- Add JWT Bearer token validation to Rust API via OIDC provider JWKS
with automatic key rotation and 1-hour cache
- Remove x-api-key auth support and built-in web UI from furumi-web-player,
leaving it as a pure API server
- Add /auth/token endpoint to Node player server to expose OIDC access
tokens to the frontend
- Move Node player auth endpoints from /api/* to /auth/* to avoid
path conflicts with Rust API
- Add static file serving to Node Express server for production
single-container deployment
- Fix SameSite=Strict cookie issue breaking OIDC redirect flow (use Lax)
- Add Dockerfile.node-player with multi-stage Node.js build
- Add CI workflows for node-player Docker image (dev + release)
- Optimize Rust Dockerfiles with dependency caching layer
- Update docker-compose with OIDC env vars and OLLAMA_MODEL support
- Cherry-pick agent LLM client fixes from DEV branch
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Auto-merge: when ingest pipeline detects "source file missing", now checks
if the track already exists in the library by file_hash. If so, marks the
pending entry as 'merged' instead of 'error' — avoiding stale error entries
for files that were already successfully ingested in a previous run.
Prompts: replaced Pink Floyd/The Wall/Have a Cigar examples in both
normalize.txt and merge.txt with Deep Purple examples. The LLM was using
these famous artist/album/track names as fallback output when raw metadata
was empty or ambiguous, causing hallucinated metadata like
"artist: Pink Floyd, title: Have a Cigar" for completely unrelated tracks.
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Ultradesu
ab