Add agent docs and Radarr/Sonarr API integration

[daddy-cool]

Introduce a documentation set targeted at coding agents and humans, plus optional
Radarr and Sonarr API integration so sources can resolve IMDb IDs to TMDB/tvdb IDs through
locally configured *arr instances.

Documentation for agentic development

• AGENTS.md at the repo root is the canonical agent instruction file.
  CLAUDE.md is a one-line pointer (@AGENTS.md) so Claude-based toolchains
  load the same content; it must never be edited directly.
• docs/README.md is the index. Each file is short and task-scoped:
  • Development.md — uv commands, dev services (docker/dev-services-compose.yml),
    validation (unittest, ruff, pre-commit.py).
  • Project-Structure.md — quasarr/ package layout and feature boundaries.
  • Coding-Style.md — Python 3.12+, snake_case, Ruff-enforced.
  • Testing.md — unittest conventions and cli_tester.py simulator.
  • Contributing.md — commit subject style and PR conventions.
  • Security.md — .env, credentials, hostname rules, Radarr/Sonarr integration.
  • sources/README.md — placeholder index for per-source docs.
• The root README.md now links contributors to docs/README.md instead of the
  one-page CONTRIBUTING.md.

Radarr / Sonarr API support

Quasarr can call back into a user-configured Radarr or Sonarr instance to resolve
IMDb IDs to TMDB/TVDB IDs for downstream search and download flows. Both
integrations are optional and opt-in per source.

• New providers:
  • radarr_api.RadarrAPIClient.movie_lookup_imdb →
    /api/v3/movie/lookup/imdb?imdbId=<id>.
  • sonarr_api.SonarrAPIClient.series_lookup_imdb →
    /api/v3/series/lookup?term=imdb:<id>, filtered to the matching imdbId.
  • radarr_api.get_tmdb_id, sonarr_api.get_tmdb_id,
    sonarr_api.get_tvdb_id — pull IDs out of the cached client in
    shared_state and warn/return None cleanly when not configured.
• New setup modules storage/setup/radarr.py and storage/setup/sonarr.py:
  • Persist [Radarr] / [Sonarr] sections of Quasarr.ini (api_key
    encrypted, like other secrets).
  • Verify credentials on save by performing a real get_tmdb_id lookup
    against a hard-coded fixture IMDb ID; rollback the cached client on
    failure.
  • Skip preference persisted in skip_radarr / skip_sonarr SQLite tables.
• AbstractSearchSource gains requires_radarr / requires_sonarr properties
  (both default False). Sources opt in by overriding these flags.
• is_site_usable reports a Radarr/Sonarr-required site as unusable until the
  corresponding client is cached.
• Web UI:
  • New "Radarr Configuration" and "Sonarr Configuration" sections on the home
    page with Save + Clear actions and a confirmation modal on Clear.
  • JSON API at GET/POST /api/radarr/settings and /api/sonarr/settings.
  • Hostname status counter now treats Radarr/Sonarr as dependencies of
    opted-in sources and surfaces 🟡 (skipped) / 🔴 (missing) status indicators
    in the hostname list.
• Startup wizard:
  • If a configured hostname requires Radarr/Sonarr and neither a saved config
    nor a skip preference exists, Quasarr launches a temporary setup page
    before continuing (parallel to the flaresolverr-go and per-site login
    flows).

No source currently sets requires_radarr = True or requires_sonarr = True;
the infrastructure is in place for any source to opt in.

Other

• Version bumped to 4.5.0.
• cli_tester.py DEFAULT_URL now respects the PORT env var.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3183cf55b1

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[rix1337]

Local deep effort feedback from codex manually checked for validity:

Agent docs mismatch our workflow in one important place: the docs now make docs/sources/ part of the required planning path and say per-source docs cover API behavior, categories, hostname setup, and source-specific quirks, but they never state the rule agents must follow before changing third-party source behavior: ask for clear Proxyman (or similar) examples/captures instead of inferring payloads, URLs, titles, or response shapes. The agent curling the sites it works on by itself is a valid alternative.

That needs to be explicit in AGENTS.md and probably repeated in docs/sources/README.md: third-party payload work needs supplied examples; source docs/tests must use synthetic names/invalid URLs unless the source is one of our own tools with source code available locally. This prevents real hostnames, release urls or release titles leaking. Without that guardrail, these new agent docs encourage exactly the kind of made-up source behavior we have been trying to avoid.

[daddy-cool]

I rebased onto latest main, fixed the issues Codex brought up and improved the docs, including per-source docs so that it is clear how changes to sources and/or new sources should be documented. On the per-source docs some details are a bit verbose, e.g. capabilities and inheritance can be easily derived from the code but I chose to keep them in the docs for now