Amended the plan to include a high-priority bypass using the `X-Webhook-Secret` request header:

1. **Webhook Secret Bypass**: If the request contains the `X-Webhook-Secret` header, we verify if it matches the configured `SOFARR_WEBHOOK_SECRET` environment variable.
2. **Access Granted**: If matching, the request is immediately authorized, completely bypassing session and Emby Basic Auth checks. This is ideal for curl scripts, server-to-server monitoring, or external debugging logs captures.

I have updated the `implementation_plan.md` artifact to reflect this amendment.
