Summary
This PR completes the backend foundation roadmap from #677 by combining the dependency/test-loop stabilization from #679 with the backend boundary, workflow, worker, filesystem-safety, and startup cleanup from #685.
It makes backend validation deterministic, documents the intended architecture boundaries, moves implementation-shaped concerns out of listenarr.application, breaks large controllers/services into focused workflows, clarifies background-worker ownership, hardens file/import mutation paths, and simplifies API startup/security composition.
Closes #677. Supersedes #679 and #685.
Changes
Added
- NuGet lock files for backend projects and tests, including CI publish runtime targets.
BACKEND_ARCHITECTURE.mdwith layer ownership, startup composition, worker ownership, retry/idempotency, and migration guidance.- Application-owned ports for HTML extraction, Audible author parsing, cover probing, audio tag writing, secret protection, request context access, realtime broadcasting, and worker processors.
- Infrastructure implementations and registration extensions for those ports.
- Focused workflow/helper types for library, search, metadata, image cache, Prowlarr/indexer, download, adapter, ffprobe, and notification paths.
- End-to-end security pipeline coverage for auth enabled/disabled, API keys, sessions, CSRF, SignalR, and trusted forwarded headers.
- Filesystem safety coverage using real temp directories for traversal, containment, archive extraction, cache writes, and mutation boundaries.
Changed
- Enabled deterministic backend restore behavior with central package lock configuration and CI locked restore mode.
- Updated CI publish jobs to use the restored graph with
--no-restore. - Moved EF/SQLite, HTML parsing, image probing, audio tagging, Data Protection, SignalR, HTTP context, hosted worker, and framework-specific behavior out of application-facing code where appropriate.
- Reduced very large controllers/services in...
Automated Canary build