Build 2602261523: live updates, invite cleanup and nuclear resync

.build_number

@@ -0,0 +1 @@
+2602261523

.dockerignore

@@ -0,0 +1,11 @@
+.git
+.env
+*.log
+data/*
+!data/branding/
+!data/branding/**
+frontend/node_modules/
+frontend/.next/
+backend/__pycache__/
+**/__pycache__/
+**/*.pyc

.gitignore

@@ -1,6 +1,8 @@
 .env
 .venv/
 data/
+!data/branding/
+!data/branding/**
 backend/__pycache__/
 **/__pycache__/
 *.pyc

Dockerfile

@@ -0,0 +1,53 @@
+FROM node:20-slim AS frontend-builder
+
+WORKDIR /frontend
+
+ENV NODE_ENV=production \
+    BACKEND_INTERNAL_URL=http://127.0.0.1:8000 \
+    NEXT_PUBLIC_API_BASE=/api
+
+COPY frontend/package.json ./
+RUN npm install
+
+COPY frontend/app ./app
+COPY frontend/public ./public
+COPY frontend/next-env.d.ts ./next-env.d.ts
+COPY frontend/next.config.js ./next.config.js
+COPY frontend/tsconfig.json ./tsconfig.json
+
+RUN npm run build
+
+FROM python:3.12-slim
+
+WORKDIR /app
+
+ENV PYTHONDONTWRITEBYTECODE=1 \
+    PYTHONUNBUFFERED=1 \
+    NODE_ENV=production
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends curl gnupg supervisor \
+    && curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
+    && apt-get install -y --no-install-recommends nodejs \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+COPY backend/requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+COPY backend/app ./app
+COPY data/branding /app/data/branding
+
+COPY --from=frontend-builder /frontend/.next /app/frontend/.next
+COPY --from=frontend-builder /frontend/public /app/frontend/public
+COPY --from=frontend-builder /frontend/node_modules /app/frontend/node_modules
+COPY --from=frontend-builder /frontend/package.json /app/frontend/package.json
+COPY --from=frontend-builder /frontend/next.config.js /app/frontend/next.config.js
+COPY --from=frontend-builder /frontend/next-env.d.ts /app/frontend/next-env.d.ts
+COPY --from=frontend-builder /frontend/tsconfig.json /app/frontend/tsconfig.json
+
+COPY docker/supervisord.conf /etc/supervisor/conf.d/magent.conf
+
+EXPOSE 3000 8000
+
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/magent.conf"]

README.md

@@ -1,8 +1,89 @@
 # Magent
 
-AI-powered request timeline for Jellyseerr + Arr stack.
+Magent is a friendly, AI-assisted request tracker for Jellyseerr + Arr services. It shows a clear timeline of where a request is stuck, explains what is happening in plain English, and offers safe actions to help fix issues.
 
-## Backend (FastAPI)
+## How it works
+
+1) Requests are pulled from Jellyseerr and stored locally.
+2) Magent joins that request to Sonarr/Radarr, Prowlarr, qBittorrent, and Jellyfin using TMDB/TVDB IDs and download hashes.
+3) A state engine normalizes noisy service statuses into a simple, user-friendly state.
+4) The UI renders a timeline and a central status box for each request.
+5) Optional AI triage summarizes the likely cause and safest next steps.
+
+## Core features
+
+- Request search by title/year or request ID.
+- Recent requests list with posters and status.
+- Timeline view across Jellyseerr, Arr, Prowlarr, qBittorrent, Jellyfin.
+- Central status box with clear reason + next steps.
+- Safe action buttons (search, resume, re-add, etc.).
+- Admin settings for service URLs, API keys, profiles, and root folders.
+- Health status for each service in the pipeline.
+- Cache and sync controls (full sync, delta sync, scheduled syncs).
+- Local database for speed and audit history.
+- Users and access control (admin vs user, block access).
+- Local account password changes via "My profile".
+- Docker-first deployment for easy hosting.
+
+## Quick start (Docker - primary)
+
+Docker is the recommended way to run Magent. It includes the backend and frontend with sane defaults.
+
+```bash
+docker compose up --build
+```
+
+Then open:
+
+- Frontend: http://localhost:3000
+- Backend: http://localhost:8000
+
+### Docker setup steps
+
+1) Create `.env` with your service URLs and API keys.
+2) Run `docker compose up --build`.
+3) Log in at http://localhost:3000.
+4) Visit Settings to confirm service health.
+
+### Docker environment variables (sample)
+
+```bash
+JELLYSEERR_URL="http://localhost:5055"
+JELLYSEERR_API_KEY="..."
+SONARR_URL="http://localhost:8989"
+SONARR_API_KEY="..."
+SONARR_QUALITY_PROFILE_ID="1"
+SONARR_ROOT_FOLDER="/tv"
+RADARR_URL="http://localhost:7878"
+RADARR_API_KEY="..."
+RADARR_QUALITY_PROFILE_ID="1"
+RADARR_ROOT_FOLDER="/movies"
+PROWLARR_URL="http://localhost:9696"
+PROWLARR_API_KEY="..."
+QBIT_URL="http://localhost:8080"
+QBIT_USERNAME="..."
+QBIT_PASSWORD="..."
+SQLITE_PATH="data/magent.db"
+JWT_SECRET="change-me"
+JWT_EXP_MINUTES="720"
+ADMIN_USERNAME="admin"
+ADMIN_PASSWORD="adminadmin"
+```
+
+## Screenshots
+
+Add screenshots here once available:
+
+- `docs/screenshots/home.png`
+- `docs/screenshots/request-timeline.png`
+- `docs/screenshots/settings.png`
+- `docs/screenshots/profile.png`
+
+## Local development (secondary)
+
+Use this only when you need to modify code locally.
+
+### Backend (FastAPI)
 
 ```bash
 cd backend
@@ -37,7 +118,7 @@ $env:ADMIN_USERNAME="admin"
 $env:ADMIN_PASSWORD="adminadmin"
 ```
 
-## Frontend (Next.js)
+### Frontend (Next.js)
 
 ```bash
 cd frontend
@@ -49,20 +130,11 @@ Open http://localhost:3000
 
 Admin panel: http://localhost:3000/admin
 
-Login uses the admin credentials above (or any other user you create in SQLite).
+Login uses the admin credentials above (or any other local user you create in SQLite).
-
-## Docker (Testing)
-
-```bash
-docker compose up --build
-```
-
-Backend: http://localhost:8000  
-Frontend: http://localhost:3000
 
 ## Public Hosting Notes
 
-The frontend now proxies `/api/*` to the backend container. Set:
+The frontend proxies `/api/*` to the backend container. Set:
 
 - `NEXT_PUBLIC_API_BASE=/api` (browser uses same-origin)
 - `BACKEND_INTERNAL_URL=http://backend:8000` (container-to-container)
@@ -73,3 +145,25 @@ If you prefer the browser to call the backend directly, set `NEXT_PUBLIC_API_BAS
 
 - `GET /requests/{id}/history?limit=10` recent snapshots
 - `GET /requests/{id}/actions?limit=10` recent action logs
+
+## Troubleshooting
+
+### Login fails
+
+- Make sure `ADMIN_USERNAME` and `ADMIN_PASSWORD` are set in `.env`.
+- Confirm the backend is reachable: `http://localhost:8000/health` (or see container logs).
+
+### Services show as down
+
+- Check the URLs and API keys in Settings.
+- Verify containers can reach each service (network/DNS).
+
+### No recent requests
+
+- Confirm Jellyseerr credentials in Settings.
+- Run a full sync from Settings -> Requests.
+
+### Docker images not updating
+
+- Run `docker compose up --build` again.
+- If needed, run `docker compose down` first, then rebuild.

backend/Dockerfile

@@ -5,10 +5,11 @@ WORKDIR /app
 ENV PYTHONDONTWRITEBYTECODE=1 \
     PYTHONUNBUFFERED=1
 
-COPY requirements.txt .
+COPY backend/requirements.txt .
 RUN pip install --no-cache-dir -r requirements.txt
 
-COPY app ./app
+COPY backend/app ./app
+COPY data/branding /app/data/branding
 
 EXPOSE 8000
 

backend/app/ai/triage.py

@@ -26,7 +26,7 @@ def triage_snapshot(snapshot: Snapshot) -> TriageResult:
         recommendations.append(
             TriageRecommendation(
                 action_id="readd_to_arr",
-                title="Add it to the library queue",
+                title="Push to Sonarr/Radarr",
                 reason="Sonarr/Radarr has not created the entry for this request.",
                 risk="medium",
             )

backend/app/auth.py

@@ -1,15 +1,44 @@
-from typing import Dict, Any
+from datetime import datetime, timezone
+from typing import Dict, Any, Optional
 
-from fastapi import Depends, HTTPException, status
+from fastapi import Depends, HTTPException, status, Request
 from fastapi.security import OAuth2PasswordBearer
 
-from .db import get_user_by_username
+from .db import get_user_by_username, upsert_user_activity
 from .security import safe_decode_token, TokenError
 
 oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/auth/login")
 
 
-def get_current_user(token: str = Depends(oauth2_scheme)) -> Dict[str, Any]:
+def _is_expired(expires_at: str | None) -> bool:
+    if not isinstance(expires_at, str) or not expires_at.strip():
+        return False
+    candidate = expires_at.strip()
+    if candidate.endswith("Z"):
+        candidate = candidate[:-1] + "+00:00"
+    try:
+        parsed = datetime.fromisoformat(candidate)
+    except ValueError:
+        return False
+    if parsed.tzinfo is None:
+        parsed = parsed.replace(tzinfo=timezone.utc)
+    return parsed <= datetime.now(timezone.utc)
+
+def _extract_client_ip(request: Request) -> str:
+    forwarded = request.headers.get("x-forwarded-for")
+    if forwarded:
+        parts = [part.strip() for part in forwarded.split(",") if part.strip()]
+        if parts:
+            return parts[0]
+    real_ip = request.headers.get("x-real-ip")
+    if real_ip:
+        return real_ip.strip()
+    if request.client and request.client.host:
+        return request.client.host
+    return "unknown"
+
+
+def _load_current_user_from_token(token: str, request: Optional[Request] = None) -> Dict[str, Any]:
     try:
         payload = safe_decode_token(token)
     except TokenError as exc:
@@ -24,15 +53,52 @@ def get_current_user(token: str = Depends(oauth2_scheme)) -> Dict[str, Any]:
         raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="User not found")
     if user.get("is_blocked"):
         raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="User is blocked")
+    if _is_expired(user.get("expires_at")):
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="User access has expired")
+
+    if request is not None:
+        ip = _extract_client_ip(request)
+        user_agent = request.headers.get("user-agent", "unknown")
+        upsert_user_activity(user["username"], ip, user_agent)
 
     return {
         "username": user["username"],
         "role": user["role"],
         "auth_provider": user.get("auth_provider", "local"),
+        "jellyseerr_user_id": user.get("jellyseerr_user_id"),
+        "auto_search_enabled": bool(user.get("auto_search_enabled", True)),
+        "profile_id": user.get("profile_id"),
+        "expires_at": user.get("expires_at"),
+        "is_expired": bool(user.get("is_expired", False)),
     }
 
 
+def get_current_user(token: str = Depends(oauth2_scheme), request: Request = None) -> Dict[str, Any]:
+    return _load_current_user_from_token(token, request)
+
+
+def get_current_user_event_stream(request: Request) -> Dict[str, Any]:
+    """EventSource cannot send Authorization headers, so allow a query token here only."""
+    token = None
+    auth_header = request.headers.get("authorization", "")
+    if auth_header.lower().startswith("bearer "):
+        token = auth_header.split(" ", 1)[1].strip()
+    if not token:
+        token = request.query_params.get("access_token")
+    if not token:
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Missing token")
+    return _load_current_user_from_token(token, None)
+
+
 def require_admin(user: Dict[str, Any] = Depends(get_current_user)) -> Dict[str, Any]:
     if user.get("role") != "admin":
         raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Admin access required")
     return user
+
+
+def require_admin_event_stream(
+    user: Dict[str, Any] = Depends(get_current_user_event_stream),
+) -> Dict[str, Any]:
+    if user.get("role") != "admin":
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Admin access required")
+    return user

backend/app/build_info.py

@@ -0,0 +1,2 @@
+BUILD_NUMBER = "2602261523"
+CHANGELOG = '2026-01-22\\n- Initial commit\\n- Ignore build artifacts\\n- Update README\\n- Update README with Docker-first guide\\n\\n2026-01-23\\n- Fix cache titles via Jellyseerr media lookup\\n- Split search actions and improve download options\\n- Fallback manual grab to qBittorrent\\n- Hide header actions when signed out\\n- Add feedback form and webhook\\n- Fix cache titles and move feedback link\\n- Show available status on landing when in Jellyfin\\n- Add default branding assets when missing\\n- Use bundled branding assets\\n- Remove password fields from users page\\n- Add Docker Hub compose override\\n- Fix backend Dockerfile paths for root context\\n- Copy public assets into frontend image\\n- Use backend branding assets for logo and favicon\\n\\n2026-01-24\\n- Route grabs through Sonarr/Radarr only\\n- Document fix buttons in how-it-works\\n- Clarify how-it-works steps and fixes\\n- Map Prowlarr releases to Arr indexers for manual grab\\n- Improve request handling and qBittorrent categories\\n\\n2026-01-25\\n- Add site banner, build number, and changelog\\n- Automate build number tagging and sync\\n- Improve mobile header layout\\n- Move account actions into avatar menu\\n- Add user stats and activity tracking\\n- Add Jellyfin login cache and admin-only stats\\n- Tidy request sync controls\\n- Seed branding logo from bundled assets\\n- Serve bundled branding assets by default\\n- Harden request cache titles and cache-only reads\\n- Build 2501262041\\n\\n2026-01-26\\n- Fix cache title hydration\\n- Fix sync progress bar animation\\n\\n2026-01-27\\n- Add cache control artwork stats\\n- Improve cache stats performance (build 271261145)\\n- Fix backend cache stats import (build 271261149)\\n- Clarify request sync settings (build 271261159)\\n- Bump build number to 271261202\\n- Fix request titles in snapshots (build 271261219)\\n- Fix snapshot title fallback (build 271261228)\\n- Add cache load spinner (build 271261238)\\n- Bump build number (process 2) 271261322\\n- Add service test buttons (build 271261335)\\n- Fallback to TMDB when artwork cache fails (build 271261524)\\n- Hydrate missing artwork from Jellyseerr (build 271261539)\\n\\n2026-01-29\\n- release: 2901262036\\n- release: 2901262044\\n- release: 2901262102\\n- Hardcode build number in backend\\n- Bake build number and changelog\\n- Update full changelog\\n- Tidy full changelog\\n- Build 2901262240: cache users\n\n2026-01-30\n- Merge backend and frontend into one container'

backend/app/clients/base.py

@@ -30,3 +30,14 @@ class ApiClient:
             response = await client.post(url, headers=self.headers(), json=payload)
             response.raise_for_status()
             return response.json()
+
+    async def put(self, path: str, payload: Optional[Dict[str, Any]] = None) -> Optional[Any]:
+        if not self.base_url:
+            return None
+        url = f"{self.base_url}{path}"
+        async with httpx.AsyncClient(timeout=10.0) as client:
+            response = await client.put(url, headers=self.headers(), json=payload)
+            response.raise_for_status()
+            if not response.content:
+                return None
+            return response.json()

backend/app/clients/jellyfin.py

@@ -58,3 +58,13 @@ class JellyfinClient(ApiClient):
             response = await client.get(url, headers=headers)
             response.raise_for_status()
             return response.json()
+
+    async def refresh_library(self, recursive: bool = True) -> None:
+        if not self.base_url or not self.api_key:
+            return None
+        url = f"{self.base_url}/Library/Refresh"
+        headers = {"X-Emby-Token": self.api_key}
+        params = {"Recursive": "true" if recursive else "false"}
+        async with httpx.AsyncClient(timeout=10.0) as client:
+            response = await client.post(url, headers=headers, params=params)
+            response.raise_for_status()

backend/app/clients/jellyseerr.py

@@ -35,3 +35,12 @@ class JellyseerrClient(ApiClient):
                 "page": page,
             },
         )
+
+    async def get_users(self, take: int = 50, skip: int = 0) -> Optional[Dict[str, Any]]:
+        return await self.get(
+            "/api/v1/user",
+            params={
+                "take": take,
+                "skip": skip,
+            },
+        )

backend/app/clients/qbittorrent.py

@@ -1,5 +1,6 @@
 from typing import Any, Dict, Optional
 import httpx
+import logging
 from .base import ApiClient
 
 
@@ -8,6 +9,7 @@ class QBittorrentClient(ApiClient):
         super().__init__(base_url, None)
         self.username = username
         self.password = password
+        self.logger = logging.getLogger(__name__)
 
     def configured(self) -> bool:
         return bool(self.base_url and self.username and self.password)
@@ -56,6 +58,9 @@ class QBittorrentClient(ApiClient):
     async def get_torrents_by_hashes(self, hashes: str) -> Optional[Any]:
         return await self._get("/api/v2/torrents/info", params={"hashes": hashes})
 
+    async def get_torrents_by_category(self, category: str) -> Optional[Any]:
+        return await self._get("/api/v2/torrents/info", params={"category": category})
+
     async def get_app_version(self) -> Optional[Any]:
         return await self._get_text("/api/v2/app/version")
 
@@ -67,3 +72,17 @@ class QBittorrentClient(ApiClient):
                 await self._post_form("/api/v2/torrents/start", data={"hashes": hashes})
                 return
             raise
+
+    async def add_torrent_url(self, url: str, category: Optional[str] = None) -> None:
+        url_host = None
+        if isinstance(url, str) and "://" in url:
+            url_host = url.split("://", 1)[-1].split("/", 1)[0]
+        self.logger.warning(
+            "qBittorrent add_torrent_url invoked: category=%s host=%s",
+            category,
+            url_host or "unknown",
+        )
+        data: Dict[str, Any] = {"urls": url}
+        if category:
+            data["category"] = category
+        await self._post_form("/api/v2/torrents/add", data=data)

backend/app/clients/radarr.py

@@ -9,6 +9,9 @@ class RadarrClient(ApiClient):
     async def get_movie_by_tmdb_id(self, tmdb_id: int) -> Optional[Dict[str, Any]]:
         return await self.get("/api/v3/movie", params={"tmdbId": tmdb_id})
 
+    async def get_movie(self, movie_id: int) -> Optional[Dict[str, Any]]:
+        return await self.get(f"/api/v3/movie/{movie_id}")
+
     async def get_movies(self) -> Optional[Dict[str, Any]]:
         return await self.get("/api/v3/movie")
 
@@ -21,6 +24,9 @@ class RadarrClient(ApiClient):
     async def get_queue(self, movie_id: int) -> Optional[Dict[str, Any]]:
         return await self.get("/api/v3/queue", params={"movieId": movie_id})
 
+    async def get_indexers(self) -> Optional[Dict[str, Any]]:
+        return await self.get("/api/v3/indexer")
+
     async def search(self, movie_id: int) -> Optional[Dict[str, Any]]:
         return await self.post("/api/v3/command", payload={"name": "MoviesSearch", "movieIds": [movie_id]})
 
@@ -41,5 +47,17 @@ class RadarrClient(ApiClient):
         }
         return await self.post("/api/v3/movie", payload=payload)
 
+    async def update_movie(self, payload: Dict[str, Any]) -> Optional[Dict[str, Any]]:
+        return await self.put("/api/v3/movie", payload=payload)
+
     async def grab_release(self, guid: str, indexer_id: int) -> Optional[Dict[str, Any]]:
         return await self.post("/api/v3/release", payload={"guid": guid, "indexerId": indexer_id})
+
+    async def push_release(self, payload: Dict[str, Any]) -> Optional[Dict[str, Any]]:
+        return await self.post("/api/v3/release/push", payload=payload)
+
+    async def download_release(self, guid: str, indexer_id: int) -> Optional[Dict[str, Any]]:
+        return await self.post(
+            "/api/v3/command",
+            payload={"name": "DownloadRelease", "guid": guid, "indexerId": indexer_id},
+        )

backend/app/clients/sonarr.py

@@ -9,6 +9,9 @@ class SonarrClient(ApiClient):
     async def get_series_by_tvdb_id(self, tvdb_id: int) -> Optional[Dict[str, Any]]:
         return await self.get("/api/v3/series", params={"tvdbId": tvdb_id})
 
+    async def get_series(self, series_id: int) -> Optional[Dict[str, Any]]:
+        return await self.get(f"/api/v3/series/{series_id}")
+
     async def get_root_folders(self) -> Optional[Dict[str, Any]]:
         return await self.get("/api/v3/rootfolder")
 
@@ -18,6 +21,9 @@ class SonarrClient(ApiClient):
     async def get_queue(self, series_id: int) -> Optional[Dict[str, Any]]:
         return await self.get("/api/v3/queue", params={"seriesId": series_id})
 
+    async def get_indexers(self) -> Optional[Dict[str, Any]]:
+        return await self.get("/api/v3/indexer")
+
     async def get_episodes(self, series_id: int) -> Optional[Dict[str, Any]]:
         return await self.get("/api/v3/episode", params={"seriesId": series_id})
 
@@ -48,5 +54,17 @@ class SonarrClient(ApiClient):
             payload["title"] = title
         return await self.post("/api/v3/series", payload=payload)
 
+    async def update_series(self, payload: Dict[str, Any]) -> Optional[Dict[str, Any]]:
+        return await self.put("/api/v3/series", payload=payload)
+
     async def grab_release(self, guid: str, indexer_id: int) -> Optional[Dict[str, Any]]:
         return await self.post("/api/v3/release", payload={"guid": guid, "indexerId": indexer_id})
+
+    async def push_release(self, payload: Dict[str, Any]) -> Optional[Dict[str, Any]]:
+        return await self.post("/api/v3/release/push", payload=payload)
+
+    async def download_release(self, guid: str, indexer_id: int) -> Optional[Dict[str, Any]]:
+        return await self.post(
+            "/api/v3/command",
+            payload={"name": "DownloadRelease", "guid": guid, "indexerId": indexer_id},
+        )

backend/app/config.py

@@ -2,6 +2,7 @@ from typing import Optional
 from pydantic import AliasChoices, Field
 from pydantic_settings import BaseSettings, SettingsConfigDict
 
+from .build_info import BUILD_NUMBER, CHANGELOG
 
 class Settings(BaseSettings):
     model_config = SettingsConfigDict(env_prefix="")
@@ -38,6 +39,17 @@ class Settings(BaseSettings):
     artwork_cache_mode: str = Field(
         default="remote", validation_alias=AliasChoices("ARTWORK_CACHE_MODE")
     )
+    site_build_number: Optional[str] = Field(default=BUILD_NUMBER)
+    site_banner_enabled: bool = Field(
+        default=False, validation_alias=AliasChoices("SITE_BANNER_ENABLED")
+    )
+    site_banner_message: Optional[str] = Field(
+        default=None, validation_alias=AliasChoices("SITE_BANNER_MESSAGE")
+    )
+    site_banner_tone: str = Field(
+        default="info", validation_alias=AliasChoices("SITE_BANNER_TONE")
+    )
+    site_changelog: Optional[str] = Field(default=CHANGELOG)
 
     jellyseerr_base_url: Optional[str] = Field(
         default=None, validation_alias=AliasChoices("JELLYSEERR_URL", "JELLYSEERR_BASE_URL")
@@ -70,6 +82,10 @@ class Settings(BaseSettings):
     sonarr_root_folder: Optional[str] = Field(
         default=None, validation_alias=AliasChoices("SONARR_ROOT_FOLDER")
     )
+    sonarr_qbittorrent_category: Optional[str] = Field(
+        default="sonarr",
+        validation_alias=AliasChoices("SONARR_QBITTORRENT_CATEGORY"),
+    )
 
     radarr_base_url: Optional[str] = Field(
         default=None, validation_alias=AliasChoices("RADARR_URL", "RADARR_BASE_URL")
@@ -83,6 +99,10 @@ class Settings(BaseSettings):
     radarr_root_folder: Optional[str] = Field(
         default=None, validation_alias=AliasChoices("RADARR_ROOT_FOLDER")
     )
+    radarr_qbittorrent_category: Optional[str] = Field(
+        default="radarr",
+        validation_alias=AliasChoices("RADARR_QBITTORRENT_CATEGORY"),
+    )
 
     prowlarr_base_url: Optional[str] = Field(
         default=None, validation_alias=AliasChoices("PROWLARR_URL", "PROWLARR_BASE_URL")
@@ -101,5 +121,10 @@ class Settings(BaseSettings):
         default=None, validation_alias=AliasChoices("QBIT_PASSWORD", "QBITTORRENT_PASSWORD")
     )
 
+    discord_webhook_url: Optional[str] = Field(
+        default="https://discord.com/api/webhooks/1464141924775629033/O_rvCAmIKowR04tyAN54IuMPcQFEiT-ustU3udDaMTlF62PmoI6w4-52H3ZQcjgHQOgt",
+        validation_alias=AliasChoices("DISCORD_WEBHOOK_URL"),
+    )
+
 
 settings = Settings()

backend/app/main.py

@@ -13,10 +13,13 @@ from .routers.requests import (
     run_daily_db_cleanup,
 )
 from .routers.auth import router as auth_router
-from .routers.admin import router as admin_router
+from .routers.admin import router as admin_router, events_router as admin_events_router
 from .routers.images import router as images_router
 from .routers.branding import router as branding_router
 from .routers.status import router as status_router
+from .routers.feedback import router as feedback_router
+from .routers.site import router as site_router
+from .routers.events import router as events_router
 from .services.jellyfin_sync import run_daily_jellyfin_sync
 from .logging_config import configure_logging
 from .runtime import get_runtime_settings
@@ -51,6 +54,10 @@ async def startup() -> None:
 app.include_router(requests_router)
 app.include_router(auth_router)
 app.include_router(admin_router)
+app.include_router(admin_events_router)
 app.include_router(images_router)
 app.include_router(branding_router)
 app.include_router(status_router)
+app.include_router(feedback_router)
+app.include_router(site_router)
+app.include_router(events_router)

backend/app/routers/auth.py

@@ -1,29 +1,143 @@
+from datetime import datetime, timedelta, timezone
+
 from fastapi import APIRouter, HTTPException, status, Depends
 from fastapi.security import OAuth2PasswordRequestForm
 
 from ..db import (
     verify_user_password,
+    create_user,
     create_user_if_missing,
     set_last_login,
     get_user_by_username,
     set_user_password,
+    set_jellyfin_auth_cache,
+    set_user_jellyseerr_id,
+    get_signup_invite_by_code,
+    increment_signup_invite_use,
+    get_user_profile,
+    get_user_activity,
+    get_user_activity_summary,
+    get_user_request_stats,
+    get_global_request_leader,
+    get_global_request_total,
 )
 from ..runtime import get_runtime_settings
 from ..clients.jellyfin import JellyfinClient
 from ..clients.jellyseerr import JellyseerrClient
-from ..security import create_access_token
+from ..security import create_access_token, verify_password
 from ..auth import get_current_user
+from ..services.user_cache import (
+    build_jellyseerr_candidate_map,
+    get_cached_jellyseerr_users,
+    match_jellyseerr_user_id,
+    save_jellyfin_users_cache,
+)
 
 router = APIRouter(prefix="/auth", tags=["auth"])
 
 
+def _normalize_username(value: str) -> str:
+    normalized = value.strip().lower()
+    if "@" in normalized:
+        normalized = normalized.split("@", 1)[0]
+    return normalized
+
+
+def _is_recent_jellyfin_auth(last_auth_at: str) -> bool:
+    if not last_auth_at:
+        return False
+    try:
+        parsed = datetime.fromisoformat(last_auth_at)
+    except ValueError:
+        return False
+    if parsed.tzinfo is None:
+        parsed = parsed.replace(tzinfo=timezone.utc)
+    age = datetime.now(timezone.utc) - parsed
+    return age <= timedelta(days=7)
+
+
+def _has_valid_jellyfin_cache(user: dict, password: str) -> bool:
+    if not user or not password:
+        return False
+    cached_hash = user.get("jellyfin_password_hash")
+    last_auth_at = user.get("last_jellyfin_auth_at")
+    if not cached_hash or not last_auth_at:
+        return False
+    if not verify_password(password, cached_hash):
+        return False
+    return _is_recent_jellyfin_auth(last_auth_at)
+
+def _extract_jellyseerr_user_id(response: dict) -> int | None:
+    if not isinstance(response, dict):
+        return None
+    candidate = response
+    if isinstance(response.get("user"), dict):
+        candidate = response.get("user")
+    for key in ("id", "userId", "Id"):
+        value = candidate.get(key) if isinstance(candidate, dict) else None
+        if value is None:
+            continue
+        try:
+            return int(value)
+        except (TypeError, ValueError):
+            continue
+    return None
+
+
+def _is_user_expired(user: dict | None) -> bool:
+    if not user:
+        return False
+    expires_at = user.get("expires_at")
+    if not expires_at:
+        return False
+    try:
+        parsed = datetime.fromisoformat(str(expires_at).replace("Z", "+00:00"))
+    except ValueError:
+        return False
+    if parsed.tzinfo is None:
+        parsed = parsed.replace(tzinfo=timezone.utc)
+    return parsed <= datetime.now(timezone.utc)
+
+
+def _assert_user_can_login(user: dict | None) -> None:
+    if not user:
+        return
+    if user.get("is_blocked"):
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="User is blocked")
+    if _is_user_expired(user):
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="User access has expired")
+
+
+def _public_invite_payload(invite: dict, profile: dict | None = None) -> dict:
+    return {
+        "code": invite.get("code"),
+        "label": invite.get("label"),
+        "description": invite.get("description"),
+        "enabled": bool(invite.get("enabled")),
+        "expires_at": invite.get("expires_at"),
+        "max_uses": invite.get("max_uses"),
+        "use_count": invite.get("use_count", 0),
+        "remaining_uses": invite.get("remaining_uses"),
+        "is_expired": bool(invite.get("is_expired")),
+        "is_usable": bool(invite.get("is_usable")),
+        "profile": (
+            {
+                "id": profile.get("id"),
+                "name": profile.get("name"),
+                "description": profile.get("description"),
+            }
+            if profile
+            else None
+        ),
+    }
+
+
 @router.post("/login")
 async def login(form_data: OAuth2PasswordRequestForm = Depends()) -> dict:
     user = verify_user_password(form_data.username, form_data.password)
     if not user:
         raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid credentials")
-    if user.get("is_blocked"):
+    _assert_user_can_login(user)
-        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="User is blocked")
     token = create_access_token(user["username"], user["role"])
     set_last_login(user["username"])
     return {
@@ -39,30 +153,45 @@ async def jellyfin_login(form_data: OAuth2PasswordRequestForm = Depends()) -> di
     client = JellyfinClient(runtime.jellyfin_base_url, runtime.jellyfin_api_key)
     if not client.configured():
         raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Jellyfin not configured")
+    jellyseerr_users = get_cached_jellyseerr_users()
+    candidate_map = build_jellyseerr_candidate_map(jellyseerr_users or [])
+    username = form_data.username
+    password = form_data.password
+    user = get_user_by_username(username)
+    _assert_user_can_login(user)
+    if user and _has_valid_jellyfin_cache(user, password):
+        token = create_access_token(username, "user")
+        set_last_login(username)
+        return {"access_token": token, "token_type": "bearer", "user": {"username": username, "role": "user"}}
     try:
-        response = await client.authenticate_by_name(form_data.username, form_data.password)
+        response = await client.authenticate_by_name(username, password)
     except Exception as exc:
         raise HTTPException(status_code=status.HTTP_502_BAD_GATEWAY, detail=str(exc)) from exc
     if not isinstance(response, dict) or not response.get("User"):
         raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid Jellyfin credentials")
-    create_user_if_missing(form_data.username, "jellyfin-user", role="user", auth_provider="jellyfin")
+    create_user_if_missing(username, "jellyfin-user", role="user", auth_provider="jellyfin")
-    user = get_user_by_username(form_data.username)
+    user = get_user_by_username(username)
-    if user and user.get("is_blocked"):
+    _assert_user_can_login(user)
-        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="User is blocked")
     try:
         users = await client.get_users()
         if isinstance(users, list):
-            for user in users:
+            save_jellyfin_users_cache(users)
-                if not isinstance(user, dict):
+            for jellyfin_user in users:
+                if not isinstance(jellyfin_user, dict):
                     continue
-                name = user.get("Name")
+                name = jellyfin_user.get("Name")
                 if isinstance(name, str) and name:
                     create_user_if_missing(name, "jellyfin-user", role="user", auth_provider="jellyfin")
     except Exception:
         pass
-    token = create_access_token(form_data.username, "user")
+    set_jellyfin_auth_cache(username, password)
-    set_last_login(form_data.username)
+    if user and user.get("jellyseerr_user_id") is None and candidate_map:
-    return {"access_token": token, "token_type": "bearer", "user": {"username": form_data.username, "role": "user"}}
+        matched_id = match_jellyseerr_user_id(username, candidate_map)
+        if matched_id is not None:
+            set_user_jellyseerr_id(username, matched_id)
+    token = create_access_token(username, "user")
+    set_last_login(username)
+    return {"access_token": token, "token_type": "bearer", "user": {"username": username, "role": "user"}}
 
 
 @router.post("/jellyseerr/login")
@@ -78,10 +207,18 @@ async def jellyseerr_login(form_data: OAuth2PasswordRequestForm = Depends()) ->
         raise HTTPException(status_code=status.HTTP_502_BAD_GATEWAY, detail=str(exc)) from exc
     if not isinstance(response, dict):
         raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid Jellyseerr credentials")
-    create_user_if_missing(form_data.username, "jellyseerr-user", role="user", auth_provider="jellyseerr")
+    jellyseerr_user_id = _extract_jellyseerr_user_id(response)
+    create_user_if_missing(
+        form_data.username,
+        "jellyseerr-user",
+        role="user",
+        auth_provider="jellyseerr",
+        jellyseerr_user_id=jellyseerr_user_id,
+    )
     user = get_user_by_username(form_data.username)
-    if user and user.get("is_blocked"):
+    _assert_user_can_login(user)
-        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="User is blocked")
+    if jellyseerr_user_id is not None:
+        set_user_jellyseerr_id(form_data.username, jellyseerr_user_id)
     token = create_access_token(form_data.username, "user")
     set_last_login(form_data.username)
     return {"access_token": token, "token_type": "bearer", "user": {"username": form_data.username, "role": "user"}}
@@ -92,6 +229,133 @@ async def me(current_user: dict = Depends(get_current_user)) -> dict:
     return current_user
 
 
+@router.get("/invites/{code}")
+async def invite_details(code: str) -> dict:
+    invite = get_signup_invite_by_code(code.strip())
+    if not invite:
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Invite not found")
+    profile = None
+    profile_id = invite.get("profile_id")
+    if profile_id is not None:
+        profile = get_user_profile(int(profile_id))
+        if profile and not profile.get("is_active", True):
+            invite = {**invite, "is_usable": False}
+    return {"invite": _public_invite_payload(invite, profile)}
+
+
+@router.post("/signup")
+async def signup(payload: dict) -> dict:
+    if not isinstance(payload, dict):
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid payload")
+    invite_code = str(payload.get("invite_code") or "").strip()
+    username = str(payload.get("username") or "").strip()
+    password = str(payload.get("password") or "")
+    if not invite_code:
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invite code is required")
+    if not username:
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Username is required")
+    if len(password.strip()) < 8:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Password must be at least 8 characters.",
+        )
+    if get_user_by_username(username):
+        raise HTTPException(status_code=status.HTTP_409_CONFLICT, detail="User already exists")
+
+    invite = get_signup_invite_by_code(invite_code)
+    if not invite:
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Invite not found")
+    if not invite.get("enabled"):
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Invite is disabled")
+    if invite.get("is_expired"):
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Invite has expired")
+    remaining_uses = invite.get("remaining_uses")
+    if remaining_uses is not None and int(remaining_uses) <= 0:
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Invite has no remaining uses")
+
+    profile = None
+    profile_id = invite.get("profile_id")
+    if profile_id is not None:
+        profile = get_user_profile(int(profile_id))
+        if not profile:
+            raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invite profile not found")
+        if not profile.get("is_active", True):
+            raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Invite profile is disabled")
+
+    invite_role = invite.get("role")
+    profile_role = profile.get("role") if profile else None
+    role = invite_role if invite_role in {"user", "admin"} else profile_role
+    if role not in {"user", "admin"}:
+        role = "user"
+
+    auto_search_enabled = (
+        bool(profile.get("auto_search_enabled", True))
+        if profile is not None
+        else True
+    )
+
+    expires_at = None
+    account_expires_days = profile.get("account_expires_days") if profile else None
+    if isinstance(account_expires_days, int) and account_expires_days > 0:
+        expires_at = (datetime.now(timezone.utc) + timedelta(days=account_expires_days)).isoformat()
+
+    try:
+        create_user(
+            username,
+            password.strip(),
+            role=role,
+            auth_provider="local",
+            auto_search_enabled=auto_search_enabled,
+            profile_id=int(profile_id) if profile_id is not None else None,
+            expires_at=expires_at,
+            invited_by_code=invite.get("code"),
+        )
+    except Exception as exc:
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail=str(exc)) from exc
+
+    increment_signup_invite_use(int(invite["id"]))
+    created_user = get_user_by_username(username)
+    _assert_user_can_login(created_user)
+    token = create_access_token(username, role)
+    set_last_login(username)
+    return {
+        "access_token": token,
+        "token_type": "bearer",
+        "user": {
+            "username": username,
+            "role": role,
+            "profile_id": created_user.get("profile_id") if created_user else None,
+            "expires_at": created_user.get("expires_at") if created_user else None,
+        },
+    }
+
+
+@router.get("/profile")
+async def profile(current_user: dict = Depends(get_current_user)) -> dict:
+    username = current_user.get("username") or ""
+    username_norm = _normalize_username(username) if username else ""
+    stats = get_user_request_stats(username_norm, current_user.get("jellyseerr_user_id"))
+    global_total = get_global_request_total()
+    share = (stats.get("total", 0) / global_total) if global_total else 0
+    activity_summary = get_user_activity_summary(username) if username else {}
+    activity_recent = get_user_activity(username, limit=5) if username else []
+    stats_payload = {
+        **stats,
+        "share": share,
+        "global_total": global_total,
+    }
+    if current_user.get("role") == "admin":
+        stats_payload["most_active_user"] = get_global_request_leader()
+    return {
+        "user": current_user,
+        "stats": stats_payload,
+        "activity": {
+            **activity_summary,
+            "recent": activity_recent,
+        },
+    }
+
+
 @router.post("/password")
 async def change_password(payload: dict, current_user: dict = Depends(get_current_user)) -> dict:
     if current_user.get("auth_provider") != "local":

backend/app/routers/branding.py

@@ -4,13 +4,17 @@ from typing import Any, Dict
 
 from fastapi import APIRouter, HTTPException, UploadFile, File
 from fastapi.responses import FileResponse
-from PIL import Image
+from PIL import Image, ImageDraw, ImageFont
 
 router = APIRouter(prefix="/branding", tags=["branding"])
 
 _BRANDING_DIR = os.path.join(os.getcwd(), "data", "branding")
 _LOGO_PATH = os.path.join(_BRANDING_DIR, "logo.png")
 _FAVICON_PATH = os.path.join(_BRANDING_DIR, "favicon.ico")
+_BUNDLED_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "assets", "branding"))
+_BUNDLED_LOGO_PATH = os.path.join(_BUNDLED_DIR, "logo.png")
+_BUNDLED_FAVICON_PATH = os.path.join(_BUNDLED_DIR, "favicon.ico")
+_BRANDING_SOURCE = os.getenv("BRANDING_SOURCE", "bundled").lower()
 
 
 def _ensure_branding_dir() -> None:
@@ -23,20 +27,86 @@ def _resize_image(image: Image.Image, max_size: int = 300) -> Image.Image:
     return image
 
 
+def _load_font(size: int) -> ImageFont.ImageFont:
+    candidates = [
+        "/usr/share/fonts/truetype/dejavu/DejaVuSans-Bold.ttf",
+        "/usr/share/fonts/truetype/dejavu/DejaVuSans.ttf",
+    ]
+    for path in candidates:
+        if os.path.exists(path):
+            try:
+                return ImageFont.truetype(path, size)
+            except OSError:
+                continue
+    return ImageFont.load_default()
+
+
+def _ensure_default_branding() -> None:
+    if os.path.exists(_LOGO_PATH) and os.path.exists(_FAVICON_PATH):
+        return
+    _ensure_branding_dir()
+    if not os.path.exists(_LOGO_PATH) and os.path.exists(_BUNDLED_LOGO_PATH):
+        try:
+            with open(_BUNDLED_LOGO_PATH, "rb") as source, open(_LOGO_PATH, "wb") as target:
+                target.write(source.read())
+        except OSError:
+            pass
+    if not os.path.exists(_FAVICON_PATH) and os.path.exists(_BUNDLED_FAVICON_PATH):
+        try:
+            with open(_BUNDLED_FAVICON_PATH, "rb") as source, open(_FAVICON_PATH, "wb") as target:
+                target.write(source.read())
+        except OSError:
+            pass
+    if not os.path.exists(_LOGO_PATH):
+        image = Image.new("RGBA", (300, 300), (12, 18, 28, 255))
+        draw = ImageDraw.Draw(image)
+        font = _load_font(160)
+        text = "M"
+        box = draw.textbbox((0, 0), text, font=font)
+        text_w = box[2] - box[0]
+        text_h = box[3] - box[1]
+        draw.text(
+            ((300 - text_w) / 2, (300 - text_h) / 2 - 6),
+            text,
+            font=font,
+            fill=(255, 255, 255, 255),
+        )
+        image.save(_LOGO_PATH, format="PNG")
+    if not os.path.exists(_FAVICON_PATH):
+        favicon = Image.open(_LOGO_PATH).copy()
+        favicon.thumbnail((64, 64))
+        try:
+            favicon.save(_FAVICON_PATH, format="ICO", sizes=[(32, 32), (64, 64)])
+        except OSError:
+            favicon.save(_FAVICON_PATH, format="ICO")
+
+
+def _resolve_branding_paths() -> tuple[str, str]:
+    if _BRANDING_SOURCE == "data":
+        _ensure_default_branding()
+        return _LOGO_PATH, _FAVICON_PATH
+    if os.path.exists(_BUNDLED_LOGO_PATH) and os.path.exists(_BUNDLED_FAVICON_PATH):
+        return _BUNDLED_LOGO_PATH, _BUNDLED_FAVICON_PATH
+    _ensure_default_branding()
+    return _LOGO_PATH, _FAVICON_PATH
+
+
 @router.get("/logo.png")
 async def branding_logo() -> FileResponse:
-    if not os.path.exists(_LOGO_PATH):
+    logo_path, _ = _resolve_branding_paths()
+    if not os.path.exists(logo_path):
         raise HTTPException(status_code=404, detail="Logo not found")
-    headers = {"Cache-Control": "public, max-age=300"}
+    headers = {"Cache-Control": "no-store"}
-    return FileResponse(_LOGO_PATH, media_type="image/png", headers=headers)
+    return FileResponse(logo_path, media_type="image/png", headers=headers)
 
 
 @router.get("/favicon.ico")
 async def branding_favicon() -> FileResponse:
-    if not os.path.exists(_FAVICON_PATH):
+    _, favicon_path = _resolve_branding_paths()
+    if not os.path.exists(favicon_path):
         raise HTTPException(status_code=404, detail="Favicon not found")
-    headers = {"Cache-Control": "public, max-age=300"}
+    headers = {"Cache-Control": "no-store"}
-    return FileResponse(_FAVICON_PATH, media_type="image/x-icon", headers=headers)
+    return FileResponse(favicon_path, media_type="image/x-icon", headers=headers)
 
 
 async def save_branding_image(file: UploadFile) -> Dict[str, Any]:

backend/app/routers/events.py

@@ -0,0 +1,112 @@
+from __future__ import annotations
+
+import asyncio
+import json
+import time
+from datetime import datetime, timezone
+from typing import Any, Dict, Optional
+
+from fastapi import APIRouter, Depends, Request
+from fastapi.responses import StreamingResponse
+
+from ..auth import get_current_user_event_stream
+from . import requests as requests_router
+from .status import services_status
+
+router = APIRouter(prefix="/events", tags=["events"])
+
+
+def _sse_json(payload: Dict[str, Any]) -> str:
+    return f"data: {json.dumps(payload, ensure_ascii=True, separators=(',', ':'), default=str)}\n\n"
+
+
+@router.get("/stream")
+async def events_stream(
+    request: Request,
+    recent_days: int = 90,
+    user: Dict[str, Any] = Depends(get_current_user_event_stream),
+) -> StreamingResponse:
+    recent_days = max(0, min(int(recent_days or 90), 3650))
+    recent_take = 50 if user.get("role") == "admin" else 6
+
+    async def event_generator():
+        yield "retry: 2000\n\n"
+        last_recent_signature: Optional[str] = None
+        last_services_signature: Optional[str] = None
+        next_recent_at = 0.0
+        next_services_at = 0.0
+        heartbeat_counter = 0
+
+        while True:
+            if await request.is_disconnected():
+                break
+
+            now = time.monotonic()
+            sent_any = False
+
+            if now >= next_recent_at:
+                next_recent_at = now + 15.0
+                try:
+                    recent_payload = await requests_router.recent_requests(
+                        take=recent_take,
+                        skip=0,
+                        days=recent_days,
+                        user=user,
+                    )
+                    results = recent_payload.get("results") if isinstance(recent_payload, dict) else []
+                    payload = {
+                        "type": "home_recent",
+                        "ts": datetime.now(timezone.utc).isoformat(),
+                        "days": recent_days,
+                        "results": results if isinstance(results, list) else [],
+                    }
+                except Exception as exc:
+                    payload = {
+                        "type": "home_recent",
+                        "ts": datetime.now(timezone.utc).isoformat(),
+                        "days": recent_days,
+                        "error": str(exc),
+                    }
+                signature = json.dumps(payload, ensure_ascii=True, separators=(",", ":"), default=str)
+                if signature != last_recent_signature:
+                    last_recent_signature = signature
+                    yield _sse_json(payload)
+                    sent_any = True
+
+            if now >= next_services_at:
+                next_services_at = now + 30.0
+                try:
+                    status_payload = await services_status()
+                    payload = {
+                        "type": "home_services",
+                        "ts": datetime.now(timezone.utc).isoformat(),
+                        "status": status_payload,
+                    }
+                except Exception as exc:
+                    payload = {
+                        "type": "home_services",
+                        "ts": datetime.now(timezone.utc).isoformat(),
+                        "error": str(exc),
+                    }
+                signature = json.dumps(payload, ensure_ascii=True, separators=(",", ":"), default=str)
+                if signature != last_services_signature:
+                    last_services_signature = signature
+                    yield _sse_json(payload)
+                    sent_any = True
+
+            if sent_any:
+                heartbeat_counter = 0
+            else:
+                heartbeat_counter += 1
+                if heartbeat_counter >= 15:
+                    yield ": ping\n\n"
+                    heartbeat_counter = 0
+
+            await asyncio.sleep(1.0)
+
+    headers = {
+        "Cache-Control": "no-cache",
+        "Connection": "keep-alive",
+        "X-Accel-Buffering": "no",
+    }
+    return StreamingResponse(event_generator(), media_type="text/event-stream", headers=headers)

backend/app/routers/feedback.py

@@ -0,0 +1,38 @@
+from typing import Any, Dict
+import httpx
+from fastapi import APIRouter, Depends, HTTPException
+
+from ..auth import get_current_user
+from ..runtime import get_runtime_settings
+
+router = APIRouter(prefix="/feedback", tags=["feedback"], dependencies=[Depends(get_current_user)])
+
+
+@router.post("")
+async def send_feedback(payload: Dict[str, Any], user: Dict[str, str] = Depends(get_current_user)) -> dict:
+    runtime = get_runtime_settings()
+    webhook_url = runtime.discord_webhook_url
+    if not webhook_url:
+        raise HTTPException(status_code=400, detail="Discord webhook not configured")
+
+    feedback_type = str(payload.get("type") or "").strip().lower()
+    if feedback_type not in {"bug", "feature"}:
+        raise HTTPException(status_code=400, detail="Invalid feedback type")
+
+    message = str(payload.get("message") or "").strip()
+    if not message:
+        raise HTTPException(status_code=400, detail="Message is required")
+    if len(message) > 2000:
+        raise HTTPException(status_code=400, detail="Message is too long")
+
+    username = user.get("username") or "unknown"
+    content = f"**{feedback_type.title()}** from **{username}**\n{message}"
+
+    try:
+        async with httpx.AsyncClient(timeout=10.0) as client:
+            response = await client.post(webhook_url, json={"content": content})
+            response.raise_for_status()
+    except httpx.HTTPStatusError as exc:
+        raise HTTPException(status_code=502, detail=str(exc)) from exc
+
+    return {"status": "ok"}

backend/app/routers/images.py

@@ -1,6 +1,8 @@
 import os
 import re
 import mimetypes
+import logging
+from typing import Optional
 from fastapi import APIRouter, HTTPException, Response
 from fastapi.responses import FileResponse, RedirectResponse
 import httpx
@@ -11,6 +13,7 @@ router = APIRouter(prefix="/images", tags=["images"])
 
 _TMDB_BASE = "https://image.tmdb.org/t/p"
 _ALLOWED_SIZES = {"w92", "w154", "w185", "w342", "w500", "w780", "original"}
+logger = logging.getLogger(__name__)
 
 
 def _safe_filename(path: str) -> str:
@@ -19,13 +22,24 @@ def _safe_filename(path: str) -> str:
     safe = re.sub(r"[^A-Za-z0-9_.-]", "_", trimmed)
     return safe or "image"
 
-
+def tmdb_cache_path(path: str, size: str) -> Optional[str]:
-async def cache_tmdb_image(path: str, size: str = "w342") -> bool:
     if not path or "://" in path or ".." in path:
-        return False
+        return None
     if not path.startswith("/"):
         path = f"/{path}"
     if size not in _ALLOWED_SIZES:
+        return None
+    cache_dir = os.path.join(os.getcwd(), "data", "artwork", "tmdb", size)
+    return os.path.join(cache_dir, _safe_filename(path))
+
+
+def is_tmdb_cached(path: str, size: str) -> bool:
+    file_path = tmdb_cache_path(path, size)
+    return bool(file_path and os.path.exists(file_path))
+
+
+async def cache_tmdb_image(path: str, size: str = "w342") -> bool:
+    if not path or "://" in path or ".." in path:
         return False
 
     runtime = get_runtime_settings()
@@ -33,9 +47,10 @@ async def cache_tmdb_image(path: str, size: str = "w342") -> bool:
     if cache_mode != "cache":
         return False
 
-    cache_dir = os.path.join(os.getcwd(), "data", "artwork", "tmdb", size)
+    file_path = tmdb_cache_path(path, size)
-    os.makedirs(cache_dir, exist_ok=True)
+    if not file_path:
-    file_path = os.path.join(cache_dir, _safe_filename(path))
+        return False
+    os.makedirs(os.path.dirname(file_path), exist_ok=True)
     if os.path.exists(file_path):
         return True
 
@@ -64,9 +79,10 @@ async def tmdb_image(path: str, size: str = "w342"):
     if cache_mode != "cache":
         return RedirectResponse(url=url)
 
-    cache_dir = os.path.join(os.getcwd(), "data", "artwork", "tmdb", size)
+    file_path = tmdb_cache_path(path, size)
-    os.makedirs(cache_dir, exist_ok=True)
+    if not file_path:
-    file_path = os.path.join(cache_dir, _safe_filename(path))
+        raise HTTPException(status_code=400, detail="Invalid image path")
+    os.makedirs(os.path.dirname(file_path), exist_ok=True)
     headers = {"Cache-Control": "public, max-age=86400"}
     if os.path.exists(file_path):
         media_type = mimetypes.guess_type(file_path)[0] or "image/jpeg"
@@ -77,6 +93,8 @@ async def tmdb_image(path: str, size: str = "w342"):
         if os.path.exists(file_path):
             media_type = mimetypes.guess_type(file_path)[0] or "image/jpeg"
             return FileResponse(file_path, media_type=media_type, headers=headers)
-        raise HTTPException(status_code=502, detail="Image cache failed")
+        logger.warning("TMDB cache miss after fetch: path=%s size=%s", path, size)
-    except httpx.HTTPError as exc:
+    except (httpx.HTTPError, OSError) as exc:
-        raise HTTPException(status_code=502, detail=f"Image fetch failed: {exc}") from exc
+        logger.warning("TMDB cache failed: path=%s size=%s error=%s", path, size, exc)
+
+    return RedirectResponse(url=url)

backend/app/routers/site.py

@@ -0,0 +1,39 @@
+from typing import Any, Dict
+
+from fastapi import APIRouter, Depends
+
+from ..auth import get_current_user
+from ..runtime import get_runtime_settings
+
+router = APIRouter(prefix="/site", tags=["site"])
+
+_BANNER_TONES = {"info", "warning", "error", "maintenance"}
+
+
+def _build_site_info(include_changelog: bool) -> Dict[str, Any]:
+    runtime = get_runtime_settings()
+    banner_message = (runtime.site_banner_message or "").strip()
+    tone = (runtime.site_banner_tone or "info").strip().lower()
+    if tone not in _BANNER_TONES:
+        tone = "info"
+    info = {
+        "buildNumber": (runtime.site_build_number or "").strip(),
+        "banner": {
+            "enabled": bool(runtime.site_banner_enabled and banner_message),
+            "message": banner_message,
+            "tone": tone,
+        },
+    }
+    if include_changelog:
+        info["changelog"] = (runtime.site_changelog or "").strip()
+    return info
+
+
+@router.get("/public")
+async def site_public() -> Dict[str, Any]:
+    return _build_site_info(False)
+
+
+@router.get("/info")
+async def site_info(user: Dict[str, Any] = Depends(get_current_user)) -> Dict[str, Any]:
+    return _build_site_info(True)

backend/app/routers/status.py

@@ -1,6 +1,6 @@
 from typing import Any, Dict
 import httpx
-from fastapi import APIRouter, Depends
+from fastapi import APIRouter, Depends, HTTPException
 
 from ..auth import get_current_user
 from ..runtime import get_runtime_settings
@@ -93,3 +93,42 @@ async def services_status() -> Dict[str, Any]:
         overall = "degraded"
 
     return {"overall": overall, "services": services}
+
+
+@router.post("/services/{service}/test")
+async def test_service(service: str) -> Dict[str, Any]:
+    runtime = get_runtime_settings()
+    jellyseerr = JellyseerrClient(runtime.jellyseerr_base_url, runtime.jellyseerr_api_key)
+    sonarr = SonarrClient(runtime.sonarr_base_url, runtime.sonarr_api_key)
+    radarr = RadarrClient(runtime.radarr_base_url, runtime.radarr_api_key)
+    prowlarr = ProwlarrClient(runtime.prowlarr_base_url, runtime.prowlarr_api_key)
+    qbittorrent = QBittorrentClient(
+        runtime.qbittorrent_base_url, runtime.qbittorrent_username, runtime.qbittorrent_password
+    )
+    jellyfin = JellyfinClient(runtime.jellyfin_base_url, runtime.jellyfin_api_key)
+
+    service_key = service.strip().lower()
+    checks = {
+        "jellyseerr": (
+            "Jellyseerr",
+            jellyseerr.configured(),
+            lambda: jellyseerr.get_recent_requests(take=1, skip=0),
+        ),
+        "sonarr": ("Sonarr", sonarr.configured(), sonarr.get_system_status),
+        "radarr": ("Radarr", radarr.configured(), radarr.get_system_status),
+        "prowlarr": ("Prowlarr", prowlarr.configured(), prowlarr.get_health),
+        "qbittorrent": ("qBittorrent", qbittorrent.configured(), qbittorrent.get_app_version),
+        "jellyfin": ("Jellyfin", jellyfin.configured(), jellyfin.get_system_info),
+    }
+
+    if service_key not in checks:
+        raise HTTPException(status_code=404, detail="Unknown service")
+
+    name, configured, func = checks[service_key]
+    result = await _check(name, configured, func)
+    if name == "Prowlarr" and result.get("status") == "up":
+        health = result.get("detail")
+        if isinstance(health, list) and health:
+            result["status"] = "degraded"
+            result["message"] = "Health warnings"
+    return result

backend/app/runtime.py

@@ -12,7 +12,9 @@ _INT_FIELDS = {
 }
 _BOOL_FIELDS = {
     "jellyfin_sync_to_arr",
+    "site_banner_enabled",
 }
+_SKIP_OVERRIDE_FIELDS = {"site_build_number", "site_changelog"}
 
 
 def get_runtime_settings():
@@ -21,6 +23,8 @@ def get_runtime_settings():
     for key, value in overrides.items():
         if value is None:
             continue
+        if key in _SKIP_OVERRIDE_FIELDS:
+            continue
         if key in _INT_FIELDS:
             try:
                 update[key] = int(value)

backend/app/services/jellyfin_sync.py

@@ -3,8 +3,14 @@ import logging
 from fastapi import HTTPException
 
 from ..clients.jellyfin import JellyfinClient
-from ..db import create_user_if_missing
+from ..db import create_user_if_missing, set_user_jellyseerr_id
 from ..runtime import get_runtime_settings
+from .user_cache import (
+    build_jellyseerr_candidate_map,
+    get_cached_jellyseerr_users,
+    match_jellyseerr_user_id,
+    save_jellyfin_users_cache,
+)
 
 logger = logging.getLogger(__name__)
 
@@ -17,6 +23,9 @@ async def sync_jellyfin_users() -> int:
     users = await client.get_users()
     if not isinstance(users, list):
         return 0
+    save_jellyfin_users_cache(users)
+    jellyseerr_users = get_cached_jellyseerr_users()
+    candidate_map = build_jellyseerr_candidate_map(jellyseerr_users or [])
     imported = 0
     for user in users:
         if not isinstance(user, dict):
@@ -24,8 +33,18 @@ async def sync_jellyfin_users() -> int:
         name = user.get("Name")
         if not name:
             continue
-        if create_user_if_missing(name, "jellyfin-user", role="user", auth_provider="jellyfin"):
+        matched_id = match_jellyseerr_user_id(name, candidate_map) if candidate_map else None
+        created = create_user_if_missing(
+            name,
+            "jellyfin-user",
+            role="user",
+            auth_provider="jellyfin",
+            jellyseerr_user_id=matched_id,
+        )
+        if created:
             imported += 1
+        elif matched_id is not None:
+            set_user_jellyseerr_id(name, matched_id)
     return imported
 
 

backend/app/services/snapshot.py

@@ -11,9 +11,21 @@ from ..clients.radarr import RadarrClient
 from ..clients.prowlarr import ProwlarrClient
 from ..clients.qbittorrent import QBittorrentClient
 from ..runtime import get_runtime_settings
-from ..db import save_snapshot, get_request_cache_payload
+from ..db import (
+    save_snapshot,
+    get_request_cache_payload,
+    get_request_cache_by_id,
+    get_recent_snapshots,
+    get_setting,
+    set_setting,
+)
 from ..models import ActionOption, NormalizedState, RequestType, Snapshot, TimelineHop
 
+logger = logging.getLogger(__name__)
+
+JELLYFIN_SCAN_COOLDOWN_SECONDS = 300
+_jellyfin_scan_key = "jellyfin_scan_last_at"
+
 
 STATUS_LABELS = {
     1: "Waiting for approval",
@@ -41,6 +53,35 @@ def _pick_first(value: Any) -> Optional[Dict[str, Any]]:
     return None
 
 
+async def _maybe_refresh_jellyfin(snapshot: Snapshot) -> None:
+    if snapshot.state not in {NormalizedState.available, NormalizedState.completed}:
+        return
+    runtime = get_runtime_settings()
+    client = JellyfinClient(runtime.jellyfin_base_url, runtime.jellyfin_api_key)
+    if not client.configured():
+        return
+    last_scan = get_setting(_jellyfin_scan_key)
+    if last_scan:
+        try:
+            parsed = datetime.fromisoformat(last_scan.replace("Z", "+00:00"))
+            if (datetime.now(timezone.utc) - parsed).total_seconds() < JELLYFIN_SCAN_COOLDOWN_SECONDS:
+                return
+        except ValueError:
+            pass
+    previous = await asyncio.to_thread(get_recent_snapshots, snapshot.request_id, 1)
+    if previous:
+        prev_state = previous[0].get("state")
+        if prev_state in {NormalizedState.available.value, NormalizedState.completed.value}:
+            return
+    try:
+        await client.refresh_library()
+    except Exception as exc:
+        logger.warning("Jellyfin library refresh failed: %s", exc)
+        return
+    set_setting(_jellyfin_scan_key, datetime.now(timezone.utc).isoformat())
+    logger.info("Jellyfin library refresh triggered: request_id=%s", snapshot.request_id)
+
+
 def _queue_records(queue: Any) -> List[Dict[str, Any]]:
     if isinstance(queue, dict):
         records = queue.get("records")
@@ -185,7 +226,21 @@ async def build_snapshot(request_id: str) -> Snapshot:
             logging.getLogger(__name__).debug(
                 "snapshot cache miss: request_id=%s mode=%s", request_id, mode
             )
+        if cached_request is not None:
+            cache_meta = get_request_cache_by_id(int(request_id))
+            cached_title = cache_meta.get("title") if cache_meta else None
+            if cached_title and isinstance(cached_request, dict):
+                media = cached_request.get("media")
+                if not isinstance(media, dict):
+                    media = {}
+                    cached_request["media"] = media
+                if not media.get("title") and not media.get("name"):
+                    media["title"] = cached_title
+                    media["name"] = cached_title
+                if not cached_request.get("title") and not cached_request.get("name"):
+                    cached_request["title"] = cached_title
 
+    allow_remote = mode == "always_js" and jellyseerr.configured()
     if not jellyseerr.configured() and not cached_request:
         timeline.append(TimelineHop(service="Jellyseerr", status="not_configured"))
         timeline.append(TimelineHop(service="Sonarr/Radarr", status="not_configured"))
@@ -193,9 +248,15 @@ async def build_snapshot(request_id: str) -> Snapshot:
         timeline.append(TimelineHop(service="qBittorrent", status="not_configured"))
         snapshot.timeline = timeline
         return snapshot
+    if cached_request is None and not allow_remote:
+        timeline.append(TimelineHop(service="Jellyseerr", status="cache_miss"))
+        snapshot.timeline = timeline
+        snapshot.state = NormalizedState.unknown
+        snapshot.state_reason = "Request not found in cache"
+        return snapshot
 
     jelly_request = cached_request
-    if (jelly_request is None or mode == "always_js") and jellyseerr.configured():
+    if allow_remote and (jelly_request is None or mode == "always_js"):
         try:
             jelly_request = await jellyseerr.get_request(request_id)
             logging.getLogger(__name__).debug(
@@ -218,17 +279,25 @@ async def build_snapshot(request_id: str) -> Snapshot:
     jelly_status = jelly_request.get("status", "unknown")
     jelly_status_label = _status_label(jelly_status)
     jelly_type = jelly_request.get("type") or "unknown"
-    snapshot.title = jelly_request.get("media", {}).get("title", "Unknown")
-    snapshot.year = jelly_request.get("media", {}).get("year")
-    snapshot.request_type = RequestType(jelly_type) if jelly_type in {"movie", "tv"} else RequestType.unknown
     media = jelly_request.get("media", {}) if isinstance(jelly_request, dict) else {}
+    if not isinstance(media, dict):
+        media = {}
+    snapshot.title = (
+        media.get("title")
+        or media.get("name")
+        or jelly_request.get("title")
+        or jelly_request.get("name")
+        or "Unknown"
+    )
+    snapshot.year = media.get("year") or jelly_request.get("year")
+    snapshot.request_type = RequestType(jelly_type) if jelly_type in {"movie", "tv"} else RequestType.unknown
     poster_path = None
     backdrop_path = None
     if isinstance(media, dict):
         poster_path = media.get("posterPath") or media.get("poster_path")
         backdrop_path = media.get("backdropPath") or media.get("backdrop_path")
 
-    if snapshot.title in {None, "", "Unknown"} and jellyseerr.configured():
+    if snapshot.title in {None, "", "Unknown"} and allow_remote:
         tmdb_id = jelly_request.get("media", {}).get("tmdbId")
         if tmdb_id:
             try:
@@ -381,10 +450,6 @@ async def build_snapshot(request_id: str) -> Snapshot:
 
     if arr_state is None:
         arr_state = "unknown"
-    if arr_state == "missing" and media_status_code in {4}:
-        arr_state = "available"
-    elif arr_state == "missing" and media_status_code in {6}:
-        arr_state = "added"
 
     timeline.append(TimelineHop(service="Sonarr/Radarr", status=arr_state, details=arr_details))
 
@@ -465,9 +530,14 @@ async def build_snapshot(request_id: str) -> Snapshot:
     try:
         download_ids = _download_ids(_queue_records(arr_queue))
         torrent_list: List[Dict[str, Any]] = []
-        if download_ids and qbittorrent.configured():
+        if qbittorrent.configured():
+            if download_ids:
                 torrents = await qbittorrent.get_torrents_by_hashes("|".join(download_ids))
                 torrent_list = torrents if isinstance(torrents, list) else []
+            else:
+                category = f"magent-{request_id}"
+                torrents = await qbittorrent.get_torrents_by_category(category)
+                torrent_list = torrents if isinstance(torrents, list) else []
         summary = _summarize_qbit(torrent_list)
         qbit_state = summary.get("state")
         qbit_message = summary.get("message")
@@ -519,7 +589,7 @@ async def build_snapshot(request_id: str) -> Snapshot:
             snapshot.state_reason = "Waiting for download to start in qBittorrent."
     elif arr_state == "missing" and derived_approved:
         snapshot.state = NormalizedState.needs_add
-        snapshot.state_reason = "Approved, but not added to the library yet."
+        snapshot.state_reason = "Approved, but not yet added to Sonarr/Radarr."
     elif arr_state == "searching":
         snapshot.state = NormalizedState.searching
         snapshot.state_reason = "Searching for a matching release."
@@ -543,15 +613,22 @@ async def build_snapshot(request_id: str) -> Snapshot:
         actions.append(
             ActionOption(
                 id="readd_to_arr",
-                label="Add to the library queue (Sonarr/Radarr)",
+                label="Push to Sonarr/Radarr",
                 risk="medium",
             )
         )
     elif arr_item and arr_state != "available":
         actions.append(
             ActionOption(
-                id="search",
+                id="search_auto",
-                label="Search again for releases",
+                label="Search and auto-download",
+                risk="low",
+            )
+        )
+        actions.append(
+            ActionOption(
+                id="search_releases",
+                label="Search and choose a download",
                 risk="low",
             )
         )
@@ -592,5 +669,6 @@ async def build_snapshot(request_id: str) -> Snapshot:
         },
     }
 
+    await _maybe_refresh_jellyfin(snapshot)
     await asyncio.to_thread(save_snapshot, snapshot)
     return snapshot

backend/app/services/user_cache.py

@@ -0,0 +1,158 @@
+import json
+import logging
+from datetime import datetime, timezone, timedelta
+from typing import Any, Dict, List, Optional
+
+from ..db import get_setting, set_setting, delete_setting
+
+logger = logging.getLogger(__name__)
+
+JELLYSEERR_CACHE_KEY = "jellyseerr_users_cache"
+JELLYSEERR_CACHE_AT_KEY = "jellyseerr_users_cached_at"
+JELLYFIN_CACHE_KEY = "jellyfin_users_cache"
+JELLYFIN_CACHE_AT_KEY = "jellyfin_users_cached_at"
+
+
+def _now_iso() -> str:
+    return datetime.now(timezone.utc).isoformat()
+
+
+def _parse_iso(value: Optional[str]) -> Optional[datetime]:
+    if not value:
+        return None
+    try:
+        parsed = datetime.fromisoformat(value)
+    except ValueError:
+        return None
+    if parsed.tzinfo is None:
+        parsed = parsed.replace(tzinfo=timezone.utc)
+    return parsed
+
+
+def _cache_is_fresh(cached_at: Optional[str], max_age_minutes: int) -> bool:
+    parsed = _parse_iso(cached_at)
+    if not parsed:
+        return False
+    age = datetime.now(timezone.utc) - parsed
+    return age <= timedelta(minutes=max_age_minutes)
+
+
+def _load_cached_users(
+    cache_key: str, cache_at_key: str, max_age_minutes: int
+) -> Optional[List[Dict[str, Any]]]:
+    cached_at = get_setting(cache_at_key)
+    if not _cache_is_fresh(cached_at, max_age_minutes):
+        return None
+    raw = get_setting(cache_key)
+    if not raw:
+        return None
+    try:
+        data = json.loads(raw)
+    except (TypeError, json.JSONDecodeError):
+        return None
+    if isinstance(data, list):
+        return [item for item in data if isinstance(item, dict)]
+    return None
+
+
+def _save_cached_users(cache_key: str, cache_at_key: str, users: List[Dict[str, Any]]) -> None:
+    payload = json.dumps(users, ensure_ascii=True)
+    set_setting(cache_key, payload)
+    set_setting(cache_at_key, _now_iso())
+
+
+def _normalized_handles(value: Any) -> List[str]:
+    if not isinstance(value, str):
+        return []
+    normalized = value.strip().lower()
+    if not normalized:
+        return []
+    handles = [normalized]
+    if "@" in normalized:
+        handles.append(normalized.split("@", 1)[0])
+    return list(dict.fromkeys(handles))
+
+
+def build_jellyseerr_candidate_map(users: List[Dict[str, Any]]) -> Dict[str, int]:
+    candidate_to_id: Dict[str, int] = {}
+    for user in users:
+        if not isinstance(user, dict):
+            continue
+        user_id = user.get("id") or user.get("userId") or user.get("Id")
+        try:
+            user_id = int(user_id)
+        except (TypeError, ValueError):
+            continue
+        for key in ("username", "email", "displayName", "name"):
+            for handle in _normalized_handles(user.get(key)):
+                candidate_to_id.setdefault(handle, user_id)
+    return candidate_to_id
+
+
+def match_jellyseerr_user_id(
+    username: str, candidate_map: Dict[str, int]
+) -> Optional[int]:
+    for handle in _normalized_handles(username):
+        matched = candidate_map.get(handle)
+        if matched is not None:
+            return matched
+    return None
+
+
+def save_jellyseerr_users_cache(users: List[Dict[str, Any]]) -> List[Dict[str, Any]]:
+    normalized: List[Dict[str, Any]] = []
+    for user in users:
+        if not isinstance(user, dict):
+            continue
+        normalized.append(
+            {
+                "id": user.get("id") or user.get("userId") or user.get("Id"),
+                "email": user.get("email"),
+                "username": user.get("username"),
+                "displayName": user.get("displayName"),
+                "name": user.get("name"),
+            }
+        )
+    _save_cached_users(JELLYSEERR_CACHE_KEY, JELLYSEERR_CACHE_AT_KEY, normalized)
+    logger.debug("Cached Jellyseerr users: %s", len(normalized))
+    return normalized
+
+
+def get_cached_jellyseerr_users(max_age_minutes: int = 1440) -> Optional[List[Dict[str, Any]]]:
+    return _load_cached_users(JELLYSEERR_CACHE_KEY, JELLYSEERR_CACHE_AT_KEY, max_age_minutes)
+
+
+def save_jellyfin_users_cache(users: List[Dict[str, Any]]) -> List[Dict[str, Any]]:
+    normalized: List[Dict[str, Any]] = []
+    for user in users:
+        if not isinstance(user, dict):
+            continue
+        normalized.append(
+            {
+                "id": user.get("Id"),
+                "name": user.get("Name"),
+                "hasPassword": user.get("HasPassword"),
+                "lastLoginDate": user.get("LastLoginDate"),
+            }
+        )
+    _save_cached_users(JELLYFIN_CACHE_KEY, JELLYFIN_CACHE_AT_KEY, normalized)
+    logger.debug("Cached Jellyfin users: %s", len(normalized))
+    return normalized
+
+
+def get_cached_jellyfin_users(max_age_minutes: int = 1440) -> Optional[List[Dict[str, Any]]]:
+    return _load_cached_users(JELLYFIN_CACHE_KEY, JELLYFIN_CACHE_AT_KEY, max_age_minutes)
+
+
+def clear_user_import_caches() -> Dict[str, int]:
+    cleared = 0
+    for key in (
+        JELLYSEERR_CACHE_KEY,
+        JELLYSEERR_CACHE_AT_KEY,
+        JELLYFIN_CACHE_KEY,
+        JELLYFIN_CACHE_AT_KEY,
+    ):
+        delete_setting(key)
+        cleared += 1
+    logger.debug("Cleared user import cache keys: %s", cleared)
+    return {"settingsKeysCleared": cleared}

docker-compose.hub.yml

@@ -0,0 +1,10 @@
+services:
+  magent:
+    image: rephl3xnz/magent:latest
+    env_file:
+      - ./.env
+    ports:
+      - "3000:3000"
+      - "8000:8000"
+    volumes:
+      - ./data:/app/data

docker-compose.yml

@@ -1,23 +1,12 @@
 services:
-  backend:
+  magent:
     build:
-      context: ./backend
+      context: .
       dockerfile: Dockerfile
     env_file:
       - ./.env
     ports:
+      - "3000:3000"
       - "8000:8000"
     volumes:
       - ./data:/app/data
-
-  frontend:
-    build:
-      context: ./frontend
-      dockerfile: Dockerfile
-    environment:
-      - NEXT_PUBLIC_API_BASE=/api
-      - BACKEND_INTERNAL_URL=http://backend:8000
-    ports:
-      - "3000:3000"
-    depends_on:
-      - backend

docker/supervisord.conf

@@ -0,0 +1,28 @@
+[supervisord]
+nodaemon=true
+logfile=/dev/null
+logfile_maxbytes=0
+pidfile=/tmp/supervisord.pid
+
+[program:backend]
+directory=/app
+command=uvicorn app.main:app --host 0.0.0.0 --port 8000
+autostart=true
+autorestart=true
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+priority=10
+
+[program:frontend]
+directory=/app/frontend
+command=/usr/bin/npm start -- --hostname 0.0.0.0 --port 3000
+environment=NEXT_PUBLIC_API_BASE="/api",BACKEND_INTERNAL_URL="http://127.0.0.1:8000",NODE_ENV="production"
+autostart=true
+autorestart=true
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+priority=20

frontend/Dockerfile

@@ -8,6 +8,7 @@ COPY package.json ./
 RUN npm install
 
 COPY app ./app
+COPY public ./public
 COPY next-env.d.ts ./next-env.d.ts
 COPY next.config.js ./next.config.js
 COPY tsconfig.json ./tsconfig.json
@@ -22,6 +23,7 @@ ENV NEXT_TELEMETRY_DISABLED=1 \
     NODE_ENV=production
 
 COPY --from=builder /app/.next ./.next
+COPY --from=builder /app/public ./public
 COPY --from=builder /app/node_modules ./node_modules
 COPY --from=builder /app/package.json ./package.json
 COPY --from=builder /app/next.config.js ./next.config.js

frontend/app/admin/SettingsPage.tsx

@@ -1,6 +1,6 @@
 'use client'
 
-import { useEffect, useMemo, useState } from 'react'
+import { useCallback, useEffect, useMemo, useRef, useState } from 'react'
 import { useRouter } from 'next/navigation'
 import { authFetch, clearToken, getApiBase, getToken } from '../lib/auth'
 import AdminShell from '../ui/AdminShell'
@@ -21,35 +21,48 @@ type ServiceOptions = {
 const SECTION_LABELS: Record<string, string> = {
   jellyseerr: 'Jellyseerr',
   jellyfin: 'Jellyfin',
-  artwork: 'Artwork',
+  artwork: 'Artwork cache',
-  cache: 'Cache',
+  cache: 'Cache Control',
   sonarr: 'Sonarr',
   radarr: 'Radarr',
   prowlarr: 'Prowlarr',
   qbittorrent: 'qBittorrent',
   log: 'Activity log',
-  requests: 'Request syncing',
+  requests: 'Request sync',
+  site: 'Site',
 }
 
-const BOOL_SETTINGS = new Set(['jellyfin_sync_to_arr'])
+const BOOL_SETTINGS = new Set(['jellyfin_sync_to_arr', 'site_banner_enabled'])
+const TEXTAREA_SETTINGS = new Set(['site_banner_message', 'site_changelog'])
+const URL_SETTINGS = new Set([
+  'jellyseerr_base_url',
+  'jellyfin_base_url',
+  'jellyfin_public_url',
+  'sonarr_base_url',
+  'radarr_base_url',
+  'prowlarr_base_url',
+  'qbittorrent_base_url',
+])
+const BANNER_TONES = ['info', 'warning', 'error', 'maintenance']
 
 const SECTION_DESCRIPTIONS: Record<string, string> = {
   jellyseerr: 'Connect the request system where users submit content.',
   jellyfin: 'Control Jellyfin login and availability checks.',
-  artwork: 'Configure how posters and artwork are loaded.',
+  artwork: 'Cache posters/backdrops and review artwork coverage.',
-  cache: 'Manage saved request data and offline artwork.',
+  cache: 'Manage saved requests cache and refresh behavior.',
   sonarr: 'TV automation settings.',
   radarr: 'Movie automation settings.',
   prowlarr: 'Indexer search settings.',
   qbittorrent: 'Downloader connection settings.',
-  requests: 'Sync and refresh cadence for requests.',
+  requests: 'Control how often requests are refreshed and cleaned up.',
   log: 'Activity log for troubleshooting.',
+  site: 'Sitewide banner, version, and changelog details.',
 }
 
 const SETTINGS_SECTION_MAP: Record<string, string | null> = {
   jellyseerr: 'jellyseerr',
   jellyfin: 'jellyfin',
-  artwork: 'artwork',
+  artwork: null,
   sonarr: 'sonarr',
   radarr: 'radarr',
   prowlarr: 'prowlarr',
@@ -58,6 +71,7 @@ const SETTINGS_SECTION_MAP: Record<string, string | null> = {
   cache: null,
   logs: 'log',
   maintenance: null,
+  site: 'site',
 }
 
 const labelFromKey = (key: string) =>
@@ -68,16 +82,34 @@ const labelFromKey = (key: string) =>
     .replace('quality profile id', 'Quality profile ID')
     .replace('root folder', 'Root folder')
     .replace('qbittorrent', 'qBittorrent')
-    .replace('requests sync ttl minutes', 'Refresh saved requests if older than (minutes)')
+    .replace('requests sync ttl minutes', 'Saved request refresh TTL (minutes)')
-    .replace('requests poll interval seconds', 'Background refresh check (seconds)')
+    .replace('requests poll interval seconds', 'Full refresh check interval (seconds)')
-    .replace('requests delta sync interval minutes', 'Check for new or updated requests every (minutes)')
+    .replace('requests delta sync interval minutes', 'Delta sync interval (minutes)')
-    .replace('requests full sync time', 'Full refresh time (24h)')
+    .replace('requests full sync time', 'Daily full refresh time (24h)')
-    .replace('requests cleanup time', 'Clean up old history time (24h)')
+    .replace('requests cleanup time', 'Daily history cleanup time (24h)')
-    .replace('requests cleanup days', 'Remove history older than (days)')
+    .replace('requests cleanup days', 'History retention window (days)')
-    .replace('requests data source', 'Where requests are loaded from')
+    .replace('requests data source', 'Request source (cache vs Jellyseerr)')
     .replace('jellyfin public url', 'Jellyfin public URL')
     .replace('jellyfin sync to arr', 'Sync Jellyfin to Sonarr/Radarr')
     .replace('artwork cache mode', 'Artwork cache mode')
+    .replace('site build number', 'Build number')
+    .replace('site banner enabled', 'Sitewide banner enabled')
+    .replace('site banner message', 'Sitewide banner message')
+    .replace('site banner tone', 'Sitewide banner tone')
+    .replace('site changelog', 'Changelog text')
+
+const formatBytes = (value?: number | null) => {
+  if (!value || value <= 0) return '0 B'
+  const units = ['B', 'KB', 'MB', 'GB', 'TB']
+  let size = value
+  let unitIndex = 0
+  while (size >= 1024 && unitIndex < units.length - 1) {
+    size /= 1024
+    unitIndex += 1
+  }
+  const decimals = unitIndex === 0 || size >= 10 ? 0 : 1
+  return `${size.toFixed(decimals)} ${units[unitIndex]}`
+}
 
 type SettingsPageProps = {
   section: string
@@ -102,12 +134,18 @@ export default function SettingsPage({ section }: SettingsPageProps) {
   const [cacheRows, setCacheRows] = useState<any[]>([])
   const [cacheCount, setCacheCount] = useState(50)
   const [cacheStatus, setCacheStatus] = useState<string | null>(null)
+  const [cacheLoading, setCacheLoading] = useState(false)
   const [requestsSync, setRequestsSync] = useState<any | null>(null)
   const [artworkPrefetch, setArtworkPrefetch] = useState<any | null>(null)
+  const [artworkSummary, setArtworkSummary] = useState<any | null>(null)
+  const [artworkSummaryStatus, setArtworkSummaryStatus] = useState<string | null>(null)
   const [maintenanceStatus, setMaintenanceStatus] = useState<string | null>(null)
   const [maintenanceBusy, setMaintenanceBusy] = useState(false)
+  const [liveStreamConnected, setLiveStreamConnected] = useState(false)
+  const requestsSyncRef = useRef<any | null>(null)
+  const artworkPrefetchRef = useRef<any | null>(null)
 
-  const loadSettings = async () => {
+  const loadSettings = useCallback(async () => {
     const baseUrl = getApiBase()
     const response = await authFetch(`${baseUrl}/admin/settings`)
     if (!response.ok) {
@@ -139,9 +177,9 @@ export default function SettingsPage({ section }: SettingsPageProps) {
     }
     setFormValues(initialValues)
     setStatus(null)
-  }
+  }, [router])
 
-  const loadArtworkPrefetchStatus = async () => {
+  const loadArtworkPrefetchStatus = useCallback(async () => {
     try {
       const baseUrl = getApiBase()
       const response = await authFetch(`${baseUrl}/admin/requests/artwork/status`)
@@ -153,10 +191,30 @@ export default function SettingsPage({ section }: SettingsPageProps) {
     } catch (err) {
       console.error(err)
     }
+  }, [])
+
+  const loadArtworkSummary = useCallback(async () => {
+    setArtworkSummaryStatus(null)
+    try {
+      const baseUrl = getApiBase()
+      const response = await authFetch(`${baseUrl}/admin/requests/artwork/summary`)
+      if (!response.ok) {
+        const text = await response.text()
+        throw new Error(text || 'Artwork summary fetch failed')
       }
+      const data = await response.json()
+      setArtworkSummary(data?.summary ?? null)
+    } catch (err) {
+      console.error(err)
+      const message =
+        err instanceof Error && err.message
+          ? err.message.replace(/^\\{\"detail\":\"|\"\\}$/g, '')
+          : 'Could not load artwork stats.'
+      setArtworkSummaryStatus(message)
+    }
+  }, [])
 
-
+  const loadOptions = useCallback(async (service: 'sonarr' | 'radarr') => {
-  const loadOptions = async (service: 'sonarr' | 'radarr') => {
     try {
       const baseUrl = getApiBase()
       const response = await authFetch(`${baseUrl}/admin/${service}/options`)
@@ -185,7 +243,7 @@ export default function SettingsPage({ section }: SettingsPageProps) {
         setRadarrError('Could not load Radarr options.')
       }
     }
-  }
+  }, [])
 
   useEffect(() => {
     const load = async () => {
@@ -195,8 +253,9 @@ export default function SettingsPage({ section }: SettingsPageProps) {
       }
       try {
         await loadSettings()
-        if (section === 'artwork') {
+        if (section === 'cache' || section === 'artwork') {
           await loadArtworkPrefetchStatus()
+          await loadArtworkSummary()
         }
       } catch (err) {
         console.error(err)
@@ -213,7 +272,7 @@ export default function SettingsPage({ section }: SettingsPageProps) {
     if (section === 'radarr') {
       void loadOptions('radarr')
     }
-  }, [router, section])
+  }, [loadArtworkPrefetchStatus, loadArtworkSummary, loadOptions, loadSettings, router, section])
 
   const groupedSettings = useMemo(() => {
     const groups: Record<string, AdminSetting[]> = {}
@@ -228,28 +287,51 @@ export default function SettingsPage({ section }: SettingsPageProps) {
   const settingsSection = SETTINGS_SECTION_MAP[section] ?? null
   const visibleSections = settingsSection ? [settingsSection] : []
   const isCacheSection = section === 'cache'
-  const cacheSettingKeys = new Set([
+  const cacheSettingKeys = new Set(['requests_sync_ttl_minutes', 'requests_data_source'])
-    'requests_sync_ttl_minutes',
+  const artworkSettingKeys = new Set(['artwork_cache_mode'])
-    'requests_data_source',
+  const hiddenSettingKeys = new Set([...cacheSettingKeys, ...artworkSettingKeys])
-    'artwork_cache_mode',
+  const requestSettingOrder = [
-  ])
+    'requests_poll_interval_seconds',
+    'requests_delta_sync_interval_minutes',
+    'requests_full_sync_time',
+    'requests_cleanup_time',
+    'requests_cleanup_days',
+  ]
+  const sortByOrder = (items: AdminSetting[], order: string[]) => {
+    const position = new Map(order.map((key, index) => [key, index]))
+    return [...items].sort((a, b) => {
+      const aIndex = position.get(a.key) ?? Number.POSITIVE_INFINITY
+      const bIndex = position.get(b.key) ?? Number.POSITIVE_INFINITY
+      if (aIndex !== bIndex) return aIndex - bIndex
+      return a.key.localeCompare(b.key)
+    })
+  }
   const cacheSettings = settings.filter((setting) => cacheSettingKeys.has(setting.key))
+  const artworkSettings = settings.filter((setting) => artworkSettingKeys.has(setting.key))
   const settingsSections = isCacheSection
-    ? [{ key: 'cache', title: 'Cache settings', items: cacheSettings }]
+    ? [
+        { key: 'cache', title: 'Cache control', items: cacheSettings },
+        { key: 'artwork', title: 'Artwork cache', items: artworkSettings },
+      ]
     : visibleSections.map((sectionKey) => ({
         key: sectionKey,
         title: SECTION_LABELS[sectionKey] ?? sectionKey,
-        items:
+        items: (() => {
+          const sectionItems = groupedSettings[sectionKey] ?? []
+          const filtered =
             sectionKey === 'requests' || sectionKey === 'artwork'
-            ? (groupedSettings[sectionKey] ?? []).filter(
+              ? sectionItems.filter((setting) => !hiddenSettingKeys.has(setting.key))
-                (setting) => !cacheSettingKeys.has(setting.key)
+              : sectionItems
-              )
+          if (sectionKey === 'requests') {
-            : groupedSettings[sectionKey] ?? [],
+            return sortByOrder(filtered, requestSettingOrder)
+          }
+          return filtered
+        })(),
       }))
   const showLogs = section === 'logs'
   const showMaintenance = section === 'maintenance'
   const showRequestsExtras = section === 'requests'
-  const showArtworkExtras = section === 'artwork'
+  const showArtworkExtras = section === 'cache'
   const showCacheExtras = section === 'cache'
   const shouldRenderSection = (sectionGroup: { key: string; items?: AdminSetting[] }) => {
     if (sectionGroup.items && sectionGroup.items.length > 0) return true
@@ -259,36 +341,69 @@ export default function SettingsPage({ section }: SettingsPageProps) {
     return false
   }
 
+  useEffect(() => {
+    requestsSyncRef.current = requestsSync
+  }, [requestsSync])
+
+  useEffect(() => {
+    artworkPrefetchRef.current = artworkPrefetch
+  }, [artworkPrefetch])
+
   const settingDescriptions: Record<string, string> = {
-    jellyseerr_base_url: 'Base URL for your Jellyseerr server.',
+    jellyseerr_base_url:
+      'Base URL for your Jellyseerr server (FQDN or IP). Scheme is optional.',
     jellyseerr_api_key: 'API key used to read requests and status.',
-    jellyfin_base_url: 'Local Jellyfin server URL for logins and lookups.',
+    jellyfin_base_url:
+      'Jellyfin server URL for logins and lookups (FQDN or IP). Scheme is optional.',
     jellyfin_api_key: 'Admin API key for syncing users and availability.',
-    jellyfin_public_url: 'Public Jellyfin URL used for the “Open in Jellyfin” button.',
+    jellyfin_public_url:
+      'Public Jellyfin URL for the “Open in Jellyfin” button (FQDN or IP).',
     jellyfin_sync_to_arr: 'Auto-add items to Sonarr/Radarr when they already exist in Jellyfin.',
     artwork_cache_mode: 'Choose whether posters are cached locally or loaded from the web.',
-    sonarr_base_url: 'Sonarr server URL for TV tracking.',
+    sonarr_base_url: 'Sonarr server URL for TV tracking (FQDN or IP). Scheme is optional.',
     sonarr_api_key: 'API key for Sonarr.',
     sonarr_quality_profile_id: 'Quality profile used when adding TV shows.',
     sonarr_root_folder: 'Root folder where Sonarr stores TV shows.',
-    radarr_base_url: 'Radarr server URL for movies.',
+    sonarr_qbittorrent_category: 'qBittorrent category for manual Sonarr downloads.',
+    radarr_base_url: 'Radarr server URL for movies (FQDN or IP). Scheme is optional.',
     radarr_api_key: 'API key for Radarr.',
     radarr_quality_profile_id: 'Quality profile used when adding movies.',
     radarr_root_folder: 'Root folder where Radarr stores movies.',
-    prowlarr_base_url: 'Prowlarr server URL for indexer searches.',
+    radarr_qbittorrent_category: 'qBittorrent category for manual Radarr downloads.',
+    prowlarr_base_url:
+      'Prowlarr server URL for indexer searches (FQDN or IP). Scheme is optional.',
     prowlarr_api_key: 'API key for Prowlarr.',
-    qbittorrent_base_url: 'qBittorrent server URL for download status.',
+    qbittorrent_base_url:
+      'qBittorrent server URL for download status (FQDN or IP). Scheme is optional.',
     qbittorrent_username: 'qBittorrent login username.',
     qbittorrent_password: 'qBittorrent login password.',
     requests_sync_ttl_minutes: 'How long saved requests stay fresh before a refresh is needed.',
-    requests_poll_interval_seconds: 'How often the background checker runs.',
+    requests_poll_interval_seconds:
-    requests_delta_sync_interval_minutes: 'How often we check for new or updated requests.',
+      'How often Magent checks if a full refresh should run.',
-    requests_full_sync_time: 'Daily time to refresh the full request list.',
+    requests_delta_sync_interval_minutes:
-    requests_cleanup_time: 'Daily time to trim old history.',
+      'How often we poll for new or updated requests.',
+    requests_full_sync_time: 'Daily time to rebuild the full request cache.',
+    requests_cleanup_time: 'Daily time to trim old request history.',
     requests_cleanup_days: 'History older than this is removed during cleanup.',
-    requests_data_source: 'Pick where Magent should read requests from.',
+    requests_data_source:
+      'Pick where Magent should read requests from. Cache-only avoids Jellyseerr lookups on reads.',
     log_level: 'How much detail is written to the activity log.',
     log_file: 'Where the activity log is stored.',
+    site_build_number: 'Build number shown in the account menu (auto-set from releases).',
+    site_banner_enabled: 'Enable a sitewide banner for announcements.',
+    site_banner_message: 'Short banner message for maintenance or updates.',
+    site_banner_tone: 'Visual tone for the banner.',
+    site_changelog: 'One update per line for the public changelog.',
+  }
+
+  const settingPlaceholders: Record<string, string> = {
+    jellyseerr_base_url: 'https://requests.example.com or 10.30.1.81:5055',
+    jellyfin_base_url: 'https://jelly.example.com or 10.40.0.80:8096',
+    jellyfin_public_url: 'https://jelly.example.com',
+    sonarr_base_url: 'https://sonarr.example.com or 10.30.1.81:8989',
+    radarr_base_url: 'https://radarr.example.com or 10.30.1.81:7878',
+    prowlarr_base_url: 'https://prowlarr.example.com or 10.30.1.81:9696',
+    qbittorrent_base_url: 'https://qb.example.com or 10.30.1.81:8080',
   }
 
   const buildSelectOptions = (
@@ -446,8 +561,126 @@ export default function SettingsPage({ section }: SettingsPageProps) {
     }
   }
 
+  const prefetchArtworkMissing = async () => {
+    setArtworkPrefetchStatus(null)
+    try {
+      const baseUrl = getApiBase()
+      const response = await authFetch(
+        `${baseUrl}/admin/requests/artwork/prefetch?only_missing=1`,
+        { method: 'POST' }
+      )
+      if (!response.ok) {
+        const text = await response.text()
+        throw new Error(text || 'Missing artwork prefetch failed')
+      }
+      const data = await response.json()
+      setArtworkPrefetch(data?.prefetch ?? null)
+      setArtworkPrefetchStatus('Missing artwork caching started.')
+    } catch (err) {
+      console.error(err)
+      const message =
+        err instanceof Error && err.message
+          ? err.message.replace(/^\\{\"detail\":\"|\"\\}$/g, '')
+          : 'Could not cache missing artwork.'
+      setArtworkPrefetchStatus(message)
+    }
+  }
+
   useEffect(() => {
-    if (!artworkPrefetch || artworkPrefetch.status !== 'running') {
+    const shouldSubscribe = showRequestsExtras || showArtworkExtras || showLogs
+    if (!shouldSubscribe) {
+      setLiveStreamConnected(false)
+      return
+    }
+    const token = getToken()
+    if (!token) {
+      setLiveStreamConnected(false)
+      return
+    }
+
+    const baseUrl = getApiBase()
+    const params = new URLSearchParams()
+    params.set('access_token', token)
+    if (showLogs) {
+      params.set('include_logs', '1')
+      params.set('log_lines', String(logsCount))
+    }
+    const streamUrl = `${baseUrl}/admin/events/stream?${params.toString()}`
+    let closed = false
+    const source = new EventSource(streamUrl)
+
+    source.onopen = () => {
+      if (closed) return
+      setLiveStreamConnected(true)
+    }
+
+    source.onmessage = (event) => {
+      if (closed) return
+      setLiveStreamConnected(true)
+      try {
+        const payload = JSON.parse(event.data)
+        if (!payload || payload.type !== 'admin_live_state') {
+          return
+        }
+
+        const rawSync =
+          payload.requestsSync && typeof payload.requestsSync === 'object'
+            ? payload.requestsSync
+            : null
+        const nextSync = rawSync?.status === 'idle' ? null : rawSync
+        const prevSync = requestsSyncRef.current
+        requestsSyncRef.current = nextSync
+        setRequestsSync(nextSync)
+        if (prevSync?.status === 'running' && nextSync?.status && nextSync.status !== 'running') {
+          setRequestsSyncStatus(nextSync.message || 'Sync complete.')
+        }
+
+        const rawArtwork =
+          payload.artworkPrefetch && typeof payload.artworkPrefetch === 'object'
+            ? payload.artworkPrefetch
+            : null
+        const nextArtwork = rawArtwork?.status === 'idle' ? null : rawArtwork
+        const prevArtwork = artworkPrefetchRef.current
+        artworkPrefetchRef.current = nextArtwork
+        setArtworkPrefetch(nextArtwork)
+        if (
+          prevArtwork?.status === 'running' &&
+          nextArtwork?.status &&
+          nextArtwork.status !== 'running'
+        ) {
+          setArtworkPrefetchStatus(nextArtwork.message || 'Artwork caching complete.')
+          if (showArtworkExtras) {
+            void loadArtworkSummary()
+          }
+        }
+
+        if (payload.logs && typeof payload.logs === 'object') {
+          if (Array.isArray(payload.logs.lines)) {
+            setLogsLines(payload.logs.lines)
+            setLogsStatus(null)
+          } else if (typeof payload.logs.error === 'string' && payload.logs.error.trim()) {
+            setLogsStatus(payload.logs.error)
+          }
+        }
+      } catch (err) {
+        console.error(err)
+      }
+    }
+
+    source.onerror = () => {
+      if (closed) return
+      setLiveStreamConnected(false)
+    }
+
+    return () => {
+      closed = true
+      setLiveStreamConnected(false)
+      source.close()
+    }
+  }, [loadArtworkSummary, logsCount, showArtworkExtras, showLogs, showRequestsExtras])
+
+  useEffect(() => {
+    if (liveStreamConnected || !artworkPrefetch || artworkPrefetch.status !== 'running') {
       return
     }
     let active = true
@@ -463,6 +696,7 @@ export default function SettingsPage({ section }: SettingsPageProps) {
         setArtworkPrefetch(data?.prefetch ?? null)
         if (data?.prefetch?.status && data.prefetch.status !== 'running') {
           setArtworkPrefetchStatus(data.prefetch.message || 'Artwork caching complete.')
+          void loadArtworkSummary()
         }
       } catch (err) {
         console.error(err)
@@ -472,7 +706,7 @@ export default function SettingsPage({ section }: SettingsPageProps) {
       active = false
       clearInterval(timer)
     }
-  }, [artworkPrefetch?.status])
+  }, [artworkPrefetch, liveStreamConnected, loadArtworkSummary])
 
   useEffect(() => {
     if (!artworkPrefetch || artworkPrefetch.status === 'running') {
@@ -482,10 +716,10 @@ export default function SettingsPage({ section }: SettingsPageProps) {
       setArtworkPrefetch(null)
     }, 5000)
     return () => clearTimeout(timer)
-  }, [artworkPrefetch?.status])
+  }, [artworkPrefetch])
 
   useEffect(() => {
-    if (!requestsSync || requestsSync.status !== 'running') {
+    if (liveStreamConnected || !requestsSync || requestsSync.status !== 'running') {
       return
     }
     let active = true
@@ -510,7 +744,7 @@ export default function SettingsPage({ section }: SettingsPageProps) {
       active = false
       clearInterval(timer)
     }
-  }, [requestsSync?.status])
+  }, [liveStreamConnected, requestsSync])
 
   useEffect(() => {
     if (!requestsSync || requestsSync.status === 'running') {
@@ -520,9 +754,9 @@ export default function SettingsPage({ section }: SettingsPageProps) {
       setRequestsSync(null)
     }, 5000)
     return () => clearTimeout(timer)
-  }, [requestsSync?.status])
+  }, [requestsSync])
 
-  const loadLogs = async () => {
+  const loadLogs = useCallback(async () => {
     setLogsStatus(null)
     try {
       const baseUrl = getApiBase()
@@ -547,21 +781,25 @@ export default function SettingsPage({ section }: SettingsPageProps) {
           : 'Could not load logs.'
       setLogsStatus(message)
     }
-  }
+  }, [logsCount])
 
   useEffect(() => {
     if (!showLogs) {
       return
     }
+    if (liveStreamConnected) {
+      return
+    }
     void loadLogs()
     const timer = setInterval(() => {
       void loadLogs()
     }, 5000)
     return () => clearInterval(timer)
-  }, [logsCount, showLogs])
+  }, [liveStreamConnected, loadLogs, showLogs])
 
   const loadCache = async () => {
     setCacheStatus(null)
+    setCacheLoading(true)
     try {
       const baseUrl = getApiBase()
       const response = await authFetch(
@@ -584,6 +822,8 @@ export default function SettingsPage({ section }: SettingsPageProps) {
           ? err.message.replace(/^\\{\"detail\":\"|\"\\}$/g, '')
           : 'Could not load cache.'
       setCacheStatus(message)
+    } finally {
+      setCacheLoading(false)
     }
   }
 
@@ -630,7 +870,7 @@ export default function SettingsPage({ section }: SettingsPageProps) {
     setMaintenanceBusy(true)
     if (typeof window !== 'undefined') {
       const ok = window.confirm(
-        'This will clear cached requests and history, then re-sync from Jellyseerr. Continue?'
+        'This will perform a nuclear reset: clear cached requests/history, wipe non-admin users, invites, and profiles, then re-sync users and requests from Jellyseerr. Continue?'
       )
       if (!ok) {
         setMaintenanceBusy(false)
@@ -639,7 +879,7 @@ export default function SettingsPage({ section }: SettingsPageProps) {
     }
     try {
       const baseUrl = getApiBase()
-      setMaintenanceStatus('Flushing database...')
+      setMaintenanceStatus('Running nuclear flush...')
       const flushResponse = await authFetch(`${baseUrl}/admin/maintenance/flush`, {
         method: 'POST',
       })
@@ -647,12 +887,25 @@ export default function SettingsPage({ section }: SettingsPageProps) {
         const text = await flushResponse.text()
         throw new Error(text || 'Flush failed')
       }
-      setMaintenanceStatus('Database flushed. Starting re-sync...')
+      const flushData = await flushResponse.json()
+      const usersCleared = Number(flushData?.userObjectsCleared?.users ?? 0)
+      setMaintenanceStatus(`Nuclear flush complete. Cleared ${usersCleared} non-admin users. Re-syncing users...`)
+      const usersResyncResponse = await authFetch(`${baseUrl}/admin/jellyseerr/users/resync`, {
+        method: 'POST',
+      })
+      if (!usersResyncResponse.ok) {
+        const text = await usersResyncResponse.text()
+        throw new Error(text || 'User resync failed')
+      }
+      const usersResyncData = await usersResyncResponse.json()
+      setMaintenanceStatus(
+        `Users re-synced (${usersResyncData?.imported ?? 0} imported). Starting request re-sync...`
+      )
       await syncRequests()
-      setMaintenanceStatus('Database flushed. Re-sync running now.')
+      setMaintenanceStatus('Nuclear flush complete. User and request re-sync running now.')
     } catch (err) {
       console.error(err)
-      setMaintenanceStatus('Flush + resync failed.')
+      setMaintenanceStatus('Nuclear flush + resync failed.')
     } finally {
       setMaintenanceBusy(false)
     }
@@ -698,7 +951,9 @@ export default function SettingsPage({ section }: SettingsPageProps) {
           .map((sectionGroup) => (
           <section key={sectionGroup.key} className="admin-section">
             <div className="section-header">
-              <h2>{sectionGroup.title}</h2>
+              <h2>
+                {sectionGroup.key === 'requests' ? 'Request sync controls' : sectionGroup.title}
+              </h2>
               {sectionGroup.key === 'sonarr' && (
                 <button type="button" onClick={() => loadOptions('sonarr')}>
                   Refresh Sonarr options
@@ -714,24 +969,38 @@ export default function SettingsPage({ section }: SettingsPageProps) {
                   Import Jellyfin users
                 </button>
               )}
-              {(showArtworkExtras && sectionGroup.key === 'artwork') ||
+              {showArtworkExtras && sectionGroup.key === 'artwork' ? (
-              (showCacheExtras && sectionGroup.key === 'cache') ? (
+                <div className="sync-actions">
                   <button type="button" onClick={prefetchArtwork}>
                     Cache all artwork now
                   </button>
+                  <button
+                    type="button"
+                    className="ghost-button"
+                    onClick={prefetchArtworkMissing}
+                  >
+                    Sync only missing artwork
+                  </button>
+                </div>
               ) : null}
               {showRequestsExtras && sectionGroup.key === 'requests' && (
+                <div className="sync-actions-block">
                   <div className="sync-actions">
                     <button type="button" onClick={syncRequests}>
-                    Full refresh
+                      Run full refresh (rebuild cache)
                     </button>
                     <button type="button" className="ghost-button" onClick={syncRequestsDelta}>
-                    Quick refresh (new changes)
+                      Run delta sync (recent changes)
                     </button>
                   </div>
+                  <div className="meta sync-note">
+                    Full refresh rebuilds the entire cache. Delta sync only checks new or updated
+                    requests.
+                  </div>
+                </div>
               )}
             </div>
-            {SECTION_DESCRIPTIONS[sectionGroup.key] && (
+            {SECTION_DESCRIPTIONS[sectionGroup.key] && !settingsSection && (
               <p className="section-subtitle">{SECTION_DESCRIPTIONS[sectionGroup.key]}</p>
             )}
             {sectionGroup.key === 'sonarr' && sonarrError && (
@@ -743,17 +1012,48 @@ export default function SettingsPage({ section }: SettingsPageProps) {
             {sectionGroup.key === 'jellyfin' && jellyfinSyncStatus && (
               <div className="status-banner">{jellyfinSyncStatus}</div>
             )}
-            {((showArtworkExtras && sectionGroup.key === 'artwork') ||
+            {showArtworkExtras && sectionGroup.key === 'artwork' && artworkPrefetchStatus && (
-              (showCacheExtras && sectionGroup.key === 'cache')) &&
-              artworkPrefetchStatus && (
               <div className="status-banner">{artworkPrefetchStatus}</div>
             )}
+            {showArtworkExtras && sectionGroup.key === 'artwork' && artworkSummaryStatus && (
+              <div className="status-banner">{artworkSummaryStatus}</div>
+            )}
+            {showArtworkExtras && sectionGroup.key === 'artwork' && (
+              <div className="summary">
+                <div className="summary-card">
+                  <strong>Missing artwork</strong>
+                  <p>{artworkSummary?.missing_artwork ?? '--'}</p>
+                  <div className="meta">Requests missing poster/backdrop or cache files.</div>
+                </div>
+                <div className="summary-card">
+                  <strong>Artwork cache size</strong>
+                  <p>{formatBytes(artworkSummary?.cache_bytes)}</p>
+                  <div className="meta">
+                    {artworkSummary?.cache_files ?? '--'} cached files
+                  </div>
+                </div>
+                <div className="summary-card">
+                  <strong>Total requests</strong>
+                  <p>{artworkSummary?.total_requests ?? '--'}</p>
+                  <div className="meta">Requests currently tracked in cache.</div>
+                </div>
+                <div className="summary-card">
+                  <strong>Cache mode</strong>
+                  <p>{artworkSummary?.cache_mode ?? '--'}</p>
+                  <div className="meta">Artwork setting applied to posters/backdrops.</div>
+                </div>
+              </div>
+            )}
             {showRequestsExtras && sectionGroup.key === 'requests' && requestsSyncStatus && (
               <div className="status-banner">{requestsSyncStatus}</div>
             )}
-            {((showArtworkExtras && sectionGroup.key === 'artwork') ||
+            {showRequestsExtras && sectionGroup.key === 'requests' && (
-              (showCacheExtras && sectionGroup.key === 'cache')) &&
+              <div className="status-banner">
-              artworkPrefetch && (
+                Full refresh checks only decide when to run a full refresh. The delta sync interval
+                polls for new or updated requests.
+              </div>
+            )}
+            {showArtworkExtras && sectionGroup.key === 'artwork' && artworkPrefetch && (
               <div className="sync-progress">
                 <div className="sync-meta">
                   <span>Status: {artworkPrefetch.status}</span>
@@ -826,6 +1126,10 @@ export default function SettingsPage({ section }: SettingsPageProps) {
                 const isRadarrProfile = setting.key === 'radarr_quality_profile_id'
                 const isRadarrRoot = setting.key === 'radarr_root_folder'
                 const isBoolSetting = BOOL_SETTINGS.has(setting.key)
+                const isUrlSetting = URL_SETTINGS.has(setting.key)
+                const inputPlaceholder = setting.sensitive && setting.isSet
+                  ? 'Configured (enter to replace)'
+                  : settingPlaceholders[setting.key] ?? ''
                 if (isBoolSetting) {
                   return (
                     <label key={setting.key} data-helper={helperText || undefined}>
@@ -1007,6 +1311,34 @@ export default function SettingsPage({ section }: SettingsPageProps) {
                     </label>
                   )
                 }
+                if (setting.key === 'site_banner_tone') {
+                  return (
+                    <label key={setting.key} data-helper={helperText || undefined}>
+                      <span className="label-row">
+                        <span>{labelFromKey(setting.key)}</span>
+                        <span className="meta">
+                          {setting.isSet ? `Source: ${setting.source}` : 'Not set'}
+                        </span>
+                      </span>
+                      <select
+                        name={setting.key}
+                        value={value || 'info'}
+                        onChange={(event) =>
+                          setFormValues((current) => ({
+                            ...current,
+                            [setting.key]: event.target.value,
+                          }))
+                        }
+                      >
+                        {BANNER_TONES.map((tone) => (
+                          <option key={tone} value={tone}>
+                            {tone.charAt(0).toUpperCase() + tone.slice(1)}
+                          </option>
+                        ))}
+                      </select>
+                    </label>
+                  )
+                }
                 if (
                   setting.key === 'requests_full_sync_time' ||
                   setting.key === 'requests_cleanup_time'
@@ -1080,11 +1412,42 @@ export default function SettingsPage({ section }: SettingsPageProps) {
                         }
                       >
                         <option value="always_js">Always use Jellyseerr (slower)</option>
-                        <option value="prefer_cache">Use saved requests first (faster)</option>
+                        <option value="prefer_cache">
+                          Use saved requests only (fastest)
+                        </option>
                       </select>
                     </label>
                   )
                 }
+                if (TEXTAREA_SETTINGS.has(setting.key)) {
+                  return (
+                    <label key={setting.key} data-helper={helperText || undefined}>
+                      <span className="label-row">
+                        <span>{labelFromKey(setting.key)}</span>
+                        <span className="meta">
+                          {setting.isSet ? `Source: ${setting.source}` : 'Not set'}
+                          {setting.sensitive && setting.isSet ? '  stored' : ''}
+                        </span>
+                      </span>
+                      <textarea
+                        name={setting.key}
+                        rows={setting.key === 'site_changelog' ? 6 : 3}
+                        placeholder={
+                          setting.key === 'site_changelog'
+                            ? 'One update per line.'
+                            : ''
+                        }
+                        value={value}
+                        onChange={(event) =>
+                          setFormValues((current) => ({
+                            ...current,
+                            [setting.key]: event.target.value,
+                          }))
+                        }
+                      />
+                    </label>
+                  )
+                }
                 return (
                   <label key={setting.key} data-helper={helperText || undefined}>
                     <span className="label-row">
@@ -1097,9 +1460,8 @@ export default function SettingsPage({ section }: SettingsPageProps) {
                     <input
                       name={setting.key}
                       type={setting.sensitive ? 'password' : 'text'}
-                      placeholder={
+                      placeholder={inputPlaceholder}
-                        setting.sensitive && setting.isSet ? 'Configured (enter to replace)' : ''
+                      autoComplete={isUrlSetting ? 'url' : undefined}
-                      }
                       value={value}
                       onChange={(event) =>
                         setFormValues((current) => ({
@@ -1121,7 +1483,7 @@ export default function SettingsPage({ section }: SettingsPageProps) {
       </form>
       ) : (
       <div className="status-banner">
-        No settings to show here yet. Try the Cache page for artwork and saved-request controls.
+        No settings to show here yet. Try the Cache Control page for artwork and saved-request controls.
       </div>
       )}
       {showLogs && (
@@ -1167,8 +1529,15 @@ export default function SettingsPage({ section }: SettingsPageProps) {
                 <option value={200}>200</option>
               </select>
             </label>
-            <button type="button" onClick={loadCache}>
+            <button type="button" onClick={loadCache} disabled={cacheLoading}>
-              Load saved requests
+              {cacheLoading ? (
+                <>
+                  <span className="spinner button-spinner" aria-hidden="true" />
+                  Loading saved requests
+                </>
+              ) : (
+                'Load saved requests'
+              )}
             </button>
           </div>
         </div>
@@ -1203,7 +1572,7 @@ export default function SettingsPage({ section }: SettingsPageProps) {
           <h2>Maintenance</h2>
         </div>
         <div className="status-banner">
-          Emergency tools. Use with care: flush will clear saved requests and history.
+          Emergency tools. Use with care: flush + resync now performs a nuclear wipe of non-admin users, invite links, profiles, cached requests, and history before re-syncing Jellyseerr users/requests.
         </div>
         {maintenanceStatus && <div className="status-banner">{maintenanceStatus}</div>}
         <div className="maintenance-grid">
@@ -1222,7 +1591,7 @@ export default function SettingsPage({ section }: SettingsPageProps) {
             onClick={runFlushAndResync}
             disabled={maintenanceBusy}
           >
-            Flush database + resync
+            Nuclear flush + resync
           </button>
         </div>
       </section>

frontend/app/admin/[section]/page.tsx

@@ -13,6 +13,7 @@ const ALLOWED_SECTIONS = new Set([
   'cache',
   'logs',
   'maintenance',
+  'site',
 ])
 
 type PageProps = {

frontend/app/admin/profiles/page.tsx

@@ -0,0 +1,6 @@
+import { redirect } from 'next/navigation'
+
+export default function AdminProfilesRedirectPage() {
+  redirect('/admin/invites')
+}
+

frontend/app/admin/requests-all/page.tsx

@@ -0,0 +1,172 @@
+'use client'
+
+import { useEffect, useMemo, useState } from 'react'
+import { useRouter } from 'next/navigation'
+import { authFetch, clearToken, getApiBase, getToken } from '../../lib/auth'
+import AdminShell from '../../ui/AdminShell'
+
+type RequestRow = {
+  id: number
+  title?: string | null
+  year?: number | null
+  type?: string | null
+  statusLabel?: string | null
+  requestedBy?: string | null
+  createdAt?: string | null
+}
+
+const formatDateTime = (value?: string | null) => {
+  if (!value) return 'Unknown'
+  const date = new Date(value)
+  if (Number.isNaN(date.valueOf())) return value
+  return date.toLocaleString()
+}
+
+export default function AdminRequestsAllPage() {
+  const router = useRouter()
+  const [rows, setRows] = useState<RequestRow[]>([])
+  const [total, setTotal] = useState(0)
+  const [loading, setLoading] = useState(false)
+  const [error, setError] = useState<string | null>(null)
+  const [pageSize, setPageSize] = useState(50)
+  const [page, setPage] = useState(1)
+
+  const pageCount = useMemo(() => {
+    if (!total || pageSize <= 0) return 1
+    return Math.max(1, Math.ceil(total / pageSize))
+  }, [total, pageSize])
+
+  const load = async () => {
+    if (!getToken()) {
+      router.push('/login')
+      return
+    }
+    setLoading(true)
+    setError(null)
+    try {
+      const baseUrl = getApiBase()
+      const skip = (page - 1) * pageSize
+      const response = await authFetch(
+        `${baseUrl}/admin/requests/all?take=${pageSize}&skip=${skip}`
+      )
+      if (!response.ok) {
+        if (response.status === 401) {
+          clearToken()
+          router.push('/login')
+          return
+        }
+        if (response.status === 403) {
+          router.push('/')
+          return
+        }
+        throw new Error(`Load failed: ${response.status}`)
+      }
+      const data = await response.json()
+      setRows(Array.isArray(data?.results) ? data.results : [])
+      setTotal(Number(data?.total ?? 0))
+    } catch (err) {
+      console.error(err)
+      setError('Unable to load requests.')
+    } finally {
+      setLoading(false)
+    }
+  }
+
+  useEffect(() => {
+    void load()
+  }, [page, pageSize])
+
+  useEffect(() => {
+    if (page > pageCount) {
+      setPage(pageCount)
+    }
+  }, [pageCount, page])
+
+  return (
+    <AdminShell
+      title="All requests"
+      subtitle="Paginated view of every cached request."
+      actions={
+        <button type="button" onClick={() => router.push('/admin')}>
+          Back to settings
+        </button>
+      }
+    >
+      <section className="admin-section">
+        <div className="admin-toolbar">
+          <div className="admin-toolbar-info">
+            <span>{total.toLocaleString()} total</span>
+          </div>
+          <div className="admin-toolbar-actions">
+            <label className="admin-select">
+              <span>Per page</span>
+              <select value={pageSize} onChange={(e) => setPageSize(Number(e.target.value))}>
+                <option value={25}>25</option>
+                <option value={50}>50</option>
+                <option value={100}>100</option>
+                <option value={200}>200</option>
+              </select>
+            </label>
+          </div>
+        </div>
+        {loading ? (
+          <div className="status-banner">Loading requests…</div>
+        ) : error ? (
+          <div className="error-banner">{error}</div>
+        ) : rows.length === 0 ? (
+          <div className="status-banner">No requests found.</div>
+        ) : (
+          <div className="admin-table">
+            <div className="admin-table-head">
+              <span>Request</span>
+              <span>Status</span>
+              <span>Requested by</span>
+              <span>Created</span>
+            </div>
+            {rows.map((row) => (
+              <button
+                key={row.id}
+                type="button"
+                className="admin-table-row"
+                onClick={() => router.push(`/requests/${row.id}`)}
+              >
+                <span>
+                  {row.title || `Request #${row.id}`}
+                  {row.year ? ` (${row.year})` : ''}
+                </span>
+                <span>{row.statusLabel || 'Unknown'}</span>
+                <span>{row.requestedBy || 'Unknown'}</span>
+                <span>{formatDateTime(row.createdAt)}</span>
+              </button>
+            ))}
+          </div>
+        )}
+        <div className="admin-pagination">
+          <button type="button" onClick={() => setPage(1)} disabled={page <= 1}>
+            First
+          </button>
+          <button type="button" onClick={() => setPage(page - 1)} disabled={page <= 1}>
+            Previous
+          </button>
+          <span>
+            Page {page} of {pageCount}
+          </span>
+          <button
+            type="button"
+            onClick={() => setPage(page + 1)}
+            disabled={page >= pageCount}
+          >
+            Next
+          </button>
+          <button
+            type="button"
+            onClick={() => setPage(pageCount)}
+            disabled={page >= pageCount}
+          >
+            Last
+          </button>
+        </div>
+      </section>
+    </AdminShell>
+  )
+}

frontend/app/changelog/page.tsx

@@ -0,0 +1,85 @@
+'use client'
+
+import { useEffect, useMemo, useState } from 'react'
+import { useRouter } from 'next/navigation'
+import { authFetch, clearToken, getApiBase, getToken } from '../lib/auth'
+
+type SiteInfo = {
+  changelog?: string
+}
+
+const parseChangelog = (raw: string) =>
+  raw
+    .split('\n')
+    .map((line) => line.trim())
+    .filter(Boolean)
+
+export default function ChangelogPage() {
+  const router = useRouter()
+  const [entries, setEntries] = useState<string[]>([])
+  const [loading, setLoading] = useState(true)
+
+  useEffect(() => {
+    const token = getToken()
+    if (!token) {
+      router.push('/login')
+      return
+    }
+    let active = true
+    const load = async () => {
+      try {
+        const baseUrl = getApiBase()
+        const response = await authFetch(`${baseUrl}/site/info`)
+        if (!response.ok) {
+          if (response.status === 401) {
+            clearToken()
+            router.push('/login')
+            return
+          }
+          throw new Error('Failed to load changelog')
+        }
+        const data: SiteInfo = await response.json()
+        if (!active) return
+        setEntries(parseChangelog(data?.changelog ?? ''))
+      } catch (err) {
+        console.error(err)
+        if (!active) return
+        setEntries([])
+      } finally {
+        if (active) setLoading(false)
+      }
+    }
+    void load()
+    return () => {
+      active = false
+    }
+  }, [router])
+
+  const content = useMemo(() => {
+    if (loading) {
+      return <div className="loading-text">Loading changelog...</div>
+    }
+    if (entries.length === 0) {
+      return <div className="meta">No updates posted yet.</div>
+    }
+    return (
+      <ul className="changelog-list">
+        {entries.map((entry, index) => (
+          <li key={`${entry}-${index}`}>{entry}</li>
+        ))}
+      </ul>
+    )
+  }, [entries, loading])
+
+  return (
+    <div className="page">
+      <section className="card changelog-card">
+        <div className="changelog-header">
+          <h1>Changelog</h1>
+          <p className="lede">Latest updates and release notes.</p>
+        </div>
+        {content}
+      </section>
+    </div>
+  )
+}

frontend/app/feedback/page.tsx

@@ -0,0 +1,120 @@
+'use client'
+
+import { useEffect, useState } from 'react'
+import { useRouter } from 'next/navigation'
+import { authFetch, clearToken, getApiBase, getToken } from '../lib/auth'
+
+type Profile = {
+  username?: string
+}
+
+export default function FeedbackPage() {
+  const router = useRouter()
+  const [profile, setProfile] = useState<Profile | null>(null)
+  const [category, setCategory] = useState('bug')
+  const [message, setMessage] = useState('')
+  const [status, setStatus] = useState<string | null>(null)
+  const [submitting, setSubmitting] = useState(false)
+
+  useEffect(() => {
+    if (!getToken()) {
+      router.push('/login')
+      return
+    }
+    const load = async () => {
+      try {
+        const baseUrl = getApiBase()
+        const response = await authFetch(`${baseUrl}/auth/me`)
+        if (!response.ok) {
+          clearToken()
+          router.push('/login')
+          return
+        }
+        const data = await response.json()
+        setProfile({ username: data?.username })
+      } catch (error) {
+        console.error(error)
+      }
+    }
+    void load()
+  }, [router])
+
+  const submit = async (event: React.FormEvent<HTMLFormElement>) => {
+    event.preventDefault()
+    setStatus(null)
+    if (!message.trim()) {
+      setStatus('Please write a short message before sending.')
+      return
+    }
+    setSubmitting(true)
+    try {
+      const baseUrl = getApiBase()
+      const response = await authFetch(`${baseUrl}/feedback`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          type: category,
+          message: message.trim(),
+        }),
+      })
+      if (!response.ok) {
+        if (response.status === 401) {
+          clearToken()
+          router.push('/login')
+          return
+        }
+        const text = await response.text()
+        throw new Error(text || `Request failed: ${response.status}`)
+      }
+      setMessage('')
+      setStatus('Thanks! Your message has been sent.')
+    } catch (error) {
+      console.error(error)
+      setStatus('That did not send. Please try again.')
+    } finally {
+      setSubmitting(false)
+    }
+  }
+
+  return (
+    <main className="card">
+      <header className="how-hero">
+        <p className="eyebrow">Send feedback</p>
+        <h1>Help us improve Magent</h1>
+        <p className="lede">
+          Found a problem or have an idea? Send it here and we will see it right away.
+        </p>
+      </header>
+
+      <form className="auth-form" onSubmit={submit}>
+        <label htmlFor="feedback-user">Your username</label>
+        <input id="feedback-user" value={profile?.username ?? ''} readOnly />
+
+        <label htmlFor="feedback-type">What is this about?</label>
+        <select
+          id="feedback-type"
+          value={category}
+          onChange={(event) => setCategory(event.target.value)}
+        >
+          <option value="bug">Bug (something is broken)</option>
+          <option value="feature">Feature idea (new option)</option>
+        </select>
+
+        <label htmlFor="feedback-message">Tell us what happened</label>
+        <textarea
+          id="feedback-message"
+          rows={6}
+          value={message}
+          onChange={(event) => setMessage(event.target.value)}
+          placeholder="Write the details here..."
+        />
+
+        {status && <div className="status-banner">{status}</div>}
+
+        <button type="submit" disabled={submitting}>
+          {submitting ? 'Sending...' : 'Send feedback'}
+        </button>
+      </form>
+    </main>
+  )
+}

frontend/app/how-it-works/page.tsx

@@ -7,8 +7,8 @@ export default function HowItWorksPage() {
         <p className="eyebrow">How this works</p>
         <h1>Your request, step by step</h1>
         <p className="lede">
-          Think of Magent as a status tracker. It checks a few helper apps that do different jobs,
+          Magent is a friendly status checker. It looks at a few helper apps, then shows you where
-          then tells you where your request is stuck and what you can safely try next.
+          your request is and what you can safely do next.
         </p>
       </header>
 
@@ -17,32 +17,36 @@ export default function HowItWorksPage() {
           <h2>Jellyseerr</h2>
           <p className="how-title">The request box</p>
           <p>
-            This is where you ask for a movie or show. It records your request and keeps track of
+            This is where you ask for a movie or show. It keeps the request and whether it is
-            approvals.
+            approved.
           </p>
         </article>
         <article className="how-card">
           <h2>Sonarr / Radarr</h2>
-          <p className="how-title">The librarian</p>
+          <p className="how-title">The library manager</p>
           <p>
-            These apps add the item to the library, decide what quality to grab, and look for the
+            These add the request to the library list and decide what quality to look for.
-            files that match your request.
           </p>
         </article>
         <article className="how-card">
           <h2>Prowlarr</h2>
           <p className="how-title">The search helper</p>
           <p>
-            This one checks your torrent sources and reports back what it found, or if nothing is
+            This checks your search sources and reports back what it finds.
-            available yet.
           </p>
         </article>
         <article className="how-card">
           <h2>qBittorrent</h2>
           <p className="how-title">The downloader</p>
           <p>
-            If a file is found, this app downloads it. Magent can tell if it is actively
+            This downloads the file. Magent can tell if it is downloading, paused, or finished.
-            downloading, stalled, or finished.
+          </p>
+        </article>
+        <article className="how-card">
+          <h2>Jellyfin</h2>
+          <p className="how-title">The place you watch</p>
+          <p>
+            When the file is ready, Jellyfin shows it in your library so you can watch it.
           </p>
         </article>
       </section>
@@ -54,13 +58,13 @@ export default function HowItWorksPage() {
             <strong>You request a title</strong> in Jellyseerr.
           </li>
           <li>
-            <strong>Sonarr/Radarr adds it</strong> to the library list and asks Prowlarr to search.
+            <strong>Sonarr/Radarr adds it</strong> to the library list.
           </li>
           <li>
             <strong>Prowlarr looks for sources</strong> and sends results back.
           </li>
           <li>
-            <strong>qBittorrent downloads</strong> the best match.
+            <strong>qBittorrent downloads</strong> the match.
           </li>
           <li>
             <strong>Sonarr/Radarr imports</strong> it into your library.
@@ -71,12 +75,67 @@ export default function HowItWorksPage() {
         </ol>
       </section>
 
+      <section className="how-flow">
+        <h2>Steps and fixes (simple and visual)</h2>
+        <div className="how-step-grid">
+          <article className="how-step-card step-jellyseerr">
+            <div className="step-badge">1</div>
+            <h3>Request sent</h3>
+            <p className="step-note">Jellyseerr holds your request and approval.</p>
+            <div className="step-fix-title">Fixes you can try</div>
+            <ul className="step-fix-list">
+              <li>Add to library queue (if it was approved but never added)</li>
+            </ul>
+          </article>
+
+          <article className="how-step-card step-arr">
+            <div className="step-badge">2</div>
+            <h3>Added to the library list</h3>
+            <p className="step-note">Sonarr/Radarr decide what quality to get.</p>
+            <div className="step-fix-title">Fixes you can try</div>
+            <ul className="step-fix-list">
+              <li>Search for releases (see options)</li>
+              <li>Search and auto-download (let it pick for you)</li>
+            </ul>
+          </article>
+
+          <article className="how-step-card step-prowlarr">
+            <div className="step-badge">3</div>
+            <h3>Searching for sources</h3>
+            <p className="step-note">Prowlarr checks your torrent providers.</p>
+            <div className="step-fix-title">Fixes you can try</div>
+            <ul className="step-fix-list">
+              <li>Search for releases (show a list to choose)</li>
+            </ul>
+          </article>
+
+          <article className="how-step-card step-qbit">
+            <div className="step-badge">4</div>
+            <h3>Downloading the file</h3>
+            <p className="step-note">qBittorrent downloads the selected match.</p>
+            <div className="step-fix-title">Fixes you can try</div>
+            <ul className="step-fix-list">
+              <li>Resume download (only if it already exists there)</li>
+            </ul>
+          </article>
+
+          <article className="how-step-card step-jellyfin">
+            <div className="step-badge">5</div>
+            <h3>Ready to watch</h3>
+            <p className="step-note">Jellyfin shows it in your library.</p>
+            <div className="step-fix-title">What to do next</div>
+            <ul className="step-fix-list">
+              <li>Open in Jellyfin (watch it)</li>
+            </ul>
+          </article>
+        </div>
+      </section>
+
       <section className="how-callout">
-        <h2>Why Magent sometimes says "waiting"</h2>
+        <h2>Why Magent sometimes says &quot;waiting&quot;</h2>
         <p>
           If the search helper cannot find a match yet, Magent will say there is nothing to grab.
-          This does not mean something is broken. It usually means the release is not available
+          That does not mean it is broken. It usually means the release is not available yet.
-          yet or your search sources do not have it.
         </p>
       </section>
     </main>

frontend/app/layout.tsx

@@ -5,6 +5,7 @@ import HeaderIdentity from './ui/HeaderIdentity'
 import ThemeToggle from './ui/ThemeToggle'
 import BrandingFavicon from './ui/BrandingFavicon'
 import BrandingLogo from './ui/BrandingLogo'
+import SiteStatus from './ui/SiteStatus'
 
 export const metadata = {
   title: 'Magent',
@@ -28,13 +29,14 @@ export default function RootLayout({ children }: { children: ReactNode }) {
               </a>
             </div>
             <div className="header-right">
-              <HeaderIdentity />
               <ThemeToggle />
+              <HeaderIdentity />
             </div>
             <div className="header-nav">
               <HeaderActions />
             </div>
           </header>
+          <SiteStatus />
           {children}
         </div>
       </body>

frontend/app/login/page.tsx

@@ -85,6 +85,9 @@ export default function LoginPage() {
         >
           Sign in with Magent account
         </button>
+        <a className="ghost-button" href="/signup">
+          Have an invite? Create a Magent account
+        </a>
       </form>
     </main>
   )

frontend/app/page.tsx

@@ -4,6 +4,24 @@ import { useRouter } from 'next/navigation'
 import { useEffect, useState } from 'react'
 import { authFetch, getApiBase, getToken, clearToken } from './lib/auth'
 
+const normalizeRecentResults = (items: any[]) =>
+  items
+    .filter((item: any) => item?.id)
+    .map((item: any) => {
+      const id = item.id
+      const rawTitle = item.title
+      const placeholder =
+        typeof rawTitle === 'string' && rawTitle.trim().toLowerCase() === `request ${id}`
+      return {
+        id,
+        title: !rawTitle || placeholder ? `Request #${id}` : rawTitle,
+        year: item.year,
+        statusLabel: item.statusLabel,
+        artwork: item.artwork,
+        createdAt: item.createdAt ?? null,
+      }
+    })
+
 export default function HomePage() {
   const router = useRouter()
   const [query, setQuery] = useState('')
@@ -14,6 +32,7 @@ export default function HomePage() {
       year?: number
       statusLabel?: string
       artwork?: { poster_url?: string }
+      createdAt?: string | null
     }[]
   >([])
   const [recentError, setRecentError] = useState<string | null>(null)
@@ -30,6 +49,9 @@ export default function HomePage() {
   >(null)
   const [servicesLoading, setServicesLoading] = useState(false)
   const [servicesError, setServicesError] = useState<string | null>(null)
+  const [serviceTesting, setServiceTesting] = useState<Record<string, boolean>>({})
+  const [serviceTestResults, setServiceTestResults] = useState<Record<string, string | null>>({})
+  const [liveStreamConnected, setLiveStreamConnected] = useState(false)
 
   const submit = (event: React.FormEvent) => {
     event.preventDefault()
@@ -42,6 +64,61 @@ export default function HomePage() {
     void runSearch(trimmed)
   }
 
+  const toServiceSlug = (name: string) => name.toLowerCase().replace(/[^a-z0-9]/g, '')
+
+  const updateServiceStatus = (name: string, status: string, message?: string) => {
+    setServicesStatus((prev) => {
+      if (!prev) return prev
+      return {
+        ...prev,
+        services: prev.services.map((service) =>
+          service.name === name ? { ...service, status, message } : service
+        ),
+      }
+    })
+  }
+
+  const testService = async (name: string) => {
+    const slug = toServiceSlug(name)
+    setServiceTesting((prev) => ({ ...prev, [name]: true }))
+    setServiceTestResults((prev) => ({ ...prev, [name]: null }))
+    try {
+      const baseUrl = getApiBase()
+      const response = await authFetch(`${baseUrl}/status/services/${slug}/test`, {
+        method: 'POST',
+      })
+      if (!response.ok) {
+        if (response.status === 401) {
+          clearToken()
+          router.push('/login')
+          return
+        }
+        const text = await response.text()
+        throw new Error(text || `Service test failed: ${response.status}`)
+      }
+      const data = await response.json()
+      const status = data?.status ?? 'unknown'
+      const message =
+        data?.message ||
+        (status === 'up'
+          ? 'API OK'
+          : status === 'down'
+            ? 'API unreachable'
+            : status === 'degraded'
+              ? 'Health warnings'
+              : status === 'not_configured'
+                ? 'Not configured'
+                : 'Unknown')
+      setServiceTestResults((prev) => ({ ...prev, [name]: message }))
+      updateServiceStatus(name, status, data?.message)
+    } catch (error) {
+      console.error(error)
+      setServiceTestResults((prev) => ({ ...prev, [name]: 'Test failed' }))
+    } finally {
+      setServiceTesting((prev) => ({ ...prev, [name]: false }))
+    }
+  }
+
   useEffect(() => {
     if (!getToken()) {
       router.push('/login')
@@ -79,24 +156,7 @@ export default function HomePage() {
         }
         const data = await response.json()
         if (Array.isArray(data?.results)) {
-          setRecent(
+          setRecent(normalizeRecentResults(data.results))
-            data.results
-              .filter((item: any) => item?.id)
-              .map((item: any) => {
-                const id = item.id
-                const rawTitle = item.title
-                const placeholder =
-                  typeof rawTitle === 'string' &&
-                  rawTitle.trim().toLowerCase() === `request ${id}`
-                return {
-                  id,
-                  title: !rawTitle || placeholder ? `Request #${id}` : rawTitle,
-                  year: item.year,
-                  statusLabel: item.statusLabel,
-                  artwork: item.artwork,
-                }
-              })
-          )
         }
       } catch (error) {
         console.error(error)
@@ -137,10 +197,79 @@ export default function HomePage() {
       }
     }
 
-    load()
+    void load()
+    if (liveStreamConnected) {
+      return
+    }
     const timer = setInterval(load, 30000)
     return () => clearInterval(timer)
-  }, [authReady, router])
+  }, [authReady, liveStreamConnected, router])
+
+  useEffect(() => {
+    if (!authReady) {
+      setLiveStreamConnected(false)
+      return
+    }
+    const token = getToken()
+    if (!token) {
+      setLiveStreamConnected(false)
+      return
+    }
+    const baseUrl = getApiBase()
+    const streamUrl = `${baseUrl}/events/stream?access_token=${encodeURIComponent(token)}&recent_days=${encodeURIComponent(String(recentDays))}`
+    let closed = false
+    const source = new EventSource(streamUrl)
+
+    source.onopen = () => {
+      if (closed) return
+      setLiveStreamConnected(true)
+    }
+
+    source.onmessage = (event) => {
+      if (closed) return
+      setLiveStreamConnected(true)
+      try {
+        const payload = JSON.parse(event.data)
+        if (!payload || typeof payload !== 'object') {
+          return
+        }
+        if (payload.type === 'home_recent') {
+          if (Array.isArray(payload.results)) {
+            setRecent(normalizeRecentResults(payload.results))
+            setRecentError(null)
+            setRecentLoading(false)
+          } else if (typeof payload.error === 'string' && payload.error.trim()) {
+            setRecentError('Recent requests are not available right now.')
+            setRecentLoading(false)
+          }
+          return
+        }
+        if (payload.type === 'home_services') {
+          if (payload.status && typeof payload.status === 'object') {
+            setServicesStatus(payload.status)
+            setServicesError(null)
+            setServicesLoading(false)
+          } else if (typeof payload.error === 'string' && payload.error.trim()) {
+            setServicesError('Service status is not available right now.')
+            setServicesLoading(false)
+          }
+        }
+      } catch (error) {
+        console.error(error)
+      }
+    }
+
+    source.onerror = () => {
+      if (closed) return
+      setLiveStreamConnected(false)
+    }
+
+    return () => {
+      closed = true
+      setLiveStreamConnected(false)
+      source.close()
+    }
+  }, [authReady, recentDays])
 
   const runSearch = async (term: string) => {
     try {
@@ -179,6 +308,13 @@ export default function HomePage() {
     return url.startsWith('http') ? url : `${getApiBase()}${url}`
   }
 
+  const formatRequestTime = (value?: string | null) => {
+    if (!value) return null
+    const date = new Date(value)
+    if (Number.isNaN(date.valueOf())) return value
+    return date.toLocaleString()
+  }
+
   return (
     <main className="card">
       <div className="layout-grid">
@@ -214,10 +350,17 @@ export default function HomePage() {
                   return order.map((name) => {
                     const item = items.find((entry) => entry.name === name)
                     const status = item?.status ?? 'unknown'
+                    const testing = serviceTesting[name] ?? false
                     return (
                       <div key={name} className={`system-item system-${status}`}>
                         <span className="system-dot" />
+                        <div className="system-meta">
                           <span className="system-name">{name}</span>
+                          {serviceTestResults[name] && (
+                            <span className="system-test-message">{serviceTestResults[name]}</span>
+                          )}
+                        </div>
+                        <div className="system-actions">
                           <span className="system-state">
                             {status === 'up'
                               ? 'Up'
@@ -229,6 +372,15 @@ export default function HomePage() {
                                     ? 'Not configured'
                                     : 'Unknown'}
                           </span>
+                          <button
+                            type="button"
+                            className="system-test"
+                            onClick={() => void testService(name)}
+                            disabled={testing}
+                          >
+                            {testing ? 'Testing...' : 'Test'}
+                          </button>
+                        </div>
                       </div>
                     )
                   })
@@ -239,11 +391,12 @@ export default function HomePage() {
               <h2>{role === 'admin' ? 'All requests' : 'My recent requests'}</h2>
               {authReady && (
                 <label className="recent-filter">
-                  <span>Show last</span>
+                  <span>Show</span>
                   <select
                     value={recentDays}
                     onChange={(event) => setRecentDays(Number(event.target.value))}
                   >
+                    <option value={0}>All</option>
                     <option value={30}>30 days</option>
                     <option value={60}>60 days</option>
                     <option value={90}>90 days</option>
@@ -290,6 +443,7 @@ export default function HomePage() {
                       <span className="recent-meta">
                         {item.statusLabel ? item.statusLabel : 'Status not available yet'} · Request{' '}
                         {item.id}
+                        {item.createdAt ? ` · ${formatRequestTime(item.createdAt)}` : ''}
                       </span>
                     </span>
                   </button>

frontend/app/profile/page.tsx

@@ -10,9 +10,65 @@ type ProfileInfo = {
   auth_provider: string
 }
 
+type ProfileStats = {
+  total: number
+  ready: number
+  pending: number
+  in_progress: number
+  declined: number
+  working: number
+  partial: number
+  approved: number
+  last_request_at?: string | null
+  share: number
+  global_total: number
+  most_active_user?: { username: string; total: number } | null
+}
+
+type ActivityEntry = {
+  ip: string
+  user_agent: string
+  first_seen_at: string
+  last_seen_at: string
+  hit_count: number
+}
+
+type ProfileActivity = {
+  last_ip?: string | null
+  last_user_agent?: string | null
+  last_seen_at?: string | null
+  device_count: number
+  recent: ActivityEntry[]
+}
+
+type ProfileResponse = {
+  user: ProfileInfo
+  stats: ProfileStats
+  activity: ProfileActivity
+}
+
+const formatDate = (value?: string | null) => {
+  if (!value) return 'Never'
+  const date = new Date(value)
+  if (Number.isNaN(date.valueOf())) return value
+  return date.toLocaleString()
+}
+
+const parseBrowser = (agent?: string | null) => {
+  if (!agent) return 'Unknown'
+  const value = agent.toLowerCase()
+  if (value.includes('edg/')) return 'Edge'
+  if (value.includes('chrome/') && !value.includes('edg/')) return 'Chrome'
+  if (value.includes('firefox/')) return 'Firefox'
+  if (value.includes('safari/') && !value.includes('chrome/')) return 'Safari'
+  return 'Unknown'
+}
+
 export default function ProfilePage() {
   const router = useRouter()
   const [profile, setProfile] = useState<ProfileInfo | null>(null)
+  const [stats, setStats] = useState<ProfileStats | null>(null)
+  const [activity, setActivity] = useState<ProfileActivity | null>(null)
   const [currentPassword, setCurrentPassword] = useState('')
   const [newPassword, setNewPassword] = useState('')
   const [status, setStatus] = useState<string | null>(null)
@@ -26,18 +82,21 @@ export default function ProfilePage() {
     const load = async () => {
       try {
         const baseUrl = getApiBase()
-        const response = await authFetch(`${baseUrl}/auth/me`)
+        const response = await authFetch(`${baseUrl}/auth/profile`)
         if (!response.ok) {
           clearToken()
           router.push('/login')
           return
         }
         const data = await response.json()
+        const user = data?.user ?? {}
         setProfile({
-          username: data?.username ?? 'Unknown',
+          username: user?.username ?? 'Unknown',
-          role: data?.role ?? 'user',
+          role: user?.role ?? 'user',
-          auth_provider: data?.auth_provider ?? 'local',
+          auth_provider: user?.auth_provider ?? 'local',
         })
+        setStats(data?.stats ?? null)
+        setActivity(data?.activity ?? null)
       } catch (err) {
         console.error(err)
         setStatus('Could not load your profile.')
@@ -91,6 +150,78 @@ export default function ProfilePage() {
           {profile.auth_provider}.
         </div>
       )}
+      <div className="profile-grid">
+        <section className="profile-section">
+          <h2>Account stats</h2>
+          <div className="stat-grid">
+            <div className="stat-card">
+              <div className="stat-label">Requests submitted</div>
+              <div className="stat-value">{stats?.total ?? 0}</div>
+            </div>
+            <div className="stat-card">
+              <div className="stat-label">Ready to watch</div>
+              <div className="stat-value">{stats?.ready ?? 0}</div>
+            </div>
+            <div className="stat-card">
+              <div className="stat-label">In progress</div>
+              <div className="stat-value">{stats?.in_progress ?? 0}</div>
+            </div>
+            <div className="stat-card">
+              <div className="stat-label">Pending approval</div>
+              <div className="stat-value">{stats?.pending ?? 0}</div>
+            </div>
+            <div className="stat-card">
+              <div className="stat-label">Declined</div>
+              <div className="stat-value">{stats?.declined ?? 0}</div>
+            </div>
+            <div className="stat-card">
+              <div className="stat-label">Last request</div>
+              <div className="stat-value stat-value--small">
+                {formatDate(stats?.last_request_at)}
+              </div>
+            </div>
+            <div className="stat-card">
+              <div className="stat-label">Share of all requests</div>
+              <div className="stat-value">
+                {stats?.global_total
+                  ? `${Math.round((stats.share || 0) * 1000) / 10}%`
+                  : '0%'}
+              </div>
+            </div>
+            {profile?.role === 'admin' ? (
+              <div className="stat-card">
+                <div className="stat-label">Most active user</div>
+                <div className="stat-value stat-value--small">
+                  {stats?.most_active_user
+                    ? `${stats.most_active_user.username} (${stats.most_active_user.total})`
+                    : 'N/A'}
+                </div>
+              </div>
+            ) : null}
+          </div>
+        </section>
+        <section className="profile-section">
+          <h2>Connection history</h2>
+          <div className="status-banner">
+            Last seen {formatDate(activity?.last_seen_at)} from {activity?.last_ip ?? 'Unknown'}.
+          </div>
+          <div className="connection-list">
+            {(activity?.recent ?? []).map((entry, index) => (
+              <div key={`${entry.ip}-${entry.last_seen_at}-${index}`} className="connection-item">
+                <div>
+                  <div className="connection-label">{parseBrowser(entry.user_agent)}</div>
+                  <div className="meta">IP: {entry.ip}</div>
+                  <div className="meta">Last seen: {formatDate(entry.last_seen_at)}</div>
+                </div>
+                <div className="connection-count">{entry.hit_count} visits</div>
+              </div>
+            ))}
+            {activity && activity.recent.length === 0 ? (
+              <div className="status-banner">No connection history yet.</div>
+            ) : null}
+          </div>
+        </section>
+      </div>
       {profile?.auth_provider !== 'local' ? (
         <div className="status-banner">
           Password changes are only available for local Magent accounts.

frontend/app/requests/[id]/page.tsx

@@ -1,5 +1,6 @@
 'use client'
 
+import Image from 'next/image'
 import { useEffect, useState } from 'react'
 import { useRouter } from 'next/navigation'
 import { authFetch, clearToken, getApiBase, getToken } from '../../lib/auth'
@@ -33,7 +34,9 @@ type ReleaseOption = {
   seeders?: number
   leechers?: number
   protocol?: string
+  publishDate?: string
   infoUrl?: string
+  downloadUrl?: string
 }
 
 type SnapshotHistory = {
@@ -122,7 +125,7 @@ const friendlyState = (value: string) => {
   const map: Record<string, string> = {
     REQUESTED: 'Waiting for approval',
     APPROVED: 'Approved and queued',
-    NEEDS_ADD: 'Needs adding to the library',
+    NEEDS_ADD: 'Push to Sonarr/Radarr',
     ADDED_TO_ARR: 'Added to the library queue',
     SEARCHING: 'Searching for releases',
     GRABBED: 'Download queued',
@@ -154,7 +157,7 @@ const friendlyTimelineStatus = (service: string, status: string) => {
   }
   if (service === 'Sonarr/Radarr') {
     const map: Record<string, string> = {
-      missing: 'Not added yet',
+      missing: 'Push to Sonarr/Radarr',
       added: 'Added to the library queue',
       searching: 'Searching for releases',
       available: 'Ready to watch',
@@ -249,7 +252,7 @@ export default function RequestTimelinePage({ params }: { params: { id: string }
     }
 
     load()
-  }, [params.id])
+  }, [params.id, router])
 
   if (loading) {
     return (
@@ -273,9 +276,11 @@ export default function RequestTimelinePage({ params }: { params: { id: string }
   const downloadHop = snapshot.timeline.find((hop) => hop.service === 'qBittorrent')
   const downloadState = downloadHop?.details?.summary ?? downloadHop?.status ?? 'Unknown'
   const jellyfinAvailable = Boolean(snapshot.raw?.jellyfin?.available)
+  const arrStageLabel =
+    snapshot.state === 'NEEDS_ADD' ? 'Push to Sonarr/Radarr' : 'Library queue'
   const pipelineSteps = [
     { key: 'Jellyseerr', label: 'Jellyseerr' },
-    { key: 'Sonarr/Radarr', label: 'Library queue' },
+    { key: 'Sonarr/Radarr', label: arrStageLabel },
     { key: 'Prowlarr', label: 'Search' },
     { key: 'qBittorrent', label: 'Download' },
     { key: 'Jellyfin', label: 'Jellyfin' },
@@ -307,11 +312,14 @@ export default function RequestTimelinePage({ params }: { params: { id: string }
       <div className="request-header">
         <div className="request-header-main">
           {resolvedPoster && (
-            <img
+            <Image
               className="request-poster"
               src={resolvedPoster}
               alt={`${snapshot.title} poster`}
-              loading="lazy"
+              width={90}
+              height={135}
+              sizes="90px"
+              unoptimized
             />
           )}
           <div>
@@ -484,7 +492,8 @@ export default function RequestTimelinePage({ params }: { params: { id: string }
                 }
                 const baseUrl = getApiBase()
                 const actionMap: Record<string, string> = {
-                  search: 'actions/search',
+                  search_releases: 'actions/search',
+                  search_auto: 'actions/search_auto',
                   resume_torrent: 'actions/qbit/resume',
                   readd_to_arr: 'actions/readd',
                 }
@@ -493,7 +502,7 @@ export default function RequestTimelinePage({ params }: { params: { id: string }
                   setActionMessage('This action is not wired yet.')
                   return
                 }
-                if (action.id === 'search') {
+                if (action.id === 'search_releases') {
                   setActionMessage(null)
                   setReleaseOptions([])
                   setSearchRan(false)
@@ -513,7 +522,7 @@ export default function RequestTimelinePage({ params }: { params: { id: string }
                     throw new Error(text || `Request failed: ${response.status}`)
                   }
                   const data = await response.json()
-                  if (action.id === 'search') {
+                  if (action.id === 'search_releases') {
                     if (Array.isArray(data.releases)) {
                       setReleaseOptions(data.releases)
                     }
@@ -526,6 +535,10 @@ export default function RequestTimelinePage({ params }: { params: { id: string }
                       setModalMessage('Search complete. Pick an option below if you want to download.')
                     }
                     setActionMessage(`${action.label} started.`)
+                  } else if (action.id === 'search_auto') {
+                    const message = data?.message ?? 'Search sent to Sonarr/Radarr.'
+                    setActionMessage(message)
+                    setModalMessage(message)
                   } else {
                     const message = data?.message ?? `${action.label} started.`
                     setActionMessage(message)
@@ -565,6 +578,7 @@ export default function RequestTimelinePage({ params }: { params: { id: string }
                   <span>{release.seeders ?? 0} seeders · {formatBytes(release.size)}</span>
                   <button
                     type="button"
+                    disabled={!release.guid || !release.indexerId}
                     onClick={async () => {
                       if (!snapshot || !release.guid || !release.indexerId) {
                         setActionMessage('Missing details to start the download.')
@@ -583,6 +597,14 @@ export default function RequestTimelinePage({ params }: { params: { id: string }
                             body: JSON.stringify({
                               guid: release.guid,
                               indexerId: release.indexerId,
+                              indexerName: release.indexer,
+                              downloadUrl: release.downloadUrl,
+                              title: release.title,
+                              size: release.size,
+                              protocol: release.protocol,
+                              publishDate: release.publishDate,
+                              seeders: release.seeders,
+                              leechers: release.leechers,
                             }),
                           }
                         )
@@ -595,8 +617,8 @@ export default function RequestTimelinePage({ params }: { params: { id: string }
                           const text = await response.text()
                           throw new Error(text || `Request failed: ${response.status}`)
                         }
-                        setActionMessage('Download sent to Sonarr/Radarr.')
+                        setActionMessage('Download sent to qBittorrent.')
-                        setModalMessage('Download sent to Sonarr/Radarr.')
+                        setModalMessage('Download sent to qBittorrent.')
                       } catch (error) {
                         console.error(error)
                         const message = 'Download failed. Check the logs.'

frontend/app/signup/page.tsx

@@ -0,0 +1,223 @@
+'use client'
+
+import { Suspense, useEffect, useMemo, useState } from 'react'
+import { useRouter, useSearchParams } from 'next/navigation'
+import BrandingLogo from '../ui/BrandingLogo'
+import { clearToken, getApiBase, setToken } from '../lib/auth'
+
+type InviteInfo = {
+  code: string
+  label?: string | null
+  description?: string | null
+  enabled: boolean
+  is_expired?: boolean
+  is_usable?: boolean
+  expires_at?: string | null
+  max_uses?: number | null
+  use_count?: number | null
+  remaining_uses?: number | null
+  profile?: {
+    id: number
+    name: string
+    description?: string | null
+  } | null
+}
+
+const formatDate = (value?: string | null) => {
+  if (!value) return 'Never'
+  const date = new Date(value)
+  if (Number.isNaN(date.valueOf())) return value
+  return date.toLocaleString()
+}
+
+function SignupPageContent() {
+  const router = useRouter()
+  const searchParams = useSearchParams()
+  const [inviteCode, setInviteCode] = useState(searchParams.get('code') ?? '')
+  const [invite, setInvite] = useState<InviteInfo | null>(null)
+  const [inviteLoading, setInviteLoading] = useState(false)
+  const [loading, setLoading] = useState(false)
+  const [username, setUsername] = useState('')
+  const [password, setPassword] = useState('')
+  const [confirmPassword, setConfirmPassword] = useState('')
+  const [error, setError] = useState<string | null>(null)
+  const [status, setStatus] = useState<string | null>(null)
+
+  const canSubmit = useMemo(() => {
+    return Boolean(invite?.is_usable && username.trim() && password && !loading)
+  }, [invite, username, password, loading])
+
+  const lookupInvite = async (code: string) => {
+    const trimmed = code.trim()
+    if (!trimmed) {
+      setInvite(null)
+      return
+    }
+    setInviteLoading(true)
+    setError(null)
+    setStatus(null)
+    try {
+      const baseUrl = getApiBase()
+      const response = await fetch(`${baseUrl}/auth/invites/${encodeURIComponent(trimmed)}`)
+      if (!response.ok) {
+        const text = await response.text()
+        throw new Error(text || 'Invite not found')
+      }
+      const data = await response.json()
+      setInvite(data?.invite ?? null)
+      setStatus('Invite loaded.')
+    } catch (err) {
+      console.error(err)
+      setInvite(null)
+      setError('Invite code not found or unavailable.')
+    } finally {
+      setInviteLoading(false)
+    }
+  }
+
+  useEffect(() => {
+    const initialCode = searchParams.get('code') ?? ''
+    if (initialCode) {
+      setInviteCode(initialCode)
+      void lookupInvite(initialCode)
+    }
+  }, [searchParams])
+
+  const submit = async (event: React.FormEvent) => {
+    event.preventDefault()
+    if (password !== confirmPassword) {
+      setError('Passwords do not match.')
+      return
+    }
+    if (!inviteCode.trim()) {
+      setError('Invite code is required.')
+      return
+    }
+    if (!invite?.is_usable) {
+      setError('Invite is not usable. Refresh invite details or ask an admin for a new code.')
+      return
+    }
+    setLoading(true)
+    setError(null)
+    setStatus(null)
+    try {
+      clearToken()
+      const baseUrl = getApiBase()
+      const response = await fetch(`${baseUrl}/auth/signup`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          invite_code: inviteCode,
+          username: username.trim(),
+          password,
+        }),
+      })
+      if (!response.ok) {
+        const text = await response.text()
+        throw new Error(text || 'Sign-up failed')
+      }
+      const data = await response.json()
+      if (data?.access_token) {
+        setToken(data.access_token)
+        window.location.href = '/'
+        return
+      }
+      throw new Error('Sign-up did not return a token')
+    } catch (err) {
+      console.error(err)
+      setError(err instanceof Error ? err.message : 'Unable to create account.')
+    } finally {
+      setLoading(false)
+    }
+  }
+
+  return (
+    <main className="card auth-card">
+      <BrandingLogo className="brand-logo brand-logo--login" />
+      <h1>Create account</h1>
+      <p className="lede">Use an invite code from your admin to create a Magent account.</p>
+      <form onSubmit={submit} className="auth-form">
+        <label>
+          Invite code
+          <div className="invite-lookup-row">
+            <input
+              value={inviteCode}
+              onChange={(e) => setInviteCode(e.target.value)}
+              placeholder="Paste your invite code"
+              autoCapitalize="characters"
+            />
+            <button
+              type="button"
+              className="ghost-button"
+              disabled={inviteLoading}
+              onClick={() => void lookupInvite(inviteCode)}
+            >
+              {inviteLoading ? 'Checking…' : 'Check invite'}
+            </button>
+          </div>
+        </label>
+        {invite && (
+          <div className={`invite-summary ${invite.is_usable ? '' : 'is-disabled'}`}>
+            <div className="invite-summary-row">
+              <strong>{invite.label || invite.code}</strong>
+              <span className={`small-pill ${invite.is_usable ? '' : 'is-muted'}`}>
+                {invite.is_usable ? 'Usable' : 'Unavailable'}
+              </span>
+            </div>
+            {invite.description && <p>{invite.description}</p>}
+            <div className="admin-meta-row">
+              <span>Code: {invite.code}</span>
+              <span>Expires: {formatDate(invite.expires_at)}</span>
+              <span>Remaining uses: {invite.remaining_uses ?? 'Unlimited'}</span>
+              <span>Profile: {invite.profile?.name || 'None'}</span>
+            </div>
+          </div>
+        )}
+        <label>
+          Username
+          <input
+            value={username}
+            onChange={(e) => setUsername(e.target.value)}
+            autoComplete="username"
+          />
+        </label>
+        <label>
+          Password
+          <input
+            type="password"
+            value={password}
+            onChange={(e) => setPassword(e.target.value)}
+            autoComplete="new-password"
+          />
+        </label>
+        <label>
+          Confirm password
+          <input
+            type="password"
+            value={confirmPassword}
+            onChange={(e) => setConfirmPassword(e.target.value)}
+            autoComplete="new-password"
+          />
+        </label>
+        {error && <div className="error-banner">{error}</div>}
+        {status && <div className="status-banner">{status}</div>}
+        <div className="auth-actions">
+          <button type="submit" disabled={!canSubmit}>
+            {loading ? 'Creating account…' : 'Create account'}
+          </button>
+        </div>
+        <button type="button" className="ghost-button" disabled={loading} onClick={() => router.push('/login')}>
+          Back to sign in
+        </button>
+      </form>
+    </main>
+  )
+}
+
+export default function SignupPage() {
+  return (
+    <Suspense fallback={<main className="card auth-card">Loading sign-up…</main>}>
+      <SignupPageContent />
+    </Suspense>
+  )
+}

frontend/app/ui/AdminSidebar.tsx

@@ -17,15 +17,17 @@ const NAV_GROUPS = [
   {
     title: 'Requests',
     items: [
-      { href: '/admin/requests', label: 'Request syncing' },
+      { href: '/admin/requests', label: 'Request sync' },
-      { href: '/admin/artwork', label: 'Artwork' },
+      { href: '/admin/requests-all', label: 'All requests' },
-      { href: '/admin/cache', label: 'Cache' },
+      { href: '/admin/cache', label: 'Cache Control' },
     ],
   },
   {
     title: 'Admin',
     items: [
+      { href: '/admin/site', label: 'Site' },
       { href: '/users', label: 'Users' },
+      { href: '/admin/invites', label: 'Invite management' },
       { href: '/admin/logs', label: 'Activity log' },
       { href: '/admin/maintenance', label: 'Maintenance' },
     ],

frontend/app/ui/BrandingFavicon.tsx

@@ -1,17 +1,10 @@
 'use client'
 
 import { useEffect } from 'react'
-import { getApiBase } from '../lib/auth'
-
-const STORAGE_KEY = 'branding_version'
 
 export default function BrandingFavicon() {
   useEffect(() => {
-    const baseUrl = getApiBase()
+    const href = '/api/branding/favicon.ico'
-    const version =
-      (typeof window !== 'undefined' && window.localStorage.getItem(STORAGE_KEY)) || ''
-    const versionSuffix = version ? `?v=${encodeURIComponent(version)}` : ''
-    const href = `${baseUrl}/branding/favicon.ico${versionSuffix}`
     let link = document.querySelector("link[rel='icon']") as HTMLLinkElement | null
     if (!link) {
       link = document.createElement('link')

frontend/app/ui/BrandingLogo.tsx

@@ -1,36 +1,14 @@
-'use client'
-
-import { useEffect, useState } from 'react'
-import { getApiBase } from '../lib/auth'
-
-const STORAGE_KEY = 'branding_version'
-
 type BrandingLogoProps = {
   className?: string
   alt?: string
 }
 
 export default function BrandingLogo({ className, alt = 'Magent logo' }: BrandingLogoProps) {
-  const [src, setSrc] = useState<string | null>(null)
-
-  useEffect(() => {
-    const baseUrl = getApiBase()
-    const version =
-      (typeof window !== 'undefined' && window.localStorage.getItem(STORAGE_KEY)) || ''
-    const versionSuffix = version ? `?v=${encodeURIComponent(version)}` : ''
-    setSrc(`${baseUrl}/branding/logo.png${versionSuffix}`)
-  }, [])
-
-  if (!src) {
-    return null
-  }
-
   return (
     <img
       className={className}
-      src={src}
+      src="/api/branding/logo.png"
       alt={alt}
-      onError={() => setSrc(null)}
     />
   )
 }

frontend/app/ui/HeaderActions.tsx

@@ -32,27 +32,16 @@ export default function HeaderActions() {
     void load()
   }, [])
 
-  const signOut = () => {
+  if (!signedIn) {
-    clearToken()
+    return null
-    setSignedIn(false)
-    if (typeof window !== 'undefined') {
-      window.location.href = '/login'
-    }
   }
 
   return (
     <div className="header-actions">
+      <a className="header-cta header-cta--left" href="/feedback">Send feedback</a>
       <a href="/">Requests</a>
       <a href="/how-it-works">How it works</a>
-      {signedIn && <a href="/profile">My profile</a>}
       {role === 'admin' && <a href="/admin">Settings</a>}
-      {signedIn ? (
-        <button type="button" className="header-link" onClick={signOut}>
-          Sign out
-        </button>
-      ) : (
-        <a href="/login">Sign in</a>
-      )}
     </div>
   )
 }

frontend/app/ui/HeaderIdentity.tsx

@@ -4,13 +4,15 @@ import { useEffect, useState } from 'react'
 import { authFetch, clearToken, getApiBase, getToken } from '../lib/auth'
 
 export default function HeaderIdentity() {
-  const [identity, setIdentity] = useState<string | null>(null)
+  const [identity, setIdentity] = useState<{ username: string; role?: string } | null>(null)
+  const [buildNumber, setBuildNumber] = useState<string | null>(null)
   const [open, setOpen] = useState(false)
 
   useEffect(() => {
     const token = getToken()
     if (!token) {
       setIdentity(null)
+      setBuildNumber(null)
       return
     }
     const load = async () => {
@@ -24,7 +26,14 @@ export default function HeaderIdentity() {
         }
         const data = await response.json()
         if (data?.username) {
-          setIdentity(`${data.username}${data.role ? ` (${data.role})` : ''}`)
+          setIdentity({ username: data.username, role: data.role })
+        }
+        const siteResponse = await fetch(`${baseUrl}/site/public`)
+        if (siteResponse.ok) {
+          const siteInfo = await siteResponse.json()
+          if (siteInfo?.buildNumber) {
+            setBuildNumber(siteInfo.buildNumber)
+          }
         }
       } catch (err) {
         console.error(err)
@@ -38,14 +47,42 @@ export default function HeaderIdentity() {
     return null
   }
 
+  const label = `${identity.username}${identity.role ? ` (${identity.role})` : ''}`
+  const initial = identity.username.slice(0, 1).toUpperCase()
+  const signOut = () => {
+    clearToken()
+    if (typeof window !== 'undefined') {
+      window.location.href = '/login'
+    }
+  }
+
   return (
     <div className="signed-in-menu">
-      <button type="button" className="signed-in" onClick={() => setOpen((prev) => !prev)}>
+      <button
-        Signed in as {identity}
+        type="button"
+        className="avatar-button"
+        onClick={() => setOpen((prev) => !prev)}
+        aria-haspopup="true"
+        aria-expanded={open}
+        title={label}
+      >
+        {initial}
       </button>
       {open && (
         <div className="signed-in-dropdown">
-          <a href="/profile">My profile</a>
+          <div className="signed-in-header">Signed in as {label}</div>
+          <div className="signed-in-actions">
+            <a href="/profile" onClick={() => setOpen(false)}>
+              My profile
+            </a>
+            <a href="/changelog" onClick={() => setOpen(false)}>
+              Changelog
+            </a>
+            <button type="button" className="signed-in-signout" onClick={signOut}>
+              Sign out
+            </button>
+          </div>
+          {buildNumber ? <div className="signed-in-build">Build {buildNumber}</div> : null}
         </div>
       )}
     </div>

frontend/app/ui/SiteStatus.tsx

@@ -0,0 +1,62 @@
+'use client'
+
+import { useEffect, useState } from 'react'
+import { authFetch, clearToken, getApiBase, getToken } from '../lib/auth'
+
+type BannerInfo = {
+  enabled: boolean
+  message: string
+  tone?: string
+}
+
+type SiteInfo = {
+  buildNumber?: string
+  banner?: BannerInfo
+}
+
+const buildRequest = () => {
+  const token = getToken()
+  const baseUrl = getApiBase()
+  const url = token ? `${baseUrl}/site/info` : `${baseUrl}/site/public`
+  const fetcher = token ? authFetch : fetch
+  return { token, url, fetcher }
+}
+
+export default function SiteStatus() {
+  const [info, setInfo] = useState<SiteInfo | null>(null)
+
+  useEffect(() => {
+    let active = true
+    const load = async () => {
+      try {
+        const { token, url, fetcher } = buildRequest()
+        const response = await fetcher(url)
+        if (!response.ok) {
+          if (response.status === 401 && token) {
+            clearToken()
+          }
+          return
+        }
+        const data = await response.json()
+        if (!active) return
+        setInfo(data)
+      } catch (err) {
+        console.error(err)
+      }
+    }
+    void load()
+    return () => {
+      active = false
+    }
+  }, [])
+
+  const banner = info?.banner
+  const tone = banner?.tone || 'info'
+  return (
+    <>
+      {banner?.enabled && banner.message ? (
+        <div className={`site-banner site-banner--${tone}`}>{banner.message}</div>
+      ) : null}
+    </>
+  )
+}

frontend/app/users/[id]/page.tsx

@@ -0,0 +1,554 @@
+'use client'
+
+import { useEffect, useState } from 'react'
+import { useParams, useRouter } from 'next/navigation'
+import { authFetch, clearToken, getApiBase, getToken } from '../../lib/auth'
+import AdminShell from '../../ui/AdminShell'
+
+type UserStats = {
+  total: number
+  ready: number
+  pending: number
+  approved: number
+  working: number
+  partial: number
+  declined: number
+  in_progress: number
+  last_request_at?: string | null
+}
+
+type AdminUser = {
+  id?: number
+  username: string
+  role: string
+  auth_provider?: string | null
+  last_login_at?: string | null
+  is_blocked?: boolean
+  auto_search_enabled?: boolean
+  jellyseerr_user_id?: number | null
+  profile_id?: number | null
+  expires_at?: string | null
+  is_expired?: boolean
+}
+
+type UserProfileOption = {
+  id: number
+  name: string
+  is_active?: boolean
+}
+
+const formatDateTime = (value?: string | null) => {
+  if (!value) return 'Never'
+  const date = new Date(value)
+  if (Number.isNaN(date.valueOf())) return value
+  return date.toLocaleString()
+}
+
+const toLocalDateTimeInput = (value?: string | null) => {
+  if (!value) return ''
+  const date = new Date(value)
+  if (Number.isNaN(date.valueOf())) return ''
+  const offsetMs = date.getTimezoneOffset() * 60_000
+  const local = new Date(date.getTime() - offsetMs)
+  return local.toISOString().slice(0, 16)
+}
+
+const fromLocalDateTimeInput = (value: string) => {
+  if (!value.trim()) return null
+  const date = new Date(value)
+  if (Number.isNaN(date.valueOf())) return null
+  return date.toISOString()
+}
+
+const normalizeStats = (stats: any): UserStats => ({
+  total: Number(stats?.total ?? 0),
+  ready: Number(stats?.ready ?? 0),
+  pending: Number(stats?.pending ?? 0),
+  approved: Number(stats?.approved ?? 0),
+  working: Number(stats?.working ?? 0),
+  partial: Number(stats?.partial ?? 0),
+  declined: Number(stats?.declined ?? 0),
+  in_progress: Number(stats?.in_progress ?? 0),
+  last_request_at: stats?.last_request_at ?? null,
+})
+
+export default function UserDetailPage() {
+  const params = useParams()
+  const router = useRouter()
+  const idParam = Array.isArray(params?.id) ? params.id[0] : params?.id
+  const [user, setUser] = useState<AdminUser | null>(null)
+  const [stats, setStats] = useState<UserStats | null>(null)
+  const [error, setError] = useState<string | null>(null)
+  const [loading, setLoading] = useState(true)
+  const [profiles, setProfiles] = useState<UserProfileOption[]>([])
+  const [profileSelection, setProfileSelection] = useState('')
+  const [expiryInput, setExpiryInput] = useState('')
+  const [savingProfile, setSavingProfile] = useState(false)
+  const [savingExpiry, setSavingExpiry] = useState(false)
+  const [actionStatus, setActionStatus] = useState<string | null>(null)
+
+  const loadProfiles = async () => {
+    try {
+      const baseUrl = getApiBase()
+      const response = await authFetch(`${baseUrl}/admin/profiles`)
+      if (!response.ok) {
+        return
+      }
+      const data = await response.json()
+      if (!Array.isArray(data?.profiles)) {
+        setProfiles([])
+        return
+      }
+      setProfiles(
+        data.profiles.map((profile: any) => ({
+          id: Number(profile.id ?? 0),
+          name: String(profile.name ?? 'Unnamed profile'),
+          is_active: Boolean(profile.is_active ?? true),
+        }))
+      )
+    } catch (err) {
+      console.error(err)
+    }
+  }
+
+  const loadUser = async () => {
+    if (!idParam) return
+    try {
+      const baseUrl = getApiBase()
+      const response = await authFetch(
+        `${baseUrl}/admin/users/id/${encodeURIComponent(idParam)}`
+      )
+      if (!response.ok) {
+        if (response.status === 401) {
+          clearToken()
+          router.push('/login')
+          return
+        }
+        if (response.status === 403) {
+          router.push('/')
+          return
+        }
+        if (response.status === 404) {
+          setError('User not found.')
+          return
+        }
+        throw new Error('Could not load user.')
+      }
+      const data = await response.json()
+      const nextUser = data?.user ?? null
+      setUser(nextUser)
+      setStats(normalizeStats(data?.stats))
+      setProfileSelection(
+        nextUser?.profile_id == null || Number.isNaN(Number(nextUser?.profile_id))
+          ? ''
+          : String(nextUser.profile_id)
+      )
+      setExpiryInput(toLocalDateTimeInput(nextUser?.expires_at))
+      setError(null)
+    } catch (err) {
+      console.error(err)
+      setError('Could not load user.')
+    } finally {
+      setLoading(false)
+    }
+  }
+
+  const toggleUserBlock = async (blocked: boolean) => {
+    if (!user) return
+    try {
+      setActionStatus(null)
+      const baseUrl = getApiBase()
+      const response = await authFetch(
+        `${baseUrl}/admin/users/${encodeURIComponent(user.username)}/${blocked ? 'block' : 'unblock'}`,
+        { method: 'POST' }
+      )
+      if (!response.ok) {
+        throw new Error('Update failed')
+      }
+      await loadUser()
+      setActionStatus(blocked ? 'User blocked.' : 'User unblocked.')
+    } catch (err) {
+      console.error(err)
+      setError('Could not update user access.')
+    }
+  }
+
+  const updateUserRole = async (role: string) => {
+    if (!user) return
+    try {
+      setActionStatus(null)
+      const baseUrl = getApiBase()
+      const response = await authFetch(
+        `${baseUrl}/admin/users/${encodeURIComponent(user.username)}/role`,
+        {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ role }),
+        }
+      )
+      if (!response.ok) {
+        throw new Error('Update failed')
+      }
+      await loadUser()
+      setActionStatus(`Role updated to ${role}.`)
+    } catch (err) {
+      console.error(err)
+      setError('Could not update user role.')
+    }
+  }
+
+  const updateAutoSearchEnabled = async (enabled: boolean) => {
+    if (!user) return
+    try {
+      setActionStatus(null)
+      const baseUrl = getApiBase()
+      const response = await authFetch(
+        `${baseUrl}/admin/users/${encodeURIComponent(user.username)}/auto-search`,
+        {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ enabled }),
+        }
+      )
+      if (!response.ok) {
+        throw new Error('Update failed')
+      }
+      await loadUser()
+      setActionStatus(`Auto search/download ${enabled ? 'enabled' : 'disabled'}.`)
+    } catch (err) {
+      console.error(err)
+      setError('Could not update auto search access.')
+    }
+  }
+
+  const applyProfileToUser = async (profileOverride?: string | null) => {
+    if (!user) return
+    const profileValue = profileOverride ?? profileSelection
+    setSavingProfile(true)
+    setError(null)
+    setActionStatus(null)
+    try {
+      const baseUrl = getApiBase()
+      const response = await authFetch(
+        `${baseUrl}/admin/users/${encodeURIComponent(user.username)}/profile`,
+        {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ profile_id: profileValue || null }),
+        }
+      )
+      if (!response.ok) {
+        const text = await response.text()
+        throw new Error(text || 'Profile update failed')
+      }
+      await loadUser()
+      setActionStatus(profileValue ? 'Profile applied to user.' : 'Profile assignment cleared.')
+    } catch (err) {
+      console.error(err)
+      setError('Could not update user profile.')
+    } finally {
+      setSavingProfile(false)
+    }
+  }
+
+  const saveUserExpiry = async () => {
+    if (!user) return
+    const expiresAt = fromLocalDateTimeInput(expiryInput)
+    if (expiryInput.trim() && !expiresAt) {
+      setError('Invalid expiry date/time.')
+      return
+    }
+    setSavingExpiry(true)
+    setError(null)
+    setActionStatus(null)
+    try {
+      const baseUrl = getApiBase()
+      const response = await authFetch(
+        `${baseUrl}/admin/users/${encodeURIComponent(user.username)}/expiry`,
+        {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ expires_at: expiresAt }),
+        }
+      )
+      if (!response.ok) {
+        const text = await response.text()
+        throw new Error(text || 'Expiry update failed')
+      }
+      await loadUser()
+      setActionStatus(expiresAt ? 'User expiry updated.' : 'User expiry cleared.')
+    } catch (err) {
+      console.error(err)
+      setError('Could not update user expiry.')
+    } finally {
+      setSavingExpiry(false)
+    }
+  }
+
+  const clearUserExpiry = async () => {
+    if (!user) return
+    setSavingExpiry(true)
+    setError(null)
+    setActionStatus(null)
+    try {
+      const baseUrl = getApiBase()
+      const response = await authFetch(
+        `${baseUrl}/admin/users/${encodeURIComponent(user.username)}/expiry`,
+        {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ clear: true }),
+        }
+      )
+      if (!response.ok) {
+        const text = await response.text()
+        throw new Error(text || 'Expiry clear failed')
+      }
+      setExpiryInput('')
+      await loadUser()
+      setActionStatus('User expiry cleared.')
+    } catch (err) {
+      console.error(err)
+      setError('Could not clear user expiry.')
+    } finally {
+      setSavingExpiry(false)
+    }
+  }
+
+  useEffect(() => {
+    if (!getToken()) {
+      router.push('/login')
+      return
+    }
+    void loadUser()
+    void loadProfiles()
+  }, [router, idParam])
+
+  if (loading) {
+    return <main className="card">Loading user...</main>
+  }
+
+  return (
+    <AdminShell
+      title={user?.username || 'User'}
+      subtitle="User overview and request stats."
+      actions={
+        <button type="button" onClick={() => router.push('/users')}>
+          Back to users
+        </button>
+      }
+    >
+      <section className="admin-section">
+        {error && <div className="error-banner">{error}</div>}
+        {actionStatus && <div className="status-banner">{actionStatus}</div>}
+        {!user ? (
+          <div className="status-banner">No user data found.</div>
+        ) : (
+          <div className="user-detail-page-grid">
+            <div className="user-detail-main-column">
+              <div className="admin-panel user-detail-panel">
+                <div className="user-detail-panel-header">
+                  <div className="user-detail-title-row">
+                    <strong className="user-detail-name">{user.username}</strong>
+                    <span className={`user-grid-pill ${user.is_blocked ? 'is-blocked' : ''}`}>
+                      {user.is_blocked ? 'Blocked' : 'Active'}
+                    </span>
+                    <span className={`user-grid-pill ${user.is_expired ? 'is-blocked' : ''}`}>
+                      {user.is_expired ? 'Expired' : user.expires_at ? 'Expiry set' : 'No expiry'}
+                    </span>
+                  </div>
+                  <p className="lede">
+                    User identity, access state, and request history for this account.
+                  </p>
+                </div>
+                <div className="user-detail-meta-grid">
+                  <div className="user-detail-meta-item">
+                    <span className="label">Jellyseerr ID</span>
+                    <strong>{user.jellyseerr_user_id ?? user.id ?? 'Unknown'}</strong>
+                  </div>
+                  <div className="user-detail-meta-item">
+                    <span className="label">Role</span>
+                    <strong>{user.role}</strong>
+                  </div>
+                  <div className="user-detail-meta-item">
+                    <span className="label">Login type</span>
+                    <strong>{user.auth_provider || 'local'}</strong>
+                  </div>
+                  <div className="user-detail-meta-item">
+                    <span className="label">Assigned profile</span>
+                    <strong>{user.profile_id ?? 'None'}</strong>
+                  </div>
+                  <div className="user-detail-meta-item">
+                    <span className="label">Last login</span>
+                    <strong>{formatDateTime(user.last_login_at)}</strong>
+                  </div>
+                  <div className="user-detail-meta-item">
+                    <span className="label">Account expiry</span>
+                    <strong>{user.expires_at ? formatDateTime(user.expires_at) : 'Never'}</strong>
+                  </div>
+                </div>
+              </div>
+
+              <div className="admin-panel user-detail-panel">
+                <div className="user-detail-panel-header">
+                  <h2>Request statistics</h2>
+                  <p className="lede">Snapshot of request states and recent activity for this user.</p>
+                </div>
+                <div className="user-detail-grid">
+                  <div className="user-detail-stat">
+                    <span className="label">Total</span>
+                    <span className="value">{stats?.total ?? 0}</span>
+                  </div>
+                  <div className="user-detail-stat">
+                    <span className="label">Ready</span>
+                    <span className="value">{stats?.ready ?? 0}</span>
+                  </div>
+                  <div className="user-detail-stat">
+                    <span className="label">Pending</span>
+                    <span className="value">{stats?.pending ?? 0}</span>
+                  </div>
+                  <div className="user-detail-stat">
+                    <span className="label">Approved</span>
+                    <span className="value">{stats?.approved ?? 0}</span>
+                  </div>
+                  <div className="user-detail-stat">
+                    <span className="label">Working</span>
+                    <span className="value">{stats?.working ?? 0}</span>
+                  </div>
+                  <div className="user-detail-stat">
+                    <span className="label">Partial</span>
+                    <span className="value">{stats?.partial ?? 0}</span>
+                  </div>
+                  <div className="user-detail-stat">
+                    <span className="label">Declined</span>
+                    <span className="value">{stats?.declined ?? 0}</span>
+                  </div>
+                  <div className="user-detail-stat">
+                    <span className="label">In progress</span>
+                    <span className="value">{stats?.in_progress ?? 0}</span>
+                  </div>
+                  <div className="user-detail-stat user-detail-stat--wide">
+                    <span className="label">Last request</span>
+                    <span className="value">{formatDateTime(stats?.last_request_at)}</span>
+                  </div>
+                </div>
+              </div>
+            </div>
+
+            <div className="user-detail-side-column">
+              <div className="admin-panel user-detail-panel">
+                <div className="user-detail-panel-header">
+                  <h2>Access controls</h2>
+                  <p className="lede">Role, login access, and auto-download behavior.</p>
+                </div>
+                <div className="user-detail-control-stack">
+                  <label className="toggle">
+                    <input
+                      type="checkbox"
+                      checked={user.role === 'admin'}
+                      onChange={(event) => updateUserRole(event.target.checked ? 'admin' : 'user')}
+                    />
+                    <span>Make admin</span>
+                  </label>
+                  <label className="toggle">
+                    <input
+                      type="checkbox"
+                      checked={Boolean(user.auto_search_enabled ?? true)}
+                      disabled={user.role === 'admin'}
+                      onChange={(event) => updateAutoSearchEnabled(event.target.checked)}
+                    />
+                    <span>Allow auto search/download</span>
+                  </label>
+                  <button
+                    type="button"
+                    className="ghost-button"
+                    onClick={() => toggleUserBlock(!user.is_blocked)}
+                  >
+                    {user.is_blocked ? 'Allow access' : 'Block access'}
+                  </button>
+                  {user.role === 'admin' && (
+                    <div className="user-detail-helper">
+                      Admins always have auto search/download access.
+                    </div>
+                  )}
+                </div>
+              </div>
+
+              <div className="admin-panel user-detail-panel">
+                <div className="user-detail-panel-header">
+                  <h2>Profile defaults</h2>
+                  <p className="lede">Assign or clear an invite profile for this user.</p>
+                </div>
+                <div className="user-detail-actions user-detail-actions--stacked">
+                  <label className="admin-select">
+                    <span>Assigned profile</span>
+                    <select
+                      value={profileSelection}
+                      onChange={(event) => setProfileSelection(event.target.value)}
+                      disabled={savingProfile}
+                    >
+                      <option value="">None</option>
+                      {profiles.map((profile) => (
+                        <option key={profile.id} value={profile.id}>
+                          {profile.name}
+                          {profile.is_active === false ? ' (disabled)' : ''}
+                        </option>
+                      ))}
+                    </select>
+                  </label>
+                  <div className="admin-inline-actions">
+                    <button type="button" onClick={() => void applyProfileToUser()} disabled={savingProfile}>
+                      {savingProfile ? 'Applying...' : 'Apply profile defaults'}
+                    </button>
+                    <button
+                      type="button"
+                      className="ghost-button"
+                      onClick={() => {
+                        setProfileSelection('')
+                        void applyProfileToUser('')
+                      }}
+                      disabled={savingProfile}
+                    >
+                      Clear profile
+                    </button>
+                  </div>
+                </div>
+              </div>
+
+              <div className="admin-panel user-detail-panel">
+                <div className="user-detail-panel-header">
+                  <h2>Account expiry</h2>
+                  <p className="lede">Set a specific expiry date/time for this user account.</p>
+                </div>
+                <div className="user-detail-actions user-detail-actions--stacked">
+                  <label>
+                    <span className="user-bulk-label">Account expiry</span>
+                    <input
+                      type="datetime-local"
+                      value={expiryInput}
+                      onChange={(event) => setExpiryInput(event.target.value)}
+                      disabled={savingExpiry}
+                    />
+                  </label>
+                  <div className="admin-inline-actions">
+                    <button type="button" onClick={saveUserExpiry} disabled={savingExpiry}>
+                      {savingExpiry ? 'Saving...' : 'Save expiry'}
+                    </button>
+                    <button
+                      type="button"
+                      className="ghost-button"
+                      onClick={clearUserExpiry}
+                      disabled={savingExpiry}
+                    >
+                      Clear expiry
+                    </button>
+                  </div>
+                </div>
+              </div>
+            </div>
+          </div>
+        )}
+      </section>
+    </AdminShell>
+  )
+}

frontend/app/users/page.tsx

@@ -2,15 +2,34 @@
 
 import { useEffect, useState } from 'react'
 import { useRouter } from 'next/navigation'
+import Link from 'next/link'
 import { authFetch, clearToken, getApiBase, getToken } from '../lib/auth'
 import AdminShell from '../ui/AdminShell'
 
 type AdminUser = {
+  id: number
   username: string
   role: string
   authProvider?: string | null
   lastLoginAt?: string | null
   isBlocked?: boolean
+  autoSearchEnabled?: boolean
+  profileId?: number | null
+  expiresAt?: string | null
+  isExpired?: boolean
+  stats?: UserStats
+}
+
+type UserStats = {
+  total: number
+  ready: number
+  pending: number
+  approved: number
+  working: number
+  partial: number
+  declined: number
+  in_progress: number
+  last_request_at?: string | null
 }
 
 const formatLastLogin = (value?: string | null) => {
@@ -20,18 +39,59 @@ const formatLastLogin = (value?: string | null) => {
   return date.toLocaleString()
 }
 
+const formatLastRequest = (value?: string | null) => {
+  if (!value) return '—'
+  const date = new Date(value)
+  if (Number.isNaN(date.valueOf())) return value
+  return date.toLocaleString()
+}
+
+const formatExpiry = (value?: string | null) => {
+  if (!value) return 'Never'
+  const date = new Date(value)
+  if (Number.isNaN(date.valueOf())) return value
+  return date.toLocaleString()
+}
+
+const emptyStats: UserStats = {
+  total: 0,
+  ready: 0,
+  pending: 0,
+  approved: 0,
+  working: 0,
+  partial: 0,
+  declined: 0,
+  in_progress: 0,
+  last_request_at: null,
+}
+
+const normalizeStats = (stats: any): UserStats => ({
+  total: Number(stats?.total ?? 0),
+  ready: Number(stats?.ready ?? 0),
+  pending: Number(stats?.pending ?? 0),
+  approved: Number(stats?.approved ?? 0),
+  working: Number(stats?.working ?? 0),
+  partial: Number(stats?.partial ?? 0),
+  declined: Number(stats?.declined ?? 0),
+  in_progress: Number(stats?.in_progress ?? 0),
+  last_request_at: stats?.last_request_at ?? null,
+})
+
 export default function UsersPage() {
   const router = useRouter()
   const [users, setUsers] = useState<AdminUser[]>([])
   const [error, setError] = useState<string | null>(null)
   const [loading, setLoading] = useState(true)
-  const [passwordInputs, setPasswordInputs] = useState<Record<string, string>>({})
+  const [query, setQuery] = useState('')
-  const [passwordStatus, setPasswordStatus] = useState<Record<string, string>>({})
+  const [jellyseerrSyncStatus, setJellyseerrSyncStatus] = useState<string | null>(null)
+  const [jellyseerrSyncBusy, setJellyseerrSyncBusy] = useState(false)
+  const [jellyseerrResyncBusy, setJellyseerrResyncBusy] = useState(false)
+  const [bulkAutoSearchBusy, setBulkAutoSearchBusy] = useState(false)
 
   const loadUsers = async () => {
     try {
       const baseUrl = getApiBase()
-      const response = await authFetch(`${baseUrl}/admin/users`)
+      const response = await authFetch(`${baseUrl}/admin/users/summary`)
       if (!response.ok) {
         if (response.status === 401) {
           clearToken()
@@ -53,6 +113,15 @@ export default function UsersPage() {
             authProvider: user.auth_provider ?? 'local',
             lastLoginAt: user.last_login_at ?? null,
             isBlocked: Boolean(user.is_blocked),
+            autoSearchEnabled: Boolean(user.auto_search_enabled ?? true),
+            profileId:
+              user.profile_id == null || Number.isNaN(Number(user.profile_id))
+                ? null
+                : Number(user.profile_id),
+            expiresAt: user.expires_at ?? null,
+            isExpired: Boolean(user.is_expired),
+            id: Number(user.id ?? 0),
+            stats: normalizeStats(user.stats ?? emptyStats),
           }))
         )
       } else {
@@ -67,78 +136,84 @@ export default function UsersPage() {
     }
   }
 
-  const toggleUserBlock = async (username: string, blocked: boolean) => {
+  const syncJellyseerrUsers = async () => {
+    setJellyseerrSyncStatus(null)
+    setJellyseerrSyncBusy(true)
     try {
       const baseUrl = getApiBase()
-      const response = await authFetch(
+      const response = await authFetch(`${baseUrl}/admin/jellyseerr/users/sync`, {
-        `${baseUrl}/admin/users/${encodeURIComponent(username)}/${blocked ? 'block' : 'unblock'}`,
-        { method: 'POST' }
-      )
-      if (!response.ok) {
-        throw new Error('Update failed')
-      }
-      await loadUsers()
-    } catch (err) {
-      console.error(err)
-      setError('Could not update user access.')
-    }
-  }
-
-  const updateUserRole = async (username: string, role: string) => {
-    try {
-      const baseUrl = getApiBase()
-      const response = await authFetch(
-        `${baseUrl}/admin/users/${encodeURIComponent(username)}/role`,
-        {
         method: 'POST',
-          headers: { 'Content-Type': 'application/json' },
+      })
-          body: JSON.stringify({ role }),
-        }
-      )
-      if (!response.ok) {
-        throw new Error('Update failed')
-      }
-      await loadUsers()
-    } catch (err) {
-      console.error(err)
-      setError('Could not update user role.')
-    }
-  }
-
-  const updateUserPassword = async (username: string) => {
-    const newPassword = passwordInputs[username] || ''
-    if (!newPassword || newPassword.length < 8) {
-      setPasswordStatus((current) => ({
-        ...current,
-        [username]: 'Password must be at least 8 characters.',
-      }))
-      return
-    }
-    try {
-      const baseUrl = getApiBase()
-      const response = await authFetch(
-        `${baseUrl}/admin/users/${encodeURIComponent(username)}/password`,
-        {
-          method: 'POST',
-          headers: { 'Content-Type': 'application/json' },
-          body: JSON.stringify({ password: newPassword }),
-        }
-      )
       if (!response.ok) {
         const text = await response.text()
-        throw new Error(text || 'Update failed')
+        throw new Error(text || 'Sync failed')
       }
-      setPasswordInputs((current) => ({ ...current, [username]: '' }))
+      const data = await response.json()
-      setPasswordStatus((current) => ({
+      setJellyseerrSyncStatus(
-        ...current,
+        `Matched ${data?.matched ?? 0} users. Skipped ${data?.skipped ?? 0}.`
-        [username]: 'Password updated.',
+      )
-      }))
+      await loadUsers()
     } catch (err) {
       console.error(err)
-      setPasswordStatus((current) => ({
+      setJellyseerrSyncStatus('Could not sync Jellyseerr users.')
-        ...current,
+    } finally {
-        [username]: 'Could not update password.',
+      setJellyseerrSyncBusy(false)
-      }))
+    }
+  }
+
+  const resyncJellyseerrUsers = async () => {
+    const confirmed = window.confirm(
+      'This will remove all non-admin users and re-import from Jellyseerr. Continue?'
+    )
+    if (!confirmed) return
+    setJellyseerrSyncStatus(null)
+    setJellyseerrResyncBusy(true)
+    try {
+      const baseUrl = getApiBase()
+      const response = await authFetch(`${baseUrl}/admin/jellyseerr/users/resync`, {
+        method: 'POST',
+      })
+      if (!response.ok) {
+        const text = await response.text()
+        throw new Error(text || 'Resync failed')
+      }
+      const data = await response.json()
+      setJellyseerrSyncStatus(
+        `Re-imported ${data?.imported ?? 0} users. Cleared ${data?.cleared ?? 0}.`
+      )
+      await loadUsers()
+    } catch (err) {
+      console.error(err)
+      setJellyseerrSyncStatus('Could not resync Jellyseerr users.')
+    } finally {
+      setJellyseerrResyncBusy(false)
+    }
+  }
+
+  const bulkUpdateAutoSearch = async (enabled: boolean) => {
+    setBulkAutoSearchBusy(true)
+    setJellyseerrSyncStatus(null)
+    try {
+      const baseUrl = getApiBase()
+      const response = await authFetch(`${baseUrl}/admin/users/auto-search/bulk`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ enabled }),
+      })
+      if (!response.ok) {
+        const text = await response.text()
+        throw new Error(text || 'Bulk update failed')
+      }
+      const data = await response.json()
+      setJellyseerrSyncStatus(
+        `${enabled ? 'Enabled' : 'Disabled'} auto search/download for ${data?.updated ?? 0} non-admin users.`
+      )
+      await loadUsers()
+    } catch (err) {
+      console.error(err)
+      setError('Could not update auto search/download for all users.')
+    } finally {
+      setBulkAutoSearchBusy(false)
     }
   }
 
@@ -154,71 +229,198 @@ export default function UsersPage() {
     return <main className="card">Loading users...</main>
   }
 
+  const nonAdminUsers = users.filter((user) => user.role !== 'admin')
+  const autoSearchEnabledCount = nonAdminUsers.filter((user) => user.autoSearchEnabled !== false).length
+  const blockedCount = users.filter((user) => user.isBlocked).length
+  const expiredCount = users.filter((user) => user.isExpired).length
+  const adminCount = users.filter((user) => user.role === 'admin').length
+  const normalizedQuery = query.trim().toLowerCase()
+  const filteredUsers = normalizedQuery
+    ? users.filter((user) => {
+        const fields = [
+          user.username,
+          user.role,
+          user.authProvider || '',
+          user.profileId != null ? String(user.profileId) : '',
+        ]
+        return fields.some((field) => field.toLowerCase().includes(normalizedQuery))
+      })
+    : users
+  const filteredCountLabel =
+    filteredUsers.length === users.length
+      ? `${users.length} users`
+      : `${filteredUsers.length} of ${users.length} users`
+
   return (
     <AdminShell
       title="Users"
-      subtitle="Manage who can use Magent."
+      subtitle="Directory, access status, and request activity."
       actions={
+        <div className="admin-inline-actions">
+          <button type="button" className="ghost-button" onClick={() => router.push('/admin/invites')}>
+            Invite management
+          </button>
           <button type="button" onClick={loadUsers}>
             Reload list
           </button>
+          <button type="button" onClick={syncJellyseerrUsers} disabled={jellyseerrSyncBusy}>
+            {jellyseerrSyncBusy ? 'Syncing Jellyseerr users...' : 'Sync Jellyseerr users'}
+          </button>
+          <button type="button" onClick={resyncJellyseerrUsers} disabled={jellyseerrResyncBusy}>
+            {jellyseerrResyncBusy ? 'Resyncing Jellyseerr users...' : 'Resync Jellyseerr users'}
+          </button>
+        </div>
       }
     >
       <section className="admin-section">
         {error && <div className="error-banner">{error}</div>}
-        {users.length === 0 ? (
+        {jellyseerrSyncStatus && <div className="status-banner">{jellyseerrSyncStatus}</div>}
-          <div className="status-banner">No users found yet.</div>
+        <div className="admin-summary-grid user-summary-grid">
-        ) : (
+          <div className="admin-summary-tile">
-          <div className="admin-grid">
+            <span className="label">Total users</span>
-            {users.map((user) => (
+            <strong>{users.length}</strong>
-              <div key={user.username} className="summary-card user-card">
+            <small>{adminCount} admin</small>
-                <div>
-                  <strong>{user.username}</strong>
-                  <span className="meta">Role: {user.role}</span>
-                  <span className="meta">Login type: {user.authProvider || 'local'}</span>
-                  <span className="meta">Last login: {formatLastLogin(user.lastLoginAt)}</span>
           </div>
-                <div className="user-actions">
+          <div className="admin-summary-tile">
-                  <label className="toggle">
+            <span className="label">Auto search</span>
+            <strong>{autoSearchEnabledCount}</strong>
+            <small>of {nonAdminUsers.length} non-admin users</small>
+          </div>
+          <div className="admin-summary-tile">
+            <span className="label">Blocked</span>
+            <strong>{blockedCount}</strong>
+            <small>{blockedCount ? 'Needs review' : 'No blocked users'}</small>
+          </div>
+          <div className="admin-summary-tile">
+            <span className="label">Expired</span>
+            <strong>{expiredCount}</strong>
+            <small>{expiredCount ? 'Access expired' : 'No expiries'}</small>
+          </div>
+        </div>
+
+        <div className="user-directory-control-grid">
+          <div className="admin-panel user-directory-search-panel">
+            <div className="user-directory-panel-header">
+              <div>
+                <h2>Directory search</h2>
+                <p className="lede">
+                  Filter by username, role, login provider, or assigned profile.
+                </p>
+              </div>
+              <span className="small-pill">{filteredCountLabel}</span>
+            </div>
+            <div className="user-directory-toolbar">
+              <div className="user-directory-search">
+                <label>
+                  <span className="user-bulk-label">Search users</span>
                   <input
-                      type="checkbox"
+                    value={query}
-                      checked={user.role === 'admin'}
+                    onChange={(event) => setQuery(event.target.value)}
-                      onChange={(event) =>
+                    placeholder="Search username, login type, role, profile…"
-                        updateUserRole(user.username, event.target.checked ? 'admin' : 'user')
-                      }
                   />
-                    <span>Make admin</span>
                 </label>
+              </div>
+            </div>
+          </div>
+          <div className="admin-panel user-directory-bulk-panel">
+            <div className="user-directory-panel-header">
+              <div>
+                <h2>Bulk controls</h2>
+                <p className="lede">
+                  Auto search/download can be enabled or disabled for all non-admin users.
+                </p>
+              </div>
+            </div>
+            <div className="user-bulk-toolbar">
+              <div className="user-bulk-summary">
+                <strong>Auto search/download</strong>
+                <span>
+                  {autoSearchEnabledCount} of {nonAdminUsers.length} non-admin users enabled
+                </span>
+              </div>
+              <div className="user-bulk-actions">
+                <button
+                  type="button"
+                  onClick={() => bulkUpdateAutoSearch(true)}
+                  disabled={bulkAutoSearchBusy}
+                >
+                  {bulkAutoSearchBusy ? 'Working...' : 'Enable for all users'}
+                </button>
                 <button
                   type="button"
                   className="ghost-button"
-                    onClick={() => toggleUserBlock(user.username, !user.isBlocked)}
+                  onClick={() => bulkUpdateAutoSearch(false)}
+                  disabled={bulkAutoSearchBusy}
                 >
-                    {user.isBlocked ? 'Allow access' : 'Block access'}
+                  {bulkAutoSearchBusy ? 'Working...' : 'Disable for all users'}
                 </button>
               </div>
-                {user.authProvider === 'local' && (
-                  <div className="user-actions">
-                    <input
-                      type="password"
-                      placeholder="New password (min 8 chars)"
-                      value={passwordInputs[user.username] || ''}
-                      onChange={(event) =>
-                        setPasswordInputs((current) => ({
-                          ...current,
-                          [user.username]: event.target.value,
-                        }))
-                      }
-                    />
-                    <button type="button" onClick={() => updateUserPassword(user.username)}>
-                      Set password
-                    </button>
             </div>
-                )}
-                {passwordStatus[user.username] && (
-                  <div className="meta">{passwordStatus[user.username]}</div>
-                )}
           </div>
+        </div>
+        {filteredUsers.length === 0 ? (
+          <div className="status-banner">No users found yet.</div>
+        ) : (
+          <div className="user-directory-list">
+            <div className="user-directory-header">
+              <span>User</span>
+              <span>Access</span>
+              <span>Requests</span>
+              <span>Activity</span>
+            </div>
+            {filteredUsers.map((user) => (
+              <Link
+                key={user.username}
+                className="user-directory-row"
+                href={`/users/${user.id}`}
+              >
+                <div className="user-directory-cell user-directory-cell--identity">
+                  <div className="user-directory-title-row">
+                    <strong>{user.username}</strong>
+                    <span className="user-grid-meta">{user.role}</span>
+                  </div>
+                  <div className="user-directory-subtext">
+                    Login: {user.authProvider || 'local'} • Profile: {user.profileId ?? 'None'}
+                  </div>
+                </div>
+                <div className="user-directory-cell">
+                  <div className="user-directory-pill-row">
+                    <span className={`user-grid-pill ${user.isBlocked ? 'is-blocked' : ''}`}>
+                      {user.isBlocked ? 'Blocked' : 'Active'}
+                    </span>
+                    <span
+                      className={`user-grid-pill ${user.autoSearchEnabled === false ? 'is-disabled' : ''}`}
+                    >
+                      Auto {user.autoSearchEnabled === false ? 'Off' : 'On'}
+                    </span>
+                    <span className={`user-grid-pill ${user.isExpired ? 'is-blocked' : ''}`}>
+                      {user.expiresAt ? (user.isExpired ? 'Expired' : 'Expiry set') : 'No expiry'}
+                    </span>
+                  </div>
+                  <div className="user-directory-subtext">
+                    {user.expiresAt ? `Expires: ${formatExpiry(user.expiresAt)}` : 'No account expiry'}
+                  </div>
+                </div>
+                <div className="user-directory-cell">
+                  <div className="user-directory-stats-inline">
+                    <span><strong>{user.stats?.total ?? 0}</strong> total</span>
+                    <span><strong>{user.stats?.ready ?? 0}</strong> ready</span>
+                    <span><strong>{user.stats?.pending ?? 0}</strong> pending</span>
+                    <span><strong>{user.stats?.in_progress ?? 0}</strong> in progress</span>
+                  </div>
+                </div>
+                <div className="user-directory-cell">
+                  <div className="user-directory-subtext">
+                    Last login: {formatLastLogin(user.lastLoginAt)}
+                  </div>
+                  <div className="user-directory-subtext">
+                    Last request: {formatLastRequest(user.stats?.last_request_at)}
+                  </div>
+                </div>
+                <div className="user-directory-row-chevron" aria-hidden="true">
+                  Open
+                </div>
+              </Link>
             ))}
           </div>
         )}

frontend/package.json

@@ -1,7 +1,7 @@
 {
   "name": "magent-frontend",
   "private": true,
-  "version": "0.1.0",
+  "version": "0202261541",
   "scripts": {
     "dev": "next dev",
     "build": "next build",

frontend/public/branding-icon.svg

@@ -0,0 +1,13 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="64" height="64" viewBox="0 0 64 64">
+  <defs>
+    <linearGradient id="magentIconGlow" x1="0" y1="0" x2="1" y2="1">
+      <stop offset="0%" stop-color="#ff6b2b"/>
+      <stop offset="100%" stop-color="#ffa84b"/>
+    </linearGradient>
+  </defs>
+  <rect width="64" height="64" rx="14" fill="#0e1624"/>
+  <path
+    d="M18 50V14h8l6 11 6-11h8v36h-8V32l-6 10-6-10v18h-8z"
+    fill="url(#magentIconGlow)"
+  />
+</svg>

frontend/public/branding-logo.svg

@@ -0,0 +1,14 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="300" height="300" viewBox="0 0 300 300">
+  <defs>
+    <linearGradient id="magentGlow" x1="0" y1="0" x2="1" y2="1">
+      <stop offset="0%" stop-color="#ff6b2b"/>
+      <stop offset="100%" stop-color="#ffa84b"/>
+    </linearGradient>
+  </defs>
+  <rect width="300" height="300" rx="56" fill="#0e1624"/>
+  <rect x="24" y="24" width="252" height="252" rx="44" fill="#121d31"/>
+  <path
+    d="M80 220V80h28l42 70 42-70h28v140h-28v-88l-42 66-42-66v88H80z"
+    fill="url(#magentGlow)"
+  />
+</svg>

scripts/build_release.ps1

@@ -0,0 +1,26 @@
+$ErrorActionPreference = "Stop"
+
+$repoRoot = Resolve-Path "$PSScriptRoot\\.."
+Set-Location $repoRoot
+
+$now = Get-Date
+$buildNumber = "{0}{1}{2}{3}{4}" -f $now.ToString("dd"), $now.ToString("M"), $now.ToString("yy"), $now.ToString("HH"), $now.ToString("mm")
+
+Write-Host "Build number: $buildNumber"
+
+git tag $buildNumber
+git push origin $buildNumber
+
+$backendImage = "rephl3xnz/magent-backend:$buildNumber"
+$frontendImage = "rephl3xnz/magent-frontend:$buildNumber"
+
+docker build -f backend/Dockerfile -t $backendImage --build-arg BUILD_NUMBER=$buildNumber .
+docker build -f frontend/Dockerfile -t $frontendImage frontend
+
+docker tag $backendImage rephl3xnz/magent-backend:latest
+docker tag $frontendImage rephl3xnz/magent-frontend:latest
+
+docker push $backendImage
+docker push $frontendImage
+docker push rephl3xnz/magent-backend:latest
+docker push rephl3xnz/magent-frontend:latest