SubMiner/backlog/tasks/task-93 - Remove-Jellyfin-token-userId-from-config-use-env-and-stored-session.md

id, title, status, assignee, created_date, updated_date, labels, dependencies, priority

id	title	status	assignee	created_date	updated_date	labels	dependencies	priority
TASK-93	Remove Jellyfin token/userId from config; use env override and stored session	Done		2026-02-21 04:20	2026-02-21 04:27			high

Description

Remove jellyfin.accessToken and jellyfin.userId from editable config surface. Resolve Jellyfin auth via env override (SUBMINER_JELLYFIN_ACCESS_TOKEN, optional SUBMINER_JELLYFIN_USER_ID) and locally stored Jellyfin auth session payload persisted by login/setup.

Acceptance Criteria

• #1 jellyfin.accessToken and jellyfin.userId no longer parsed/documented as config fields.
• #2 Jellyfin login/setup persists token + userId in local encrypted session store.
• #3 Jellyfin runtime resolves auth from env override first, then stored session payload.
• #4 Jellyfin logout clears stored session payload.
• #5 Runtime tests cover env override + stored session fallback behavior.

Implementation Notes

Implemented: evolved jellyfin-token-store to encrypted session payload store (accessToken + userId), updated Jellyfin resolver precedence to env-first (SUBMINER_JELLYFIN_ACCESS_TOKEN, optional SUBMINER_JELLYFIN_USER_ID) then stored session fallback, removed jellyfin.accessToken/jellyfin.userId from config defaults+parsing+public docs/example, and updated CLI/setup auth wiring to persist/clear session store while keeping serverUrl/username config behavior.