (clientId && !password) {
          const existingClients = await manager.getAllClients();
          const existingClient = existingClients.find(c => c.id === clientId);
          if (!existingClient) {
            return NextResponse.json(
              { error: 'Client not found' },
              { status: 404 }
            );
          }
          effectivePassword = existingClient.password;
          if (!username && existingClient.username) {
            effectiveUsername = existingClient.username;
          }
        }
        const testConfig: DownloadClientConfig = {
          id: 'categories-fetch',
          type,
          name: clientName || type,
          enabled: true,
          url,
          username: effectiveUsername || '',
          password: effectivePassword || '',
          disableSSLVerify: disableSSLVerify || false,
          remotePathMappingEnabled: remotePathMappingEnabled || false,
          remotePath: remotePath || undefined,
          localPath: localPath || undefined,
          category: 'readmeabook',
        };
        const service = await manager.createClientFromConfig(testConfig);
        const categories = await service.getCategories();
        return NextResponse.json({ success: true, categories });
      } catch (error) {
        const message = error instanceof Error ? error.message : String(error);
        logger.error('Failed to fetch categories', { error: message });
        return NextResponse.json(
          { success: false, error: message },
          { status: 400 }
        );
      }
    });
  });
 }
@@ -63,6 +63,7 @@ export async function POST(request: NextRequest) {
          localPath,
          category,
          customPath,
          postImportCategory,
        } = body;
        // Validate type
@@ -138,6 +139,7 @@ export async function POST(request: NextRequest) {
          localPath: localPath || undefined,
          category: category || 'readmeabook',
          customPath: customPath || undefined,
          postImportCategory: postImportCategory || undefined,
        };
        // Test connection before saving
@@ -15,7 +15,7 @@ export async function PUT(request: NextRequest) {
  return requireAuth(request, async (req: AuthenticatedRequest) => {
    return requireAdmin(req, async () => {
      try {
-        const { downloadDir, mediaDir, audiobookPathTemplate, ebookPathTemplate, metadataTaggingEnabled, chapterMergingEnabled } = await request.json();
+        const { downloadDir, mediaDir, audiobookPathTemplate, ebookPathTemplate, metadataTaggingEnabled, chapterMergingEnabled, fileRenameEnabled, fileRenameTemplate } = await request.json();
        if (!downloadDir || !mediaDir) {
          return NextResponse.json(
@@ -97,6 +97,32 @@ export async function PUT(request: NextRequest) {
          },
        });
        // Update file rename setting
        await prisma.configuration.upsert({
          where: { key: 'file_rename_enabled' },
          update: { value: String(fileRenameEnabled ?? false) },
          create: {
            key: 'file_rename_enabled',
            value: String(fileRenameEnabled ?? false),
            category: 'automation',
            description: 'Rename audio and ebook files using a custom naming template during organization',
          },
        });
        // Update file rename template
        if (fileRenameTemplate !== undefined) {
          await prisma.configuration.upsert({
            where: { key: 'file_rename_template' },
            update: { value: fileRenameTemplate },
            create: {
              key: 'file_rename_template',
              value: fileRenameTemplate,
              category: 'automation',
              description: 'Template for renaming audio and ebook files during organization',
            },
          });
        }
        logger.info('Paths settings updated');
        // Clear config cache for all updated keys so services get fresh values
@@ -107,6 +133,8 @@ export async function PUT(request: NextRequest) {
        configService.clearCache('ebook_path_template');
        configService.clearCache('metadata_tagging_enabled');
        configService.clearCache('chapter_merging_enabled');
        configService.clearCache('file_rename_enabled');
        configService.clearCache('file_rename_template');
        // Invalidate all download client singletons to force reload of download_dir
        const { invalidateDownloadClientManager } = await import('@/lib/services/download-client-manager.service');
@@ -7,6 +7,7 @@ import { NextRequest, NextResponse } from 'next/server';
 import { requireAuth, requireAdmin, AuthenticatedRequest } from '@/lib/middleware/auth';
 import { prisma } from '@/lib/db';
 import { getEncryptionService } from '@/lib/services/encryption.service';
 import { invalidateProwlarrService } from '@/lib/integrations/prowlarr.service';
 import { RMABLogger } from '@/lib/utils/logger';
 const logger = RMABLogger.create('API.Admin.Settings.Prowlarr');
@@ -42,6 +43,9 @@ export async function PUT(request: NextRequest) {
          });
        }
        // Invalidate cached singleton so background jobs use new credentials
        invalidateProwlarrService();
        logger.info('Prowlarr settings updated');
        return NextResponse.json({
@@ -128,6 +128,8 @@ export async function GET(request: NextRequest) {
        ebookPathTemplate: configMap.get('ebook_path_template') || configMap.get('audiobook_path_template') || '{author}/{title} {asin}',
        metadataTaggingEnabled: configMap.get('metadata_tagging_enabled') === 'true',
        chapterMergingEnabled: configMap.get('chapter_merging_enabled') === 'true',
        fileRenameEnabled: configMap.get('file_rename_enabled') === 'true',
        fileRenameTemplate: configMap.get('file_rename_template') || '{title}',
      },
      ebook: {
        // New granular source toggles (with migration from legacy ebook_sidecar_enabled)
@@ -19,7 +19,7 @@ export async function PUT(
      try {
        const { id } = await params;
        const body = await request.json();
-        const { role, autoApproveRequests, interactiveSearchAccess } = body;
+        const { role, autoApproveRequests, interactiveSearchAccess, downloadAccess } = body;
        // Validate role
        if (!role || (role !== 'user' && role !== 'admin')) {
@@ -45,6 +45,14 @@ export async function PUT(
          );
        }
        // Validate downloadAccess (optional)
        if (downloadAccess !== undefined && downloadAccess !== null && typeof downloadAccess !== 'boolean') {
          return NextResponse.json(
            { error: 'Invalid downloadAccess. Must be a boolean or null' },
            { status: 400 }
          );
        }
        // Prevent user from demoting themselves
        if (req.user && id === req.user.sub) {
          return NextResponse.json(
@@ -112,15 +120,24 @@ export async function PUT(
            { status: 400 }
          );
        }
        if (role === 'admin' && downloadAccess === false) {
          return NextResponse.json(
            { error: 'Admins always have download access. Cannot set downloadAccess to false for admin users.' },
            { status: 400 }
          );
        }
        // Prepare update data
-        const updateData: { role: string; autoApproveRequests?: boolean | null; interactiveSearchAccess?: boolean | null } = { role };
+        const updateData: { role: string; autoApproveRequests?: boolean | null; interactiveSearchAccess?: boolean | null; downloadAccess?: boolean | null } = { role };
        if (autoApproveRequests !== undefined) {
          updateData.autoApproveRequests = autoApproveRequests;
        }
        if (interactiveSearchAccess !== undefined) {
          updateData.interactiveSearchAccess = interactiveSearchAccess;
        }
        if (downloadAccess !== undefined) {
          updateData.downloadAccess = downloadAccess;
        }
        // Update user
        const updatedUser = await prisma.user.update({
@@ -132,6 +149,7 @@ export async function PUT(
            role: true,
            autoApproveRequests: true,
            interactiveSearchAccess: true,
            downloadAccess: true,
          },
        });
@@ -32,6 +32,7 @@ export async function GET(request: NextRequest) {
            lastLoginAt: true,
            autoApproveRequests: true,
            interactiveSearchAccess: true,
            downloadAccess: true,
            _count: {
              select: {
                requests: true,
@@ -0,0 +1,70 @@
 /**
 * Component: Audiobook Download Status API Route
 * Documentation: documentation/backend/api.md
 *
 * Returns whether a downloadable file exists for this audiobook (by ASIN).
 * Used by AudiobookDetailsModal to show the download link regardless of context.
 */
 import { NextRequest, NextResponse } from 'next/server';
 import { requireAuth, AuthenticatedRequest } from '@/lib/middleware/auth';
 import { prisma } from '@/lib/db';
 import { COMPLETED_STATUSES } from '@/lib/constants/request-statuses';
 import { resolveDownloadAccess } from '@/lib/utils/permissions';
 /**
 * GET /api/audiobooks/[asin]/download-status
 * Returns { downloadAvailable, requestId } for the current user's completed request.
 */
 export async function GET(
  request: NextRequest,
  { params }: { params: Promise<{ asin: string }> }
 ) {
  return requireAuth(request, async (req: AuthenticatedRequest) => {
    if (!req.user) {
      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
    }
    // Check download permission - if denied, don't reveal file existence
    const userRecord = await prisma.user.findUnique({
      where: { id: req.user.id },
      select: { role: true, downloadAccess: true },
    });
    const hasDownloadAccess = await resolveDownloadAccess(
      userRecord?.role ?? 'user',
      userRecord?.downloadAccess ?? null
    );
    if (!hasDownloadAccess) {
      return NextResponse.json({ downloadAvailable: false, requestId: null });
    }
    const { asin } = await params;
    const audiobook = await prisma.audiobook.findFirst({
      where: { audibleAsin: asin },
      select: { id: true, filePath: true },
    });
    if (!audiobook) {
      return NextResponse.json({ downloadAvailable: false, requestId: null });
    }
    // Find any completed request for this audiobook that has a file
    const completedRequest = await prisma.request.findFirst({
      where: {
        audiobookId: audiobook.id,
        status: { in: [...COMPLETED_STATUSES] },
        deletedAt: null,
      },
      select: { id: true },
      orderBy: { createdAt: 'desc' },
    });
    const downloadAvailable = !!completedRequest && !!audiobook.filePath;
    return NextResponse.json({
      downloadAvailable,
      requestId: downloadAvailable ? completedRequest!.id : null,
    });
  });
 }
@@ -18,6 +18,8 @@ import { findPlexMatch } from '@/lib/utils/audiobook-matcher';
 import { getAudibleService } from '@/lib/integrations/audible.service';
 import { RMABLogger } from '@/lib/utils/logger';
 import { resolveInteractiveSearchAccess } from '@/lib/utils/permissions';
 import { getLanguageForRegion } from '@/lib/constants/language-config';
 import type { AudibleRegion } from '@/lib/types/audible';
 import {
  searchByAsin,
  searchByTitle,
@@ -227,6 +229,11 @@ export async function POST(
      const format = preferredFormat || 'epub';
      const annasBaseUrl = baseUrl || 'https://annas-archive.li';
      // Get language code from Audible region config
      const region = await configService.getAudibleRegion() as AudibleRegion;
      const langConfig = getLanguageForRegion(region);
      const languageCode = langConfig.annasArchiveLang;
      if (!isAnnasArchiveEnabled && !isIndexerSearchEnabled) {
        return NextResponse.json(
          { error: 'No ebook sources enabled. Enable Anna\'s Archive or Indexer Search in settings.' },
@@ -250,7 +257,8 @@ export async function POST(
            audiobook.author,
            format,
            annasBaseUrl,
-            flaresolverrUrl || undefined
+            flaresolverrUrl || undefined,
            languageCode
          ).catch((err) => {
            logger.error(`Anna's Archive search failed: ${err.message}`);
            return null;
@@ -322,7 +330,8 @@ async function searchAnnasArchiveForInteractive(
  author: string,
  preferredFormat: string,
  baseUrl: string,
-  flaresolverrUrl?: string
+  flaresolverrUrl?: string,
  languageCode: string = 'en'
 ): Promise<EbookSearchResult[]> {
  let md5: string | null = null;
  let searchMethod: 'asin' | 'title' = 'title';
@@ -330,7 +339,7 @@ async function searchAnnasArchiveForInteractive(
  // Try ASIN search first
  if (asin) {
    logger.info(`Searching Anna's Archive by ASIN: ${asin}`);
-    md5 = await searchByAsin(asin, preferredFormat, baseUrl, undefined, flaresolverrUrl);
+    md5 = await searchByAsin(asin, preferredFormat, baseUrl, undefined, flaresolverrUrl, languageCode);
    if (md5) {
      searchMethod = 'asin';
      logger.info(`Found via ASIN: ${md5}`);
@@ -340,7 +349,7 @@ async function searchAnnasArchiveForInteractive(
  // Fallback to title search
  if (!md5) {
    logger.info(`Searching Anna's Archive by title: "${title}"`);
-    md5 = await searchByTitle(title, author, preferredFormat, baseUrl, undefined, flaresolverrUrl);
+    md5 = await searchByTitle(title, author, preferredFormat, baseUrl, undefined, flaresolverrUrl, languageCode);
    if (md5) {
      logger.info(`Found via title: ${md5}`);
    }
@@ -461,6 +470,10 @@ async function searchIndexersForInteractive(
    return [];
  }
  // Get language-specific stop words for ranking
  const rankRegion = await configService.getAudibleRegion() as AudibleRegion;
  const rankLangConfig = getLanguageForRegion(rankRegion);
  // Rank results with ebook scoring
  const rankedResults = rankEbookTorrents(allResults, {
    title,
@@ -470,6 +483,8 @@ async function searchIndexersForInteractive(
    indexerPriorities,
    flagConfigs,
    requireAuthor: false,
    stopWords: rankLangConfig.stopWords,
    characterReplacements: rankLangConfig.characterReplacements,
  });
  // Convert to unified result type
@@ -0,0 +1,69 @@
 /**
 * Component: Report Issue API
 * Documentation: documentation/backend/services/reported-issues.md
 */
 import { NextRequest, NextResponse } from 'next/server';
 import { requireAuth, AuthenticatedRequest } from '@/lib/middleware/auth';
 import { reportIssue, ReportedIssueError } from '@/lib/services/reported-issue.service';
 import { z } from 'zod';
 import { RMABLogger } from '@/lib/utils/logger';
 const logger = RMABLogger.create('API.ReportIssue');
 const ReportIssueSchema = z.object({
  reason: z.string().min(1, 'Reason is required').max(250, 'Reason must be 250 characters or less'),
  title: z.string().optional(),
  author: z.string().optional(),
  coverArtUrl: z.string().optional(),
 });
 /**
 * POST /api/audiobooks/[asin]/report-issue
 * Report an issue with an available audiobook
 */
 export async function POST(
  request: NextRequest,
  { params }: { params: Promise<{ asin: string }> }
 ) {
  return requireAuth(request, async (req: AuthenticatedRequest) => {
    try {
      if (!req.user) {
        return NextResponse.json(
          { error: 'Unauthorized', message: 'User not authenticated' },
          { status: 401 }
        );
      }
      const { asin } = await params;
      const body = await req.json();
      const { reason, title, author, coverArtUrl } = ReportIssueSchema.parse(body);
      const issue = await reportIssue(asin, req.user.id, reason, { title, author, coverArtUrl });
      return NextResponse.json({ success: true, issue }, { status: 201 });
    } catch (error) {
      if (error instanceof z.ZodError) {
        return NextResponse.json(
          { error: 'ValidationError', details: error.errors },
          { status: 400 }
        );
      }
      if (error instanceof ReportedIssueError) {
        return NextResponse.json(
          { error: 'ReportIssueError', message: error.message },
          { status: error.statusCode }
        );
      }
      logger.error('Failed to report issue', {
        error: error instanceof Error ? error.message : String(error),
      });
      return NextResponse.json(
        { error: 'ServerError', message: 'Failed to report issue' },
        { status: 500 }
      );
    }
  });
 }
@@ -46,6 +46,7 @@ export async function GET(
    return NextResponse.json({
      success: true,
      audiobook,
      audibleBaseUrl: audibleService.getBaseUrl(),
    });
  } catch (error) {
    logger.error('Failed to get audiobook details', { error: error instanceof Error ? error.message : String(error) });
@@ -7,7 +7,7 @@
 import { NextRequest, NextResponse } from 'next/server';
 import { prisma } from '@/lib/db';
-import { enrichAudiobooksWithMatches } from '@/lib/utils/audiobook-matcher';
+import { enrichAudiobooksWithMatches, getAvailableAsins } from '@/lib/utils/audiobook-matcher';
 import { getCurrentUser } from '@/lib/middleware/auth';
 import { RMABLogger } from '@/lib/utils/logger';
@@ -24,6 +24,7 @@ export async function GET(request: NextRequest) {
    const searchParams = request.nextUrl.searchParams;
    const page = parseInt(searchParams.get('page') || '1', 10);
    const limit = parseInt(searchParams.get('limit') || '20', 10);
    const hideAvailable = searchParams.get('hideAvailable') === 'true';
    // Validate pagination parameters
    if (page < 1 || limit < 1 || limit > 100) {
@@ -38,12 +39,22 @@ export async function GET(request: NextRequest) {
    const skip = (page - 1) * limit;
    // When hideAvailable is enabled, exclude ASINs that are in the library or have completed requests
    let excludedAsins: string[] = [];
    if (hideAvailable) {
      const availableSet = await getAvailableAsins();
      excludedAsins = [...availableSet];
    }
    const whereClause = {
      isNewRelease: true,
      ...(excludedAsins.length > 0 ? { asin: { notIn: excludedAsins } } : {}),
    };
    // Query audible_cache for new release audiobooks
    const [audiobooks, totalCount] = await Promise.all([
      prisma.audibleCache.findMany({
-        where: {
+        where: whereClause,
          isNewRelease: true,
        },
        orderBy: {
          newReleaseRank: 'asc',
        },
@@ -66,9 +77,7 @@ export async function GET(request: NextRequest) {
        },
      }),
      prisma.audibleCache.count({
-        where: {
+        where: whereClause,
          isNewRelease: true,
        },
      }),
    ]);
@@ -7,7 +7,7 @@
 import { NextRequest, NextResponse } from 'next/server';
 import { prisma } from '@/lib/db';
-import { enrichAudiobooksWithMatches } from '@/lib/utils/audiobook-matcher';
+import { enrichAudiobooksWithMatches, getAvailableAsins } from '@/lib/utils/audiobook-matcher';
 import { getCurrentUser } from '@/lib/middleware/auth';
 import { RMABLogger } from '@/lib/utils/logger';
@@ -24,6 +24,7 @@ export async function GET(request: NextRequest) {
    const searchParams = request.nextUrl.searchParams;
    const page = parseInt(searchParams.get('page') || '1', 10);
    const limit = parseInt(searchParams.get('limit') || '20', 10);
    const hideAvailable = searchParams.get('hideAvailable') === 'true';
    // Validate pagination parameters
    if (page < 1 || limit < 1 || limit > 100) {
@@ -38,12 +39,22 @@ export async function GET(request: NextRequest) {
    const skip = (page - 1) * limit;
    // When hideAvailable is enabled, exclude ASINs that are in the library or have completed requests
    let excludedAsins: string[] = [];
    if (hideAvailable) {
      const availableSet = await getAvailableAsins();
      excludedAsins = [...availableSet];
    }
    const whereClause = {
      isPopular: true,
      ...(excludedAsins.length > 0 ? { asin: { notIn: excludedAsins } } : {}),
    };
    // Query audible_cache for popular audiobooks
    const [audiobooks, totalCount] = await Promise.all([
      prisma.audibleCache.findMany({
-        where: {
+        where: whereClause,
          isPopular: true,
        },
        orderBy: {
          popularRank: 'asc',
        },
@@ -66,9 +77,7 @@ export async function GET(request: NextRequest) {
        },
      }),
      prisma.audibleCache.count({
-        where: {
+        where: whereClause,
          isPopular: true,
        },
      }),
    ]);
@@ -10,6 +10,8 @@ import { requireAuth, AuthenticatedRequest } from '@/lib/middleware/auth';
 import { getProwlarrService } from '@/lib/integrations/prowlarr.service';
 import { rankTorrents } from '@/lib/utils/ranking-algorithm';
 import { groupIndexersByCategories, getGroupDescription } from '@/lib/utils/indexer-grouping';
 import { getLanguageForRegion } from '@/lib/constants/language-config';
 import type { AudibleRegion } from '@/lib/types/audible';
 import { z } from 'zod';
 import { RMABLogger } from '@/lib/utils/logger';
@@ -86,7 +88,6 @@ export async function POST(request: NextRequest) {
      // Search Prowlarr for each group and combine results
      const prowlarr = await getProwlarrService();
      const searchQuery = title; // Title only - cast wide net
      const allResults = [];
      for (let i = 0; i < groups.length; i++) {
@@ -94,7 +95,7 @@ export async function POST(request: NextRequest) {
        logger.debug(`Searching group ${i + 1}/${groups.length}: ${getGroupDescription(group)}`);
        try {
-          const groupResults = await prowlarr.search(searchQuery, {
+          const groupResults = await prowlarr.searchWithVariations(title, author, {
            categories: group.categories,
            indexerIds: group.indexerIds,
            maxResults: 100, // Limit per group
@@ -141,13 +142,19 @@ export async function POST(request: NextRequest) {
        logger.info(`Will filter ${belowThreshold.length} results < ${sizeMBThreshold} MB (likely ebooks)`);
      }
      // Get language-specific stop words for ranking
      const region = await configService.getAudibleRegion() as AudibleRegion;
      const langConfig = getLanguageForRegion(region);
      // Rank torrents using the ranking algorithm with indexer priorities and flag configs
      // Note: rankTorrents now filters out results < 20 MB internally
      // requireAuthor: false - interactive search, show all results for user decision
      const rankedResults = rankTorrents(results, { title, author, durationMinutes }, {
        indexerPriorities,
        flagConfigs,
-        requireAuthor: false  // Interactive mode - let user decide
+        requireAuthor: false,  // Interactive mode - let user decide
        stopWords: langConfig.stopWords,
        characterReplacements: langConfig.characterReplacements,
      });
      // Log filter results
@@ -6,6 +6,8 @@
 import { NextRequest, NextResponse } from 'next/server';
 import { getAudibleService } from '@/lib/integrations/audible.service';
 import { enrichAudiobooksWithMatches } from '@/lib/utils/audiobook-matcher';
 import { deduplicateAndCollectGroups } from '@/lib/utils/deduplicate-audiobooks';
 import { persistDedupGroups } from '@/lib/services/works.service';
 import { getCurrentUser } from '@/lib/middleware/auth';
 import { RMABLogger } from '@/lib/utils/logger';
@@ -38,14 +40,22 @@ export async function GET(request: NextRequest) {
    const currentUser = getCurrentUser(request);
    const userId = currentUser?.sub || undefined;
    // Deduplicate before enrichment to avoid wasted DB queries on duplicate entries
    const { books: dedupedResults, groups } = deduplicateAndCollectGroups(results.results);
    // Fire-and-forget: persist dedup groups to works table for cross-ASIN matching
    if (groups.length > 0) {
      persistDedupGroups(groups).catch(() => {});
    }
    // Enrich search results with availability and request status information
-    const enrichedResults = await enrichAudiobooksWithMatches(results.results, userId);
+    const enrichedResults = await enrichAudiobooksWithMatches(dedupedResults, userId);
    return NextResponse.json({
      success: true,
      query: results.query,
      results: enrichedResults,
-      totalResults: results.totalResults,
+      totalResults: enrichedResults.length,
      page: results.page,
      hasMore: results.hasMore,
    });
@@ -38,9 +38,11 @@ export async function POST(request: NextRequest) {
      );
    }
    const normalizedUsername = username.trim().toLowerCase();
    // Find user by local admin identifier
    const user = await prisma.user.findUnique({
-      where: { plexId: `local-${username}` },
+      where: { plexId: `local-${normalizedUsername}` },
    });
    if (!user) {
@@ -39,7 +39,8 @@ export async function POST(request: NextRequest) {
      }
      // Validate new password length
-      if (newPassword.length < 8) {
+      const allowWeakPassword = process.env.ALLOW_WEAK_PASSWORD === 'true';
      if (!allowWeakPassword && newPassword.length < 8) {
        return NextResponse.json(
          {
            success: false,
@@ -39,6 +39,7 @@ export async function GET(request: NextRequest) {
        createdAt: true,
        lastLoginAt: true,
        interactiveSearchAccess: true,
        downloadAccess: true,
      },
    });
@@ -63,6 +64,13 @@ export async function GET(request: NextRequest) {
      globalInteractiveSearch
    );
    const globalDownload = await getGlobalBooleanSetting('download_access', true);
    const effectiveDownload = resolvePermission(
      user.role,
      user.downloadAccess,
      globalDownload
    );
    return NextResponse.json({
      user: {
        id: user.id,
@@ -77,6 +85,7 @@ export async function GET(request: NextRequest) {
        lastLoginAt: user.lastLoginAt,
        permissions: {
          interactiveSearch: effectiveInteractiveSearch,
          download: effectiveDownload,
        },
      },
    });
@@ -18,6 +18,9 @@ export async function GET() {
    // Check if local login is disabled via environment variable
    const localLoginDisabled = process.env.DISABLE_LOCAL_LOGIN === 'true';
    // Check if weak passwords are allowed via environment variable
    const allowWeakPassword = process.env.ALLOW_WEAK_PASSWORD === 'true';
    // Check if automation (Phase 3) is configured by checking for Prowlarr/indexer config
    const indexerType = await configService.get('indexer.type');
    const prowlarrUrl = await configService.get('indexer.prowlarr_url');
@@ -47,6 +50,7 @@ export async function GET() {
        hasLocalUsers,
        oidcProviderName: oidcEnabled ? oidcProviderName : null,
        localLoginDisabled,
        allowWeakPassword,
        automationEnabled,
      });
    } else {
@@ -65,6 +69,7 @@ export async function GET() {
        hasLocalUsers,
        oidcProviderName: null,
        localLoginDisabled,
        allowWeakPassword,
        automationEnabled,
      });
    }
@@ -72,6 +77,7 @@ export async function GET() {
    logger.error('Failed to fetch auth providers', { error: error instanceof Error ? error.message : String(error) });
    // Default to Plex mode if config can't be read
    const localLoginDisabled = process.env.DISABLE_LOCAL_LOGIN === 'true';
    const allowWeakPassword = process.env.ALLOW_WEAK_PASSWORD === 'true';
    return NextResponse.json({
      backendMode: 'plex',
      providers: ['plex'],
@@ -79,6 +85,7 @@ export async function GET() {
      hasLocalUsers: false,
      oidcProviderName: null,
      localLoginDisabled,
      allowWeakPassword,
      automationEnabled: false,
    });
  }
@@ -0,0 +1,88 @@
 /**
 * Component: Author Books API Route
 * Documentation: documentation/integrations/audible.md
 */
 import { NextRequest, NextResponse } from 'next/server';
 import { getAudibleService } from '@/lib/integrations/audible.service';
 import { enrichAudiobooksWithMatches } from '@/lib/utils/audiobook-matcher';
 import { deduplicateAndCollectGroups } from '@/lib/utils/deduplicate-audiobooks';
 import { persistDedupGroups } from '@/lib/services/works.service';
 import { getCurrentUser } from '@/lib/middleware/auth';
 import { RMABLogger } from '@/lib/utils/logger';
 const logger = RMABLogger.create('API.Authors.Books');
 /**
 * GET /api/authors/{asin}/books?name=Author+Name
 * Scrape Audible for all books by this author, filtered by ASIN and English language.
 * Enriched with library availability and request status.
 */
 export async function GET(
  request: NextRequest,
  { params }: { params: Promise<{ asin: string }> }
 ) {
  try {
    const currentUser = getCurrentUser(request);
    if (!currentUser) {
      return NextResponse.json(
        { error: 'Unauthorized', message: 'Authentication required' },
        { status: 401 }
      );
    }
    const { asin } = await params;
    const authorName = request.nextUrl.searchParams.get('name');
    if (!asin || !/^[A-Z0-9]{10}$/.test(asin)) {
      return NextResponse.json(
        { error: 'ValidationError', message: 'Valid author ASIN is required' },
        { status: 400 }
      );
    }
    if (!authorName || authorName.trim().length === 0) {
      return NextResponse.json(
        { error: 'ValidationError', message: 'Author name is required' },
        { status: 400 }
      );
    }
    const page = parseInt(request.nextUrl.searchParams.get('page') || '1', 10);
    logger.info(`Fetching books for author "${authorName}" (ASIN: ${asin}), page ${page}`);
    const audibleService = getAudibleService();
    const result = await audibleService.searchByAuthorAsin(authorName.trim(), asin, page);
    // Deduplicate before enrichment to avoid wasted DB queries on duplicate entries
    const { books: dedupedBooks, groups } = deduplicateAndCollectGroups(result.books);
    // Fire-and-forget: persist dedup groups to works table for cross-ASIN matching
    if (groups.length > 0) {
      persistDedupGroups(groups).catch(() => {});
    }
    // Enrich with library availability and request status
    const userId = currentUser.sub || undefined;
    const enrichedBooks = await enrichAudiobooksWithMatches(dedupedBooks, userId);
    logger.info(`Author books complete: "${authorName}" → ${enrichedBooks.length} books (page ${page})`);
    return NextResponse.json({
      success: true,
      books: enrichedBooks,
      authorName: authorName.trim(),
      authorAsin: asin,
      totalBooks: enrichedBooks.length,
      hasMore: result.hasMore,
      page: result.page,
    });
  } catch (error) {
    logger.error('Failed to fetch author books', { error: error instanceof Error ? error.message : String(error) });
    return NextResponse.json(
      { error: 'FetchError', message: 'Failed to fetch author books' },
      { status: 500 }
    );
  }
 }
@@ -0,0 +1,94 @@
 /**
 * Component: Author Detail API Route
 * Documentation: documentation/integrations/audible.md
 */
 import { NextRequest, NextResponse } from 'next/server';
 import { getCurrentUser } from '@/lib/middleware/auth';
 import { getConfigService } from '@/lib/services/config.service';
 import { AUDIBLE_REGIONS, DEFAULT_AUDIBLE_REGION, AudibleRegion } from '@/lib/types/audible';
 import { RMABLogger } from '@/lib/utils/logger';
 import {
  AudnexusAuthorDetail,
  fetchAuthorDetail,
 } from '@/lib/integrations/audnexus-authors';
 const logger = RMABLogger.create('API.Authors.Detail');
 const SIMILAR_AUTHORS_LIMIT = 15;
 /**
 * GET /api/authors/{asin}
 * Fetch author detail from Audnexus with enriched similar author images
 */
 export async function GET(
  request: NextRequest,
  { params }: { params: Promise<{ asin: string }> }
 ) {
  try {
    const currentUser = getCurrentUser(request);
    if (!currentUser) {
      return NextResponse.json(
        { error: 'Unauthorized', message: 'Authentication required' },
        { status: 401 }
      );
    }
    const { asin } = await params;
    if (!asin || !/^[A-Z0-9]{10}$/.test(asin)) {
      return NextResponse.json(
        { error: 'ValidationError', message: 'Valid author ASIN is required' },
        { status: 400 }
      );
    }
    const configService = getConfigService();
    const audibleRegion: AudibleRegion = await configService.getAudibleRegion();
    const regionConfig = AUDIBLE_REGIONS[audibleRegion] || AUDIBLE_REGIONS[DEFAULT_AUDIBLE_REGION];
    const region = regionConfig.audnexusParam;
    logger.info(`Fetching author detail: ${asin} (region: ${region})`);
    // Fetch the primary author detail
    const detail = await fetchAuthorDetail(asin, region);
    if (!detail) {
      return NextResponse.json(
        { error: 'NotFound', message: 'Author not found' },
        { status: 404 }
      );
    }
    // Fetch images for similar authors in parallel (capped)
    const similarSlice = (detail.similar || []).slice(0, SIMILAR_AUTHORS_LIMIT);
    const similarDetails = await Promise.all(
      similarSlice.map(s => fetchAuthorDetail(s.asin, region))
    );
    const similarAuthors = similarSlice.map((s, i) => ({
      asin: s.asin,
      name: s.name,
      image: similarDetails[i]?.image || undefined,
    }));
    const author = {
      asin: detail.asin,
      name: detail.name,
      description: detail.description || undefined,
      image: detail.image || undefined,
      genres: detail.genres?.map(g => g.name) || [],
      similar: similarAuthors,
      audibleUrl: `${regionConfig.baseUrl}/author/${asin}`,
    };
    logger.info(`Author detail complete: "${detail.name}" (${similarAuthors.length} similar authors)`);
    return NextResponse.json({ success: true, author });
  } catch (error) {
    logger.error('Failed to fetch author detail', { error: error instanceof Error ? error.message : String(error) });
    return NextResponse.json(
      { error: 'FetchError', message: 'Failed to fetch author details' },
      { status: 500 }
    );
  }
 }
@@ -0,0 +1,91 @@
 /**
 * Component: Author Search API Route
 * Documentation: documentation/integrations/audible.md
 */
 import { NextRequest, NextResponse } from 'next/server';
 import { getCurrentUser } from '@/lib/middleware/auth';
 import { getConfigService } from '@/lib/services/config.service';
 import { AUDIBLE_REGIONS, DEFAULT_AUDIBLE_REGION, AudibleRegion } from '@/lib/types/audible';
 import { RMABLogger } from '@/lib/utils/logger';
 import {
  AudnexusAuthorDetail,
  searchAuthors,
  fetchAuthorDetail,
 } from '@/lib/integrations/audnexus-authors';
 const logger = RMABLogger.create('API.Authors.Search');
 /**
 * GET /api/authors/search?name=Brandon Sanderson
 * Search for authors on Audnexus, deduplicate, and return enriched details
 */
 export async function GET(request: NextRequest) {
  try {
    // Require authentication
    const currentUser = getCurrentUser(request);
    if (!currentUser) {
      return NextResponse.json(
        { error: 'Unauthorized', message: 'Authentication required' },
        { status: 401 }
      );
    }
    const name = request.nextUrl.searchParams.get('name');
    if (!name || name.trim().length === 0) {
      return NextResponse.json(
        { error: 'ValidationError', message: 'Author name is required' },
        { status: 400 }
      );
    }
    // Get configured Audible region
    const configService = getConfigService();
    const audibleRegion: AudibleRegion = await configService.getAudibleRegion();
    const region = AUDIBLE_REGIONS[audibleRegion]?.audnexusParam || AUDIBLE_REGIONS[DEFAULT_AUDIBLE_REGION].audnexusParam;
    logger.info(`Searching authors: "${name}" (region: ${region})`);
    // Step 1: Search for authors (returns list with potential duplicates)
    const searchResults = await searchAuthors(name.trim(), region);
    if (searchResults.length === 0) {
      return NextResponse.json({
        success: true,
        authors: [],
        query: name.trim(),
      });
    }
    // Step 2: Fetch details for all unique authors in parallel
    const detailPromises = searchResults.map(author => fetchAuthorDetail(author.asin, region));
    const detailResults = await Promise.all(detailPromises);
    // Step 3: Build enriched results, filtering out any failed fetches
    const authors = detailResults
      .filter((detail): detail is AudnexusAuthorDetail => detail !== null)
      .map(detail => ({
        asin: detail.asin,
        name: detail.name,
        description: detail.description || undefined,
        image: detail.image || undefined,
        genres: detail.genres?.map(g => g.name).slice(0, 3) || [],
        similarCount: detail.similar?.length || 0,
      }));
    logger.info(`Author search complete: "${name}" → ${authors.length} results`);
    return NextResponse.json({
      success: true,
      authors,
      query: name.trim(),
    });
  } catch (error) {
    logger.error('Failed to search authors', { error: error instanceof Error ? error.message : String(error) });
    return NextResponse.json(
      { error: 'SearchError', message: 'Failed to search authors' },
      { status: 500 }
    );
  }
 }
@@ -59,9 +59,9 @@ async function saveConfig(req: AuthenticatedRequest) {
      );
    }
-    if (!['openai', 'claude', 'custom'].includes(provider)) {
+    if (!['openai', 'claude', 'custom', 'gemini'].includes(provider)) {
      return NextResponse.json(
-        { error: 'Invalid provider. Must be "openai", "claude", or "custom"' },
+        { error: 'Invalid provider. Must be "openai", "claude", "custom", or "gemini"' },
        { status: 400 }
      );
    }
@@ -107,7 +107,7 @@ async function saveConfig(req: AuthenticatedRequest) {
      // No new API key, use existing one
      encryptedApiKeyToUse = existingConfig.apiKey;
    } else {
-      // API key required for OpenAI/Claude
+      // API key required for OpenAI/Claude/Gemini
      return NextResponse.json(
        { error: 'API key is required' },
        { status: 400 }
@@ -9,6 +9,73 @@ import { RMABLogger } from '@/lib/utils/logger';
 const logger = RMABLogger.create('API.BookDate.TestConnection');
 // Fetch available Claude models from the Anthropic API
 async function fetchClaudeModels(apiKey: string): Promise<{ id: string; name: string }[]> {
  const allModels: { id: string; name: string }[] = [];
  let afterId: string | undefined;
  // Paginate through all available models
  do {
    const params = new URLSearchParams({ limit: '1000' });
    if (afterId) {
      params.set('after_id', afterId);
    }
    const response = await fetch(
      `https://api.anthropic.com/v1/models?${params.toString()}`,
      {
        headers: {
          'x-api-key': apiKey,
          'anthropic-version': '2023-06-01',
        },
      }
    );
    if (!response.ok) {
      const errorText = await response.text();
      logger.error('Claude API error', { error: errorText });
      throw new Error('Invalid Claude API key or connection failed');
    }
    const data = await response.json();
    for (const model of data.data) {
      allModels.push({
        id: model.id,
        name: model.display_name || model.id,
      });
    }
    afterId = data.has_more ? data.last_id : undefined;
  } while (afterId);
  return allModels;
 }
 // Fetch available Gemini models from the Google API
 async function fetchGeminiModels(apiKey: string): Promise<{ id: string; name: string }[]> {
  const response = await fetch(
    'https://generativelanguage.googleapis.com/v1beta/models',
    { headers: { 'x-goog-api-key': apiKey } }
  );
  if (!response.ok) {
    const errorText = await response.text();
    logger.error('Gemini API error', { error: errorText });
    throw new Error('Invalid Gemini API key or connection failed');
  }
  const data = await response.json();
  return (data.models || [])
    .filter((m: any) => m.name?.startsWith('models/gemini-') && m.supportedGenerationMethods?.includes('generateContent'))
    .map((m: any) => ({
      id: m.name.replace('models/', ''),
      name: m.displayName || m.name.replace('models/', ''),
    }))
    .sort((a: any, b: any) => a.name.localeCompare(b.name));
 }
 // Helper functions for custom provider
 function isValidBaseUrl(url: string): boolean {
  try {
@@ -36,9 +103,9 @@ async function authenticatedHandler(req: AuthenticatedRequest) {
      );
    }
-    if (!['openai', 'claude', 'custom'].includes(provider)) {
+    if (!['openai', 'claude', 'custom', 'gemini'].includes(provider)) {
      return NextResponse.json(
-        { error: 'Invalid provider. Must be "openai", "claude", or "custom"' },
+        { error: 'Invalid provider. Must be "openai", "claude", "custom", or "gemini"' },
        { status: 400 }
      );
    }
@@ -141,37 +208,25 @@ async function authenticatedHandler(req: AuthenticatedRequest) {
        .sort((a: any, b: any) => a.name.localeCompare(b.name));
    } else if (provider === 'claude') {
-      // Claude: Hardcoded list (Anthropic doesn't have a public models API endpoint)
+      // Claude: Fetch models dynamically from the Anthropic Models API
-      models = [
+      try {
-        { id: 'claude-sonnet-4-5-20250929', name: 'Claude Sonnet 4.5 (Latest)' },
+        models = await fetchClaudeModels(testApiKey);
-        { id: 'claude-3-7-sonnet-20250219', name: 'Claude 3.7 Sonnet' },
+      } catch {
        { id: 'claude-opus-4-20250514', name: 'Claude Opus 4' },
        { id: 'claude-3-5-haiku-20241022', name: 'Claude 3.5 Haiku' },
      ];
      // Test connection with a simple API call
      const response = await fetch('https://api.anthropic.com/v1/messages', {
        method: 'POST',
        headers: {
          'x-api-key': testApiKey,
          'anthropic-version': '2023-06-01',
          'content-type': 'application/json',
        },
        body: JSON.stringify({
          model: 'claude-3-5-haiku-20241022',
          max_tokens: 10,
          messages: [{ role: 'user', content: 'Test' }],
        }),
      });
      if (!response.ok) {
        const errorText = await response.text();
        logger.error('Claude API error', { error: errorText });
        return NextResponse.json(
          { error: 'Invalid Claude API key or connection failed' },
          { status: 400 }
        );
      }
    } else if (provider === 'gemini') {
      // Gemini: Fetch models dynamically from the Google API
      try {
        models = await fetchGeminiModels(testApiKey);
      } catch {
        return NextResponse.json(
          { error: 'Invalid Gemini API key or connection failed' },
          { status: 400 }
        );
      }
    } else if (provider === 'custom') {
      // Custom: Fetch models from custom OpenAI-compatible endpoint
      const normalizedUrl = normalizeBaseUrl(testBaseUrl);
@@ -270,9 +325,9 @@ async function unauthenticatedHandler(req: NextRequest) {
      );
    }
-    if (!['openai', 'claude', 'custom'].includes(provider)) {
+    if (!['openai', 'claude', 'custom', 'gemini'].includes(provider)) {
      return NextResponse.json(
-        { error: 'Invalid provider. Must be "openai", "claude", or "custom"' },
+        { error: 'Invalid provider. Must be "openai", "claude", "custom", or "gemini"' },
        { status: 400 }
      );
    }
@@ -333,37 +388,25 @@ async function unauthenticatedHandler(req: NextRequest) {
        .sort((a: any, b: any) => a.name.localeCompare(b.name));
    } else if (provider === 'claude') {
-      // Claude: Hardcoded list (Anthropic doesn't have a public models API endpoint)
+      // Claude: Fetch models dynamically from the Anthropic Models API
-      models = [
+      try {
-        { id: 'claude-sonnet-4-5-20250929', name: 'Claude Sonnet 4.5 (Latest)' },
+        models = await fetchClaudeModels(apiKey);
-        { id: 'claude-3-7-sonnet-20250219', name: 'Claude 3.7 Sonnet' },
+      } catch {
        { id: 'claude-opus-4-20250514', name: 'Claude Opus 4' },
        { id: 'claude-3-5-haiku-20241022', name: 'Claude 3.5 Haiku' },
      ];
      // Test connection with a simple API call
      const response = await fetch('https://api.anthropic.com/v1/messages', {
        method: 'POST',
        headers: {
          'x-api-key': apiKey,
          'anthropic-version': '2023-06-01',
          'content-type': 'application/json',
        },
        body: JSON.stringify({
          model: 'claude-3-5-haiku-20241022',
          max_tokens: 10,
          messages: [{ role: 'user', content: 'Test' }],
        }),
      });
      if (!response.ok) {
        const errorText = await response.text();
        logger.error('Claude API error', { error: errorText });
        return NextResponse.json(
          { error: 'Invalid Claude API key or connection failed' },
          { status: 400 }
        );
      }
    } else if (provider === 'gemini') {
      // Gemini: Fetch models dynamically
      try {
        models = await fetchGeminiModels(apiKey);
      } catch {
        return NextResponse.json(
          { error: 'Invalid Gemini API key or connection failed' },
          { status: 400 }
        );
      }
    } else if (provider === 'custom') {
      // Custom: Fetch models from custom OpenAI-compatible endpoint
      const normalizedUrl = normalizeBaseUrl(baseUrl);
@@ -1,38 +0,0 @@
 /**
 * Component: Configuration API Routes (by category)
 * Documentation: documentation/backend/services/config.md
 */
 import { NextRequest, NextResponse } from 'next/server';
 import { getConfigService } from '@/lib/services/config.service';
 import { RMABLogger } from '@/lib/utils/logger';
 const logger = RMABLogger.create('API.Config.Category');
 // GET /api/config/:category - Get all config for a category
 export async function GET(
  request: NextRequest,
  { params }: { params: Promise<{ category: string }> }
 ) {
  try {
    // TODO: Add authentication middleware - admin only
    const { category } = await params;
    const configService = getConfigService();
    const config = await configService.getCategory(category);
    return NextResponse.json({
      category,
      config,
    });
  } catch (error) {
    logger.error('Failed to get config for category', { error: error instanceof Error ? error.message : String(error) });
    return NextResponse.json(
      {
        error: 'Failed to get configuration',
        message: error instanceof Error ? error.message : 'Unknown error',
      },
      { status: 500 }
    );
  }
 }
@@ -1,84 +0,0 @@
 /**
 * Component: Configuration API Routes
 * Documentation: documentation/backend/services/config.md
 */
 import { NextRequest, NextResponse } from 'next/server';
 import { getConfigService, ConfigUpdate } from '@/lib/services/config.service';
 import { z } from 'zod';
 import { RMABLogger } from '@/lib/utils/logger';
 const logger = RMABLogger.create('API.Config');
 const ConfigUpdateSchema = z.object({
  updates: z.array(
    z.object({
      key: z.string(),
      value: z.string(),
      encrypted: z.boolean().optional(),
      category: z.string().optional(),
      description: z.string().optional(),
    })
  ),
 });
 // PUT /api/config - Update multiple configuration values
 export async function PUT(request: NextRequest) {
  try {
    // TODO: Add authentication middleware - admin only
    const body = await request.json();
    const { updates } = ConfigUpdateSchema.parse(body);
    const configService = getConfigService();
    await configService.setMany(updates as ConfigUpdate[]);
    return NextResponse.json({
      success: true,
      updated: updates.length,
    });
  } catch (error) {
    logger.error('Failed to update configuration', { error: error instanceof Error ? error.message : String(error) });
    if (error instanceof z.ZodError) {
      return NextResponse.json(
        {
          error: 'Validation error',
          details: error.errors,
        },
        { status: 400 }
      );
    }
    return NextResponse.json(
      {
        error: 'Failed to update configuration',
        message: error instanceof Error ? error.message : 'Unknown error',
      },
      { status: 500 }
    );
  }
 }
 // GET /api/config - Get all configuration (masked sensitive values)
 export async function GET() {
  try {
    // TODO: Add authentication middleware - admin only
    const configService = getConfigService();
    const allConfig = await configService.getAll();
    return NextResponse.json({
      config: allConfig,
    });
  } catch (error) {
    logger.error('Failed to get all configuration', { error: error instanceof Error ? error.message : String(error) });
    return NextResponse.json(
      {
        error: 'Failed to get configuration',
        message: error instanceof Error ? error.message : 'Unknown error',
      },
      { status: 500 }
    );
  }
 }
@@ -0,0 +1,89 @@
 /**
 * Component: On-Demand Download Token Generator
 * Documentation: documentation/backend/api.md
 */
 import { NextRequest, NextResponse } from 'next/server';
 import { requireAuth, AuthenticatedRequest } from '@/lib/middleware/auth';
 import { prisma } from '@/lib/db';
 import { generateDownloadToken } from '@/lib/utils/jwt';
 import { COMPLETED_STATUSES } from '@/lib/constants/request-statuses';
 import { resolveDownloadAccess } from '@/lib/utils/permissions';
 import { RMABLogger } from '@/lib/utils/logger';
 const logger = RMABLogger.create('API.DownloadToken');
 /**
 * POST /api/requests/[id]/download-token
 * Generate a signed download token on demand (lazy token generation).
 */
 export async function POST(
  request: NextRequest,
  { params }: { params: Promise<{ id: string }> }
 ) {
  return requireAuth(request, async (req: AuthenticatedRequest) => {
    try {
      if (!req.user) {
        return NextResponse.json(
          { error: 'Unauthorized', message: 'User not authenticated' },
          { status: 401 }
        );
      }
      // Check download permission
      const userRecord = await prisma.user.findUnique({
        where: { id: req.user.id },
        select: { role: true, downloadAccess: true },
      });
      const hasDownloadAccess = await resolveDownloadAccess(
        userRecord?.role ?? 'user',
        userRecord?.downloadAccess ?? null
      );
      if (!hasDownloadAccess) {
        return NextResponse.json(
          { error: 'Forbidden', message: 'You do not have download access' },
          { status: 403 }
        );
      }
      const { id } = await params;
      const requestRecord = await prisma.request.findFirst({
        where: { id, deletedAt: null },
        include: { audiobook: true },
      });
      if (!requestRecord) {
        return NextResponse.json(
          { error: 'NotFound', message: 'Request not found' },
          { status: 404 }
        );
      }
      if (!COMPLETED_STATUSES.includes(requestRecord.status as typeof COMPLETED_STATUSES[number])) {
        return NextResponse.json(
          { error: 'BadRequest', message: 'Request is not yet completed' },
          { status: 400 }
        );
      }
      if (!requestRecord.audiobook?.filePath) {
        return NextResponse.json(
          { error: 'NotFound', message: 'No file available for this request' },
          { status: 404 }
        );
      }
      const token = generateDownloadToken(req.user.id, id);
      const downloadUrl = `/api/requests/${id}/download?token=${token}`;
      return NextResponse.json({ downloadUrl });
    } catch (error) {
      logger.error('Failed to generate download token', { error: error instanceof Error ? error.message : String(error) });
      return NextResponse.json(
        { error: 'TokenError', message: 'Failed to generate download token' },
        { status: 500 }
      );
    }
  });
 }
@@ -0,0 +1,152 @@
 /**
 * Component: Request File Download Endpoint
 * Documentation: documentation/backend/api.md
 */
 import { NextRequest, NextResponse } from 'next/server';
 import { prisma } from '@/lib/db';
 import { verifyDownloadToken } from '@/lib/utils/jwt';
 import { RMABLogger } from '@/lib/utils/logger';
 import { AUDIO_EXTENSIONS, EBOOK_EXTENSIONS } from '@/lib/constants/audio-formats';
 import { COMPLETED_STATUSES } from '@/lib/constants/request-statuses';
 import fs from 'fs';
 import path from 'path';
 import archiver from 'archiver';
 import { PassThrough } from 'stream';
 const logger = RMABLogger.create('API.Download');
 function sanitizeFilename(name: string): string {
  return name
    .replace(/[<>:"/\\|?*]/g, '')
    .replace(/\s+/g, ' ')
    .trim()
    .slice(0, 200);
 }
 /**
 * GET /api/requests/[id]/download?token=<JWT>
 * Token-authenticated file download — no session cookie required.
 */
 export async function GET(
  request: NextRequest,
  { params }: { params: Promise<{ id: string }> }
 ) {
  try {
    const { id } = await params;
    const token = request.nextUrl.searchParams.get('token');
    if (!token) {
      return NextResponse.json({ error: 'Unauthorized', message: 'Missing download token' }, { status: 401 });
    }
    const payload = verifyDownloadToken(token);
    if (!payload) {
      return NextResponse.json({ error: 'Unauthorized', message: 'Invalid or expired download token' }, { status: 401 });
    }
    if (payload.requestId !== id) {
      return NextResponse.json({ error: 'Unauthorized', message: 'Token does not match request' }, { status: 401 });
    }
    const requestRecord = await prisma.request.findFirst({
      where: { id, deletedAt: null },
      include: { audiobook: true },
    });
    if (!requestRecord) {
      return NextResponse.json({ error: 'NotFound', message: 'Request not found' }, { status: 404 });
    }
    if (!COMPLETED_STATUSES.includes(requestRecord.status as typeof COMPLETED_STATUSES[number])) {
      return NextResponse.json({ error: 'BadRequest', message: 'Request is not yet completed' }, { status: 400 });
    }
    if (!requestRecord.audiobook?.filePath) {
      return NextResponse.json({ error: 'NotFound', message: 'No file path available for this request' }, { status: 404 });
    }
    const resolvedDir = path.resolve(requestRecord.audiobook.filePath);
    if (!fs.existsSync(resolvedDir)) {
      logger.error('Download directory does not exist', { path: resolvedDir });
      return NextResponse.json({ error: 'NotFound', message: 'File directory not found on disk' }, { status: 404 });
    }
    const requestType = requestRecord.type || 'audiobook';
    const allowedExtensions: readonly string[] = requestType === 'ebook' ? EBOOK_EXTENSIONS : AUDIO_EXTENSIONS;
    const allEntries = fs.readdirSync(resolvedDir);
    const matchingFiles = allEntries
      .filter(name => allowedExtensions.includes(path.extname(name).toLowerCase()))
      .map(name => path.join(resolvedDir, name));
    if (matchingFiles.length === 0) {
      return NextResponse.json({ error: 'NotFound', message: 'No matching files found in directory' }, { status: 404 });
    }
    const sanitizedTitle = sanitizeFilename(requestRecord.audiobook.title || 'download');
    if (matchingFiles.length === 1) {
      const filePath = matchingFiles[0];
      const ext = path.extname(filePath);
      const stat = fs.statSync(filePath);
      const fileStream = fs.createReadStream(filePath);
      const readableStream = new ReadableStream({
        start(controller) {
          fileStream.on('data', chunk => controller.enqueue(chunk));
          fileStream.on('end', () => controller.close());
          fileStream.on('error', err => {
            logger.error('File stream error', { error: err.message });
            controller.error(err);
          });
        },
        cancel() {
          fileStream.destroy();
        },
      });
      return new NextResponse(readableStream, {
        headers: {
          'Content-Type': 'application/octet-stream',
          'Content-Disposition': `attachment; filename="${sanitizedTitle}${ext}"`,
          'Content-Length': String(stat.size),
        },
      });
    }
    // Multiple files — stream zip via archiver (avoids loading all files into memory)
    const passThrough = new PassThrough();
    const archive = archiver('zip', { zlib: { level: 6 } });
    archive.pipe(passThrough);
    for (const filePath of matchingFiles) {
      archive.file(filePath, { name: path.basename(filePath) });
    }
    archive.finalize();
    const zipReadable = new ReadableStream({
      start(controller) {
        passThrough.on('data', chunk => controller.enqueue(new Uint8Array(chunk)));
        passThrough.on('end', () => controller.close());
        passThrough.on('error', err => {
          logger.error('Zip stream error', { error: err.message });
          controller.error(err);
        });
      },
      cancel() {
        archive.abort();
      },
    });
    return new NextResponse(zipReadable, {
      headers: {
        'Content-Type': 'application/zip',
        'Content-Disposition': `attachment; filename="${sanitizedTitle}.zip"`,
      },
    });
  } catch (error) {
    logger.error('Download failed', { error: error instanceof Error ? error.message : String(error) });
    return NextResponse.json({ error: 'DownloadError', message: 'Failed to serve file' }, { status: 500 });
  }
 }
@@ -14,6 +14,8 @@ import { getProwlarrService } from '@/lib/integrations/prowlarr.service';
 import { rankEbookTorrents, RankedEbookTorrent } from '@/lib/utils/ranking-algorithm';
 import { groupIndexersByCategories, getGroupDescription } from '@/lib/utils/indexer-grouping';
 import { RMABLogger } from '@/lib/utils/logger';
 import { getLanguageForRegion } from '@/lib/constants/language-config';
 import type { AudibleRegion } from '@/lib/types/audible';
 import {
  searchByAsin,
  searchByTitle,
@@ -121,6 +123,11 @@ export async function POST(
        const format = preferredFormat || 'epub';
        const annasBaseUrl = baseUrl || 'https://annas-archive.li';
        // Get language code from Audible region config
        const region = await configService.getAudibleRegion() as AudibleRegion;
        const langConfig = getLanguageForRegion(region);
        const languageCode = langConfig.annasArchiveLang;
        if (!isAnnasArchiveEnabled && !isIndexerSearchEnabled) {
          return NextResponse.json(
            { error: 'No ebook sources enabled. Enable Anna\'s Archive or Indexer Search in settings.' },
@@ -145,7 +152,8 @@ export async function POST(
              audiobook.author,
              format,
              annasBaseUrl,
-              flaresolverrUrl || undefined
+              flaresolverrUrl || undefined,
              languageCode
            ).catch((err) => {
              logger.error(`Anna's Archive search failed: ${err.message}`);
              return null;
@@ -217,7 +225,8 @@ async function searchAnnasArchiveForInteractive(
  author: string,
  preferredFormat: string,
  baseUrl: string,
-  flaresolverrUrl?: string
+  flaresolverrUrl?: string,
  languageCode: string = 'en'
 ): Promise<EbookSearchResult[]> {
  let md5: string | null = null;
  let searchMethod: 'asin' | 'title' = 'title';
@@ -225,7 +234,7 @@ async function searchAnnasArchiveForInteractive(
  // Try ASIN search first
  if (asin) {
    logger.info(`Searching Anna's Archive by ASIN: ${asin}`);
-    md5 = await searchByAsin(asin, preferredFormat, baseUrl, undefined, flaresolverrUrl);
+    md5 = await searchByAsin(asin, preferredFormat, baseUrl, undefined, flaresolverrUrl, languageCode);
    if (md5) {
      searchMethod = 'asin';
      logger.info(`Found via ASIN: ${md5}`);
@@ -235,7 +244,7 @@ async function searchAnnasArchiveForInteractive(
  // Fallback to title search
  if (!md5) {
    logger.info(`Searching Anna's Archive by title: "${title}"`);
-    md5 = await searchByTitle(title, author, preferredFormat, baseUrl, undefined, flaresolverrUrl);
+    md5 = await searchByTitle(title, author, preferredFormat, baseUrl, undefined, flaresolverrUrl, languageCode);
    if (md5) {
      logger.info(`Found via title: ${md5}`);
    }
@@ -356,6 +365,10 @@ async function searchIndexersForInteractive(
    return [];
  }
  // Get language-specific stop words for ranking
  const rankRegion = await configService.getAudibleRegion() as AudibleRegion;
  const rankLangConfig = getLanguageForRegion(rankRegion);
  // Rank results with ebook scoring
  // Use requireAuthor=false for interactive mode (let user decide)
  const rankedResults = rankEbookTorrents(allResults, {
@@ -366,6 +379,8 @@ async function searchIndexersForInteractive(
    indexerPriorities,
    flagConfigs,
    requireAuthor: false,
    stopWords: rankLangConfig.stopWords,
    characterReplacements: rankLangConfig.characterReplacements,
  });
  // Log ranking debug info (same format as search-ebook.processor.ts)
@@ -8,6 +8,9 @@ import { requireAuth, AuthenticatedRequest } from '@/lib/middleware/auth';
 import { prisma } from '@/lib/db';
 import { getProwlarrService } from '@/lib/integrations/prowlarr.service';
 import { rankTorrents } from '@/lib/utils/ranking-algorithm';
 import { groupIndexersByCategories, getGroupDescription } from '@/lib/utils/indexer-grouping';
 import { getLanguageForRegion } from '@/lib/constants/language-config';
 import type { AudibleRegion } from '@/lib/types/audible';
 import { RMABLogger } from '@/lib/utils/logger';
 import { resolveInteractiveSearchAccess } from '@/lib/utils/permissions';
@@ -64,8 +67,8 @@ export async function POST(
        );
      }
-      // Check if request is awaiting approval
+      // Check if request is awaiting approval (admins can still search to override the user's selection)
-      if (requestRecord.status === 'awaiting_approval') {
+      if (requestRecord.status === 'awaiting_approval' && req.user.role !== 'admin') {
        return NextResponse.json(
          { error: 'AwaitingApproval', message: 'This request is awaiting admin approval. You cannot search for torrents until it is approved.' },
          { status: 403 }
@@ -97,9 +100,8 @@ export async function POST(
      }
      const indexersConfig = JSON.parse(indexersConfigStr);
      const enabledIndexerIds = indexersConfig.map((indexer: any) => indexer.id);
-      if (enabledIndexerIds.length === 0) {
+      if (indexersConfig.length === 0) {
        return NextResponse.json(
          { error: 'ConfigError', message: 'No indexers enabled. Please enable at least one indexer in settings.' },
          { status: 400 }
@@ -115,22 +117,53 @@ export async function POST(
      const flagConfigStr = await configService.get('indexer_flag_config');
      const flagConfigs = flagConfigStr ? JSON.parse(flagConfigStr) : [];
-      // Search Prowlarr for torrents - ONLY enabled indexers
+      // Group indexers by their category configuration
-      const prowlarr = await getProwlarrService();
+      const { groups, skippedIndexers } = groupIndexersByCategories(indexersConfig);
      // Use custom title if provided, otherwise use audiobook's title
      const searchQuery = customTitle || requestRecord.audiobook.title;
-      logger.info(`Searching ${enabledIndexerIds.length} enabled indexers`, { searchQuery });
+      if (skippedIndexers.length > 0) {
        const skippedNames = skippedIndexers.map(idx => idx.name).join(', ');
        logger.info(`Skipping ${skippedIndexers.length} indexer(s) with no audiobook categories: ${skippedNames}`);
      }
      // Use custom title if provided, then custom search terms, then audiobook's title
      const searchTitle = customTitle || requestRecord.customSearchTerms || requestRecord.audiobook.title;
      const searchAuthor = requestRecord.audiobook.author;
      logger.info(`Searching ${indexersConfig.length - skippedIndexers.length} enabled indexers in ${groups.length} group${groups.length > 1 ? 's' : ''}`, { searchTitle });
      if (customTitle) {
        logger.debug('Using custom search title', { customTitle, originalTitle: requestRecord.audiobook.title });
      }
-      const results = await prowlarr.search(searchQuery, {
+      // Log each group for transparency
-        indexerIds: enabledIndexerIds,
+      groups.forEach((group, index) => {
-        maxResults: 100, // Increased limit for broader search
+        logger.debug(`Group ${index + 1}: ${getGroupDescription(group)}`);
      });
-      logger.debug(`Found ${results.length} raw results`, { requestId: id });
+      // Search Prowlarr for each group and combine results
      const prowlarr = await getProwlarrService();
      const allResults = [];
      for (let i = 0; i < groups.length; i++) {
        const group = groups[i];
        logger.debug(`Searching group ${i + 1}/${groups.length}: ${getGroupDescription(group)}`);
        try {
          const groupResults = await prowlarr.searchWithVariations(searchTitle, searchAuthor, {
            categories: group.categories,
            indexerIds: group.indexerIds,
            maxResults: 100,
          });
          logger.debug(`Group ${i + 1} returned ${groupResults.length} results`);
          allResults.push(...groupResults);
        } catch (error) {
          logger.error(`Group ${i + 1} search failed: ${error instanceof Error ? error.message : 'Unknown error'}`);
          // Continue with other groups even if one fails
        }
      }
      const results = allResults;
      logger.info(`Found ${results.length} total results from ${groups.length} group${groups.length > 1 ? 's' : ''}`, { requestId: id });
      if (results.length === 0) {
        return NextResponse.json({
@@ -140,16 +173,41 @@ export async function POST(
        });
      }
      // Fetch runtime from Audnexus if ASIN available (for size-based scoring)
      let durationMinutes: number | undefined;
      if (requestRecord.audiobook.audibleAsin) {
        try {
          const { getAudibleService } = await import('@/lib/integrations/audible.service');
          const audibleService = getAudibleService();
          const runtime = await audibleService.getRuntime(requestRecord.audiobook.audibleAsin);
          if (runtime) {
            durationMinutes = runtime;
            logger.info(`Fetched runtime: ${runtime} minutes for ASIN ${requestRecord.audiobook.audibleAsin}`);
          } else {
            logger.debug(`No runtime found for ASIN ${requestRecord.audiobook.audibleAsin}`);
          }
        } catch (error) {
          logger.debug(`Failed to fetch runtime for ASIN ${requestRecord.audiobook.audibleAsin}: ${error instanceof Error ? error.message : 'Unknown error'}`);
        }
      }
      // Get language-specific stop words for ranking
      const region = await configService.getAudibleRegion() as AudibleRegion;
      const langConfig = getLanguageForRegion(region);
      // Rank torrents using the ranking algorithm with indexer priorities and flag configs
      // Always use the audiobook's title/author for ranking (not custom search query)
      // requireAuthor: false - interactive mode, show all results for user decision
      const rankedResults = rankTorrents(results, {
        title: requestRecord.audiobook.title,
        author: requestRecord.audiobook.author,
        durationMinutes,
      }, {
        indexerPriorities,
        flagConfigs,
-        requireAuthor: false  // Interactive mode - let user decide
+        requireAuthor: false,  // Interactive mode - let user decide
        stopWords: langConfig.stopWords,
        characterReplacements: langConfig.characterReplacements,
      });
      // No threshold filtering for interactive search - show all results
@@ -160,17 +218,23 @@ export async function POST(
      const top3 = rankedResults.slice(0, 3);
      if (top3.length > 0) {
        logger.debug('==================== RANKING DEBUG ====================');
-        logger.debug('Search parameters', { searchQuery, requestedTitle: requestRecord.audiobook.title, requestedAuthor: requestRecord.audiobook.author });
+        logger.debug('Search parameters', { searchTitle, requestedTitle: requestRecord.audiobook.title, requestedAuthor: requestRecord.audiobook.author });
        logger.debug(`Top ${top3.length} results (out of ${rankedResults.length} total)`);
        logger.debug('--------------------------------------------------------');
        top3.forEach((result, index) => {
          const sizeMB = (result.size / (1024 * 1024)).toFixed(1);
          const mbPerMin = durationMinutes ? ((result.size / (1024 * 1024)) / durationMinutes).toFixed(2) : 'N/A';
          logger.debug(`${index + 1}. "${result.title}"`, {
            indexer: result.indexer,
            indexerId: result.indexerId,
            baseScore: `${result.score.toFixed(1)}/100`,
            matchScore: `${result.breakdown.matchScore.toFixed(1)}/60`,
-            formatScore: `${result.breakdown.formatScore.toFixed(1)}/25 (${result.format || 'unknown'})`,
+            formatScore: `${result.breakdown.formatScore.toFixed(1)}/10 (${result.format || 'unknown'})`,
-            seederScore: `${result.breakdown.seederScore.toFixed(1)}/15 (${result.seeders} seeders)`,
+            sizeScore: durationMinutes
              ? `${result.breakdown.sizeScore.toFixed(1)}/15 (${sizeMB} MB, ${mbPerMin} MB/min)`
              : 'N/A (no runtime)',
            seederScore: `${result.breakdown.seederScore.toFixed(1)}/15 (${result.seeders !== undefined ? result.seeders + ' seeders' : 'N/A for Usenet'})`,
            bonusPoints: `+${result.bonusPoints.toFixed(1)}`,
            bonusModifiers: result.bonusModifiers.map(mod => `${mod.reason}: +${mod.points.toFixed(1)}`),
            finalScore: result.finalScore.toFixed(1),
@@ -6,11 +6,10 @@
 import { NextRequest, NextResponse } from 'next/server';
 import { requireAuth, AuthenticatedRequest } from '@/lib/middleware/auth';
 import { prisma } from '@/lib/db';
 import { getJobQueueService } from '@/lib/services/job-queue.service';
 import { findPlexMatch } from '@/lib/utils/audiobook-matcher';
 import { getAudibleService } from '@/lib/integrations/audible.service';
 import { z } from 'zod';
 import { RMABLogger } from '@/lib/utils/logger';
 import { createRequestForUser } from '@/lib/services/request-creator.service';
 import { COMPLETED_STATUSES } from '@/lib/constants/request-statuses';
 const logger = RMABLogger.create('API.Requests');
@@ -45,274 +44,34 @@ export async function POST(request: NextRequest) {
      const body = await req.json();
      const { audiobook } = CreateRequestSchema.parse(body);
-      // First check: Is there an existing audiobook request in 'downloaded' or 'available' status?
+      const skipAutoSearch = req.nextUrl.searchParams.get('skipAutoSearch') === 'true';
      // This catches the gap where files are organized but Plex hasn't scanned yet
      const existingActiveRequest = await prisma.request.findFirst({
        where: {
          audiobook: {
            audibleAsin: audiobook.asin,
          },
          type: 'audiobook', // Only check audiobook requests (ebook requests are separate)
          status: { in: ['downloaded', 'available'] },
          deletedAt: null,
        },
        include: {
          user: { select: { plexUsername: true } },
        },
      });
-      if (existingActiveRequest) {
+      const result = await createRequestForUser(req.user.id, {
        const status = existingActiveRequest.status;
        const isOwnRequest = existingActiveRequest.userId === req.user.id;
        return NextResponse.json(
          {
            error: status === 'available' ? 'AlreadyAvailable' : 'BeingProcessed',
            message: status === 'available'
              ? 'This audiobook is already available in your Plex library'
              : 'This audiobook is being processed and will be available soon',
            requestStatus: status,
            isOwnRequest,
            requestedBy: existingActiveRequest.user?.plexUsername,
          },
          { status: 409 }
        );
      }
      // Second check: Is audiobook already in Plex library? (fallback for non-requested books)
      const plexMatch = await findPlexMatch({
        asin: audiobook.asin,
        title: audiobook.title,
        author: audiobook.author,
        narrator: audiobook.narrator,
-      });
+        description: audiobook.description,
        coverArtUrl: audiobook.coverArtUrl,
      }, { skipAutoSearch });
-      if (plexMatch) {
+      if (!result.success) {
        const statusMap: Record<string, { error: string; status: number }> = {
          already_available: { error: 'AlreadyAvailable', status: 409 },
          being_processed: { error: 'BeingProcessed', status: 409 },
          duplicate: { error: 'DuplicateRequest', status: 409 },
          user_not_found: { error: 'UserNotFound', status: 404 },
        };
        const mapped = statusMap[result.reason] || { error: 'RequestError', status: 500 };
        return NextResponse.json(
-          {
+          { error: mapped.error, message: result.message },
-            error: 'AlreadyAvailable',
+          { status: mapped.status }
            message: 'This audiobook is already available in your Plex library',
            plexGuid: plexMatch.plexGuid,
          },
          { status: 409 }
        );
      }
      // Fetch full details from Audnexus to get releaseDate, year, and series
      let year: number | undefined;
      let series: string | undefined;
      let seriesPart: string | undefined;
      try {
        const audibleService = getAudibleService();
        const audnexusData = await audibleService.getAudiobookDetails(audiobook.asin);
        if (audnexusData?.releaseDate) {
          try {
            const releaseYear = new Date(audnexusData.releaseDate).getFullYear();
            if (!isNaN(releaseYear)) {
              year = releaseYear;
              logger.debug(`Extracted year ${year} from Audnexus releaseDate: ${audnexusData.releaseDate}`);
            }
          } catch (error) {
            logger.warn(`Failed to parse Audnexus releaseDate "${audnexusData.releaseDate}": ${error instanceof Error ? error.message : 'Unknown error'}`);
          }
        }
        // Extract series data
        if (audnexusData?.series) {
          series = audnexusData.series;
          logger.debug(`Extracted series: ${series}`);
        }
        if (audnexusData?.seriesPart) {
          seriesPart = audnexusData.seriesPart;
          logger.debug(`Extracted seriesPart: ${seriesPart}`);
        }
      } catch (error) {
        logger.warn(`Failed to fetch Audnexus data for ASIN ${audiobook.asin}: ${error instanceof Error ? error.message : 'Unknown error'}`);
      }
      // Try to find existing audiobook record by ASIN
      let audiobookRecord = await prisma.audiobook.findFirst({
        where: { audibleAsin: audiobook.asin },
      });
      // If not found, create new audiobook record
      if (!audiobookRecord) {
        audiobookRecord = await prisma.audiobook.create({
          data: {
            audibleAsin: audiobook.asin,
            title: audiobook.title,
            author: audiobook.author,
            narrator: audiobook.narrator,
            description: audiobook.description,
            coverArtUrl: audiobook.coverArtUrl,
            year,
            series,
            seriesPart,
            status: 'requested',
          },
        });
        logger.debug(`Created audiobook ${audiobookRecord.id} with year: ${year || 'none'}, series: ${series || 'none'}`);
      } else if (year || series || seriesPart) {
        // Always update year/series if we have them from Audnexus (even if audiobook already has them)
        audiobookRecord = await prisma.audiobook.update({
          where: { id: audiobookRecord.id },
          data: {
            ...(year && { year }),
            ...(series && { series }),
            ...(seriesPart && { seriesPart }),
          },
        });
        logger.debug(`Updated audiobook ${audiobookRecord.id} with year: ${year || 'unchanged'}, series: ${series || 'unchanged'}`);
      }
      // Check if user already has an active (non-deleted) audiobook request for this audiobook
      const existingRequest = await prisma.request.findFirst({
        where: {
          userId: req.user.id,
          audiobookId: audiobookRecord.id,
          type: 'audiobook', // Only check audiobook requests (ebook requests are separate)
          deletedAt: null, // Only check active requests
        },
      });
      if (existingRequest) {
        // Allow re-requesting if the status is failed, warn, or cancelled
        const canReRequest = ['failed', 'warn', 'cancelled'].includes(existingRequest.status);
        if (!canReRequest) {
          return NextResponse.json(
            {
              error: 'DuplicateRequest',
              message: 'You have already requested this audiobook',
              request: existingRequest,
            },
            { status: 409 }
          );
        }
        // Delete the existing failed/warn/cancelled request
        logger.debug(`Deleting existing ${existingRequest.status} request ${existingRequest.id} to allow re-request`);
        await prisma.request.delete({
          where: { id: existingRequest.id },
        });
      }
      // Check if we should skip auto-search (for interactive search)
      const skipAutoSearch = req.nextUrl.searchParams.get('skipAutoSearch') === 'true';
      // Check if request needs approval
      let needsApproval = false;
      let shouldTriggerSearch = !skipAutoSearch;
      // Fetch user with autoApproveRequests setting
      const user = await prisma.user.findUnique({
        where: { id: req.user.id },
        select: {
          role: true,
          autoApproveRequests: true,
        },
      });
      if (!user) {
        return NextResponse.json(
          { error: 'UserNotFound', message: 'User not found' },
          { status: 404 }
        );
      }
      // Determine if approval is needed
      if (user.role === 'admin') {
        // Admins always auto-approve
        needsApproval = false;
      } else {
        // Check user's personal setting first
        if (user.autoApproveRequests === true) {
          needsApproval = false;
        } else if (user.autoApproveRequests === false) {
          needsApproval = true;
        } else {
          // User setting is null, check global setting
          const globalConfig = await prisma.configuration.findUnique({
            where: { key: 'auto_approve_requests' },
          });
          // Default to true if not configured (backward compatibility)
          const globalAutoApprove = globalConfig === null ? true : globalConfig.value === 'true';
          needsApproval = !globalAutoApprove;
        }
      }
      // Determine initial status
      let initialStatus: string;
      if (needsApproval) {
        initialStatus = 'awaiting_approval';
        shouldTriggerSearch = false; // Don't trigger search if awaiting approval
      } else if (skipAutoSearch) {
        initialStatus = 'awaiting_search';
      } else {
        initialStatus = 'pending';
      }
      // Create request with appropriate status
      const newRequest = await prisma.request.create({
        data: {
          userId: req.user.id,
          audiobookId: audiobookRecord.id,
          status: initialStatus,
          type: 'audiobook', // Explicit type for user-created requests
          progress: 0,
        },
        include: {
          audiobook: true,
          user: {
            select: {
              id: true,
              plexUsername: true,
            },
          },
        },
      });
      const jobQueue = getJobQueueService();
      // Send notification based on approval status
      if (initialStatus === 'awaiting_approval') {
        // Request needs approval - send pending notification
        await jobQueue.addNotificationJob(
          'request_pending_approval',
          newRequest.id,
          audiobookRecord.title,
          audiobookRecord.author,
          newRequest.user.plexUsername || 'Unknown User'
        ).catch((error) => {
          logger.error('Failed to queue notification', { error: error instanceof Error ? error.message : String(error) });
        });
      } else {
        // Request was auto-approved (either automatic or interactive search) - send approved notification
        await jobQueue.addNotificationJob(
          'request_approved',
          newRequest.id,
          audiobookRecord.title,
          audiobookRecord.author,
          newRequest.user.plexUsername || 'Unknown User'
        ).catch((error) => {
          logger.error('Failed to queue notification', { error: error instanceof Error ? error.message : String(error) });
        });
      }
      // Trigger search job only if not skipped and not awaiting approval
      if (shouldTriggerSearch) {
        await jobQueue.addSearchJob(newRequest.id, {
          id: audiobookRecord.id,
          title: audiobookRecord.title,
          author: audiobookRecord.author,
          asin: audiobookRecord.audibleAsin || undefined,
        });
      }
      return NextResponse.json({
        success: true,
-        request: newRequest,
+        request: result.request,
      }, { status: 201 });
    } catch (error) {
      logger.error('Failed to create request', { error: error instanceof Error ? error.message : String(error) });
@@ -388,10 +147,18 @@ export async function GET(request: NextRequest) {
        take: limit,
      });
      const enriched = requests.map(r => {
        const isCompleted = COMPLETED_STATUSES.includes(r.status as typeof COMPLETED_STATUSES[number]);
        const downloadAvailable = isCompleted && !!r.audiobook?.filePath;
        // Strip server-side absolute path from client response
        const audiobook = r.audiobook ? { ...r.audiobook, filePath: undefined } : r.audiobook;
        return { ...r, audiobook, downloadAvailable };
      });
      return NextResponse.json({
        success: true,
-        requests,
+        requests: enriched,
-        count: requests.length,
+        count: enriched.length,
      });
    } catch (error) {
      logger.error('Failed to get requests', { error: error instanceof Error ? error.message : String(error) });
--- a/Show More
+++ b/Show More
		`@@ -0,0 +1,2 @@`
							`-- AlterTable`
							`ALTER TABLE "users" ADD COLUMN "download_access" BOOLEAN;`
		`@@ -0,0 +1,2 @@`
							`-- AlterTable`
							`ALTER TABLE "requests" ADD COLUMN "custom_search_terms" TEXT;`