feat(web): image-relative overlays with zoom support for faces, OCR, and face editor

2026-04-28 12:13:09 -07:00 · 2026-03-19 03:56:31 +00:00
1801 changed files with 91630 additions and 64408 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -6,12 +6,6 @@ mobile/openapi/**/*.dart linguist-generated=true
 mobile/lib/**/*.g.dart -diff -merge
 mobile/lib/**/*.g.dart linguist-generated=true

-mobile/android/**/*.g.kt -diff -merge
-mobile/android/**/*.g.kt linguist-generated=true
-
-mobile/ios/**/*.g.swift -diff -merge
-mobile/ios/**/*.g.swift linguist-generated=true
-
 mobile/lib/**/*.drift.dart -diff -merge
 mobile/lib/**/*.drift.dart linguist-generated=true

--- a/.github/.nvmrc
+++ b/.github/.nvmrc
@@ -1 +1 @@
-24.15.0
+24.13.1
--- a/.github/workflows/auto-close.yml
+++ b/.github/workflows/auto-close.yml
@@ -1,148 +0,0 @@
-name: Auto-close PRs
-
-on:
-  pull_request_target: # zizmor: ignore[dangerous-triggers]
-    types: [opened, edited, labeled]
-
-permissions: {}
-
-jobs:
-  parse_template:
-    runs-on: ubuntu-latest
-    if: ${{ github.event.action != 'labeled' && github.event.pull_request.head.repo.fork == true }}
-    permissions:
-      contents: read
-    outputs:
-      uses_template: ${{ steps.check.outputs.uses_template }}
-    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          sparse-checkout: .github/pull_request_template.md
-          sparse-checkout-cone-mode: false
-          persist-credentials: false
-
-      - name: Check required sections
-        id: check
-        env:
-          BODY: ${{ github.event.pull_request.body }}
-        run: |
-          OK=true
-          while IFS= read -r header; do
-            printf '%s\n' "$BODY" | grep -qF "$header" || OK=false
-          done < <(sed '/<!--/,/-->/d' .github/pull_request_template.md | grep "^## ")
-          echo "uses_template=$OK" | tee --append "$GITHUB_OUTPUT"
-
-  close_template:
-    runs-on: ubuntu-latest
-    needs: parse_template
-    if: >-
-      ${{
-        needs.parse_template.outputs.uses_template == 'false'
-        && github.event.pull_request.state != 'closed'
-        && !contains(github.event.pull_request.labels.*.name, 'auto-closed:template')
-      }}
-    permissions:
-      pull-requests: write
-    steps:
-      - name: Comment and close
-        env:
-          GH_TOKEN: ${{ github.token }}
-          NODE_ID: ${{ github.event.pull_request.node_id }}
-        run: |
-          gh api graphql \
-            -f prId="$NODE_ID" \
-            -f body="This PR has been automatically closed as the description doesn't follow [our template](https://github.com/immich-app/immich/blob/main/.github/pull_request_template.md). After you edit it to match the template, the PR will automatically be reopened." \
-            -f query='
-              mutation CommentAndClosePR($prId: ID!, $body: String!) {
-                addComment(input: {
-                  subjectId: $prId,
-                  body: $body
-                }) {
-                  __typename
-                }
-                closePullRequest(input: {
-                  pullRequestId: $prId
-                }) {
-                  __typename
-                }
-              }'
-
-      - name: Add label
-        env:
-          GH_TOKEN: ${{ github.token }}
-          PR_NUMBER: ${{ github.event.pull_request.number }}
-        run: gh pr edit "$PR_NUMBER" --repo "${{ github.repository }}" --add-label "auto-closed:template"
-
-  close_llm:
-    runs-on: ubuntu-latest
-    if: ${{ github.event.action == 'labeled' && github.event.label.name == 'auto-closed:llm' }}
-    permissions:
-      pull-requests: write
-    steps:
-      - name: Comment and close
-        env:
-          GH_TOKEN: ${{ github.token }}
-          NODE_ID: ${{ github.event.pull_request.node_id }}
-        run: |
-          gh api graphql \
-            -f prId="$NODE_ID" \
-            -f body="Thank you for your interest in contributing to Immich! Unfortunately this PR looks like it was generated using an LLM. As noted in our [CONTRIBUTING.md](https://github.com/immich-app/immich/blob/main/CONTRIBUTING.md#use-of-generative-ai), we request that you don't use LLMs to generate PRs as those are not a good use of maintainer time." \
-            -f query='
-              mutation CommentAndClosePR($prId: ID!, $body: String!) {
-                addComment(input: {
-                  subjectId: $prId,
-                  body: $body
-                }) {
-                  __typename
-                }
-                closePullRequest(input: {
-                  pullRequestId: $prId
-                }) {
-                  __typename
-                }
-              }'
-
-  reopen:
-    runs-on: ubuntu-latest
-    needs: parse_template
-    if: >-
-      ${{
-        needs.parse_template.outputs.uses_template == 'true'
-        && github.event.pull_request.state == 'closed'
-        && contains(github.event.pull_request.labels.*.name, 'auto-closed:template')
-      }}
-    permissions:
-      pull-requests: write
-    steps:
-      - name: Remove template label
-        env:
-          GH_TOKEN: ${{ github.token }}
-          PR_NUMBER: ${{ github.event.pull_request.number }}
-        run: gh pr edit "$PR_NUMBER" --repo "${{ github.repository }}" --remove-label "auto-closed:template" || true
-
-      - name: Check for remaining auto-closed labels
-        id: check_labels
-        env:
-          GH_TOKEN: ${{ github.token }}
-          PR_NUMBER: ${{ github.event.pull_request.number }}
-        run: |
-          REMAINING=$(gh pr view "$PR_NUMBER" --repo "${{ github.repository }}" --json labels \
-            --jq '[.labels[].name | select(startswith("auto-closed:"))] | length')
-          echo "remaining=$REMAINING" | tee --append "$GITHUB_OUTPUT"
-
-      - name: Reopen PR
-        if: ${{ steps.check_labels.outputs.remaining == '0' }}
-        env:
-          GH_TOKEN: ${{ github.token }}
-          NODE_ID: ${{ github.event.pull_request.node_id }}
-        run: |
-          gh api graphql \
-            -f prId="$NODE_ID" \
-            -f query='
-              mutation ReopenPR($prId: ID!) {
-                reopenPullRequest(input: {
-                  pullRequestId: $prId
-                }) {
-                  __typename
-                }
-              }'
--- a/.github/workflows/build-mobile.yml
+++ b/.github/workflows/build-mobile.yml
@@ -51,14 +51,14 @@ jobs:
      should_run: ${{ steps.check.outputs.should_run }}
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Check what should run
        id: check
-        uses: immich-app/devtools/actions/pre-job@f50e3b600b6ac1763ddb8f3dfc69093512b967a1 # pre-job-action-v2.0.3
+        uses: immich-app/devtools/actions/pre-job@eed0f8b8165ffcb951f2ba854b2dd031935e1d73 # pre-job-action-v2.0.2
        with:
          github-token: ${{ steps.token.outputs.token }}
          filters: |
@@ -79,7 +79,7 @@ jobs:

    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -103,7 +103,7 @@ jobs:

      - name: Restore Gradle Cache
        id: cache-gradle-restore
-        uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+        uses: actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
        with:
          path: |
            ~/.gradle/caches
@@ -114,14 +114,14 @@ jobs:
          key: build-mobile-gradle-${{ runner.os }}-main

      - name: Setup Flutter SDK
-        uses: subosito/flutter-action@1a449444c387b1966244ae4d4f8c696479add0b2 # v2.23.0
+        uses: subosito/flutter-action@fd55f4c5af5b953cc57a2be44cb082c8f6635e8e # v2.21.0
        with:
          channel: 'stable'
          flutter-version-file: ./mobile/pubspec.yaml
          cache: true

      - name: Setup Android SDK
-        uses: android-actions/setup-android@40fd30fb8d7440372e1316f5d1809ec01dcd3699 # v4.0.1
+        uses: android-actions/setup-android@9fc6c4e9069bf8d3d10b2204b1fb8f6ef7065407 # v3.2.2
        with:
          packages: ''

@@ -153,14 +153,14 @@ jobs:
          fi

      - name: Publish Android Artifact
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: release-apk-signed
          path: mobile/build/app/outputs/flutter-apk/*.apk

      - name: Save Gradle Cache
        id: cache-gradle-save
-        uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+        uses: actions/cache/save@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
        if: github.ref == 'refs/heads/main'
        with:
          path: |
@@ -185,13 +185,13 @@ jobs:
        run: sudo xcode-select -s /Applications/Xcode_26.2.app/Contents/Developer

      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          ref: ${{ inputs.ref || github.sha }}
          persist-credentials: false

      - name: Setup Flutter SDK
-        uses: subosito/flutter-action@1a449444c387b1966244ae4d4f8c696479add0b2 # v2.23.0
+        uses: subosito/flutter-action@fd55f4c5af5b953cc57a2be44cb082c8f6635e8e # v2
        with:
          channel: 'stable'
          flutter-version-file: ./mobile/pubspec.yaml
@@ -210,7 +210,7 @@ jobs:
        working-directory: ./mobile

      - name: Setup Ruby
-        uses: ruby/setup-ruby@7372622e62b60b3cb750dcd2b9e32c247ffec26a # v1.302.0
+        uses: ruby/setup-ruby@v1
        with:
          ruby-version: '3.3'
          bundler-cache: true
@@ -291,7 +291,7 @@ jobs:
          security delete-keychain build.keychain || true

      - name: Upload IPA artifact
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: ios-release-ipa
          path: mobile/ios/Runner.ipa
--- a/.github/workflows/cache-cleanup.yml
+++ b/.github/workflows/cache-cleanup.yml
@@ -19,7 +19,7 @@ jobs:
      actions: write
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
--- a/.github/workflows/check-openapi.yml
+++ b/.github/workflows/check-openapi.yml
@@ -24,7 +24,7 @@ jobs:
          persist-credentials: false

      - name: Check for breaking API changes
-        uses: oasdiff/oasdiff-action/breaking@f8cb9308b42121e793f835bd14c0b8090420430c # v0.0.39
+        uses: oasdiff/oasdiff-action/breaking@748daafaf3aac877a36307f842a48d55db938ac8 # v0.0.31
        with:
          base: https://raw.githubusercontent.com/${{ github.repository }}/main/open-api/immich-openapi-specs.json
          revision: open-api/immich-openapi-specs.json
--- a/.github/workflows/check-pr-template.yml
+++ b/.github/workflows/check-pr-template.yml
@@ -0,0 +1,80 @@
+name: Check PR Template
+
+on:
+  pull_request_target: # zizmor: ignore[dangerous-triggers]
+    types: [opened, edited]
+
+permissions: {}
+
+jobs:
+  parse:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.pull_request.head.repo.fork == true }}
+    permissions:
+      contents: read
+    outputs:
+      uses_template: ${{ steps.check.outputs.uses_template }}
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          sparse-checkout: .github/pull_request_template.md
+          sparse-checkout-cone-mode: false
+          persist-credentials: false
+
+      - name: Check required sections
+        id: check
+        env:
+          BODY: ${{ github.event.pull_request.body }}
+        run: |
+          OK=true
+          while IFS= read -r header; do
+            printf '%s\n' "$BODY" | grep -qF "$header" || OK=false
+          done < <(sed '/<!--/,/-->/d' .github/pull_request_template.md | grep "^## ")
+          echo "uses_template=$OK" >> "$GITHUB_OUTPUT"
+
+  act:
+    runs-on: ubuntu-latest
+    needs: parse
+    permissions:
+      pull-requests: write
+    steps:
+      - name: Close PR
+        if: ${{ needs.parse.outputs.uses_template == 'false' && github.event.pull_request.state != 'closed' }}
+        env:
+          GH_TOKEN: ${{ github.token }}
+          NODE_ID: ${{ github.event.pull_request.node_id }}
+        run: |
+          gh api graphql \
+            -f prId="$NODE_ID" \
+            -f body="This PR has been automatically closed as the description doesn't follow our template. After you edit it to match the template, the PR will automatically be reopened." \
+            -f query='
+              mutation CommentAndClosePR($prId: ID!, $body: String!) {
+                addComment(input: {
+                  subjectId: $prId,
+                  body: $body
+                }) {
+                  __typename
+                }
+                closePullRequest(input: {
+                  pullRequestId: $prId
+                }) {
+                  __typename
+                }
+              }'
+
+      - name: Reopen PR (sections now present, PR closed)
+        if: ${{ needs.parse.outputs.uses_template == 'true' && github.event.pull_request.state == 'closed' }}
+        env:
+          GH_TOKEN: ${{ github.token }}
+          NODE_ID: ${{ github.event.pull_request.node_id }}
+        run: |
+          gh api graphql \
+            -f prId="$NODE_ID" \
+            -f query='
+              mutation ReopenPR($prId: ID!) {
+                reopenPullRequest(input: {
+                  pullRequestId: $prId
+                }) {
+                  __typename
+                }
+              }'
--- a/.github/workflows/cli.yml
+++ b/.github/workflows/cli.yml
@@ -31,7 +31,7 @@ jobs:
        working-directory: ./cli
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -42,7 +42,7 @@ jobs:
          token: ${{ steps.token.outputs.token }}

      - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0

      - name: Setup Node
        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
@@ -71,7 +71,7 @@ jobs:

    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -83,13 +83,13 @@ jobs:
          token: ${{ steps.token.outputs.token }}

      - name: Set up QEMU
-        uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
+        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

      - name: Login to GitHub Container Registry
-        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
        if: ${{ !github.event.pull_request.head.repo.fork }}
        with:
          registry: ghcr.io
@@ -104,7 +104,7 @@ jobs:

      - name: Generate docker image tags
        id: metadata
-        uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
+        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
        with:
          flavor: |
            latest=false
@@ -115,7 +115,7 @@ jobs:
            type=raw,value=latest,enable=${{ github.event_name == 'release' }}

      - name: Build and push image
-        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
+        uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2
        with:
          file: cli/Dockerfile
          platforms: linux/amd64,linux/arm64
--- a/.github/workflows/close-duplicates.yml
+++ b/.github/workflows/close-duplicates.yml
@@ -35,7 +35,7 @@ jobs:
    needs: [get_body, should_run]
    if: ${{ needs.should_run.outputs.should_run == 'true' }}
    container:
-      image: ghcr.io/immich-app/mdq:main@sha256:557cca601891b8b7d78b940071d35aaf7aaeb9b327d19b22cf282118edbc5272
+      image: ghcr.io/immich-app/mdq:main@sha256:4f9860d04c88f7f87861f8ee84bfeedaec15ed7ca5ca87bc7db44b036f81645f
    outputs:
      checked: ${{ steps.get_checkbox.outputs.checked }}
    steps:
--- a/.github/workflows/close-llm-pr.yml
+++ b/.github/workflows/close-llm-pr.yml
@@ -0,0 +1,38 @@
+name: Close LLM-generated PRs
+
+on:
+  pull_request_target:
+    types: [labeled]
+
+permissions: {}
+
+jobs:
+  comment_and_close:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.label.name == 'llm-generated' }}
+    permissions:
+      pull-requests: write
+    steps:
+      - name: Comment and close
+        env:
+          GH_TOKEN: ${{ github.token }}
+          NODE_ID: ${{ github.event.pull_request.node_id }}
+        run: |
+          gh api graphql \
+            -f prId="$NODE_ID" \
+            -f body="Thank you for your interest in contributing to Immich! Unfortunately this PR looks like it was generated using an LLM. As noted in our [CONTRIBUTING.md](https://github.com/immich-app/immich/blob/main/CONTRIBUTING.md#use-of-generative-ai), we request that you don't use LLMs to generate PRs as those are not a good use of maintainer time." \
+            -f query='
+              mutation CommentAndClosePR($prId: ID!, $body: String!) {
+                addComment(input: {
+                  subjectId: $prId,
+                  body: $body
+                }) {
+                  __typename
+                }
+
+                closePullRequest(input: {
+                  pullRequestId: $prId
+                }) {
+                  __typename
+                }
+              }'
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -44,7 +44,7 @@ jobs:

    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -57,7 +57,7 @@ jobs:

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
+        uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
        with:
          languages: ${{ matrix.language }}
          # If you wish to specify custom queries, you can do so here or in a config file.
@@ -70,7 +70,7 @@ jobs:
      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
      # If this step fails, then you should remove it and run the build manually (see below)
      - name: Autobuild
-        uses: github/codeql-action/autobuild@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
+        uses: github/codeql-action/autobuild@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6

      # ℹ️ Command-line programs to run using the OS shell.
      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -83,6 +83,6 @@ jobs:
      #   ./location_of_script_within_repo/buildscript.sh

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
+        uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
        with:
          category: '/language:${{matrix.language}}'
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -23,14 +23,14 @@ jobs:
      should_run: ${{ steps.check.outputs.should_run }}
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Check what should run
        id: check
-        uses: immich-app/devtools/actions/pre-job@f50e3b600b6ac1763ddb8f3dfc69093512b967a1 # pre-job-action-v2.0.3
+        uses: immich-app/devtools/actions/pre-job@eed0f8b8165ffcb951f2ba854b2dd031935e1d73 # pre-job-action-v2.0.2
        with:
          github-token: ${{ steps.token.outputs.token }}
          filters: |
@@ -60,7 +60,7 @@ jobs:
        suffix: ['', '-cuda', '-rocm', '-openvino', '-armnn', '-rknn']
    steps:
      - name: Login to GitHub Container Registry
-        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
@@ -90,7 +90,7 @@ jobs:
        suffix: ['']
    steps:
      - name: Login to GitHub Container Registry
-        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
@@ -132,7 +132,7 @@ jobs:
            suffixes: '-rocm'
            platforms: linux/amd64
            runner-mapping: '{"linux/amd64": "pokedex-large"}'
-    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@61a0fc2b41524edcc7c9fffb8bb178e6b0ccf21d # multi-runner-build-workflow-v2.3.0
+    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@bd49ed7a5a6022149f79b6564df48177476a822b # multi-runner-build-workflow-v2.2.1
    permissions:
      contents: read
      actions: read
@@ -155,7 +155,7 @@ jobs:
    name: Build and Push Server
    needs: pre-job
    if: ${{ fromJSON(needs.pre-job.outputs.should_run).server == true }}
-    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@61a0fc2b41524edcc7c9fffb8bb178e6b0ccf21d # multi-runner-build-workflow-v2.3.0
+    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@bd49ed7a5a6022149f79b6564df48177476a822b # multi-runner-build-workflow-v2.2.1
    permissions:
      contents: read
      actions: read
@@ -178,7 +178,7 @@ jobs:
    runs-on: ubuntu-latest
    if: always()
    steps:
-      - uses: immich-app/devtools/actions/success-check@53bb77345ee9f953f93bd6fd9980f07a2f24965e # success-check-action-v0.0.5
+      - uses: immich-app/devtools/actions/success-check@68f10eb389bb02a3cf9d1156111964c549eb421b # 0.0.4
        with:
          needs: ${{ toJSON(needs) }}

@@ -189,6 +189,6 @@ jobs:
    runs-on: ubuntu-latest
    if: always()
    steps:
-      - uses: immich-app/devtools/actions/success-check@53bb77345ee9f953f93bd6fd9980f07a2f24965e # success-check-action-v0.0.5
+      - uses: immich-app/devtools/actions/success-check@68f10eb389bb02a3cf9d1156111964c549eb421b # 0.0.4
        with:
          needs: ${{ toJSON(needs) }}
--- a/.github/workflows/docs-build.yml
+++ b/.github/workflows/docs-build.yml
@@ -21,14 +21,14 @@ jobs:
      should_run: ${{ steps.check.outputs.should_run }}
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Check what should run
        id: check
-        uses: immich-app/devtools/actions/pre-job@f50e3b600b6ac1763ddb8f3dfc69093512b967a1 # pre-job-action-v2.0.3
+        uses: immich-app/devtools/actions/pre-job@eed0f8b8165ffcb951f2ba854b2dd031935e1d73 # pre-job-action-v2.0.2
        with:
          github-token: ${{ steps.token.outputs.token }}
          filters: |
@@ -54,7 +54,7 @@ jobs:

    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -67,7 +67,7 @@ jobs:
          fetch-depth: 0

      - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0

      - name: Setup Node
        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
@@ -86,7 +86,7 @@ jobs:
        run: pnpm build

      - name: Upload build output
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: docs-build-output
          path: docs/build/
--- a/.github/workflows/docs-deploy.yml
+++ b/.github/workflows/docs-deploy.yml
@@ -20,7 +20,7 @@ jobs:
      artifact: ${{ steps.get-artifact.outputs.result }}
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -29,7 +29,7 @@ jobs:
        run: echo 'The triggering workflow did not succeed' && exit 1
      - name: Get artifact
        id: get-artifact
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
          github-token: ${{ steps.token.outputs.token }}
          script: |
@@ -48,7 +48,7 @@ jobs:
            return { found: true, id: matchArtifact.id };
      - name: Determine deploy parameters
        id: parameters
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        env:
          HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
        with:
@@ -119,7 +119,7 @@ jobs:
    if: ${{ fromJson(needs.checks.outputs.artifact).found && fromJson(needs.checks.outputs.parameters).shouldDeploy }}
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -131,11 +131,11 @@ jobs:
          token: ${{ steps.token.outputs.token }}

      - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@035e80a7d4355d5f087ffb95db9e4a0944c04e56 # use-mise-action-v1.1.3
+        uses: immich-app/devtools/actions/use-mise@dab18118da6476e8237ac94080fd937983fecd42 # use-mise-action-v1.1.2

      - name: Load parameters
        id: parameters
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        env:
          PARAM_JSON: ${{ needs.checks.outputs.parameters }}
        with:
@@ -147,7 +147,7 @@ jobs:
            core.setOutput("shouldDeploy", parameters.shouldDeploy);

      - name: Download artifact
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        env:
          ARTIFACT_JSON: ${{ needs.checks.outputs.artifact }}
        with:
@@ -211,7 +211,7 @@ jobs:
        run: 'mise run //deployment:tf apply'

      - name: Comment
-        uses: actions-cool/maintain-one-comment@909842216bc8e8658364c572ec52100f4c2cc50a # v3.3.0
+        uses: actions-cool/maintain-one-comment@4b2dbf086015f892dcb5e8c1106f5fccd6c1476b # v3.2.0
        if: ${{ steps.parameters.outputs.event == 'pr' }}
        with:
          token: ${{ steps.token.outputs.token }}
--- a/.github/workflows/docs-destroy.yml
+++ b/.github/workflows/docs-destroy.yml
@@ -17,7 +17,7 @@ jobs:
      pull-requests: write
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -29,7 +29,7 @@ jobs:
          token: ${{ steps.token.outputs.token }}

      - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@035e80a7d4355d5f087ffb95db9e4a0944c04e56 # use-mise-action-v1.1.3
+        uses: immich-app/devtools/actions/use-mise@dab18118da6476e8237ac94080fd937983fecd42 # use-mise-action-v1.1.2

      - name: Destroy Docs Subdomain
        env:
@@ -42,7 +42,7 @@ jobs:
        run: 'mise run //deployment:tf destroy -- -refresh=false'

      - name: Comment
-        uses: actions-cool/maintain-one-comment@909842216bc8e8658364c572ec52100f4c2cc50a # v3.3.0
+        uses: actions-cool/maintain-one-comment@4b2dbf086015f892dcb5e8c1106f5fccd6c1476b # v3.2.0
        with:
          token: ${{ steps.token.outputs.token }}
          number: ${{ github.event.number }}
--- a/.github/workflows/fix-format.yml
+++ b/.github/workflows/fix-format.yml
@@ -16,7 +16,7 @@ jobs:
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -29,7 +29,7 @@ jobs:
          persist-credentials: true

      - name: Setup pnpm
-        uses: pnpm/action-setup@08c4be7e2e672a47d11bd04269e27e5f3e8529cb # v6.0.0
+        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0

      - name: Setup Node
        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
@@ -42,13 +42,13 @@ jobs:
        run: pnpm --recursive install && pnpm run --recursive --if-present --parallel format:fix

      - name: Commit and push
-        uses: EndBug/add-and-commit@290ea2c423ad77ca9c62ae0f5b224379612c0321 # v10.0.0
+        uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4
        with:
          default_author: github_actions
          message: 'chore: fix formatting'

      - name: Remove label
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        if: always()
        with:
          github-token: ${{ steps.generate-token.outputs.token }}
--- a/.github/workflows/merge-translations.yml
+++ b/.github/workflows/merge-translations.yml
@@ -31,7 +31,7 @@ jobs:
      - name: Generate a token
        id: generate_token
        if: ${{ inputs.skip != true }}
-        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
--- a/.github/workflows/pr-label-validation.yml
+++ b/.github/workflows/pr-label-validation.yml
@@ -14,13 +14,13 @@ jobs:
      pull-requests: write
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Require PR to have a changelog label
-        uses: mheap/github-action-required-labels@0ac283b4e65c1fb28ce6079dea5546ceca98ccbe # v5.5.2
+        uses: mheap/github-action-required-labels@8afbe8ae6ab7647d0c9f0cfa7c2f939650d22509 # v5.5.1
        with:
          token: ${{ steps.token.outputs.token }}
          mode: exactly
--- a/.github/workflows/pr-labeler.yml
+++ b/.github/workflows/pr-labeler.yml
@@ -12,7 +12,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
--- a/.github/workflows/prepare-release.yml
+++ b/.github/workflows/prepare-release.yml
@@ -50,7 +50,7 @@ jobs:
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -63,10 +63,10 @@ jobs:
          ref: main

      - name: Install uv
-        uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0
+        uses: astral-sh/setup-uv@6ee6290f1cbc4156c0bdd66691b2c144ef8df19a # v7.4.0

      - name: Setup pnpm
-        uses: pnpm/action-setup@08c4be7e2e672a47d11bd04269e27e5f3e8529cb # v6.0.0
+        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0

      - name: Setup Node
        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
@@ -86,7 +86,7 @@ jobs:

      - name: Commit and tag
        id: push-tag
-        uses: EndBug/add-and-commit@290ea2c423ad77ca9c62ae0f5b224379612c0321 # v10.0.0
+        uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4
        with:
          default_author: github_actions
          message: 'chore: version ${{ steps.output.outputs.version }}'
@@ -124,7 +124,7 @@ jobs:
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -136,13 +136,13 @@ jobs:
          persist-credentials: false

      - name: Download APK
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
        with:
          name: release-apk-signed
          github-token: ${{ steps.generate-token.outputs.token }}

      - name: Create draft release
-        uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2.6.2
+        uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
        with:
          draft: true
          tag_name: ${{ needs.bump_version.outputs.version }}
@@ -151,7 +151,6 @@ jobs:
          body_path: misc/release/notes.tmpl
          files: |
            docker/docker-compose.yml
-            docker/docker-compose.rootless.yml
            docker/example.env
            docker/hwaccel.ml.yml
            docker/hwaccel.transcoding.yml
--- a/.github/workflows/preview-label.yaml
+++ b/.github/workflows/preview-label.yaml
@@ -14,12 +14,12 @@ jobs:
      pull-requests: write
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

-      - uses: mshick/add-pr-comment@64b8e914979889d746c99dea15a76e77ef64580a # v3.10.0
+      - uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
        with:
          github-token: ${{ steps.token.outputs.token }}
          message-id: 'preview-status'
@@ -32,12 +32,12 @@ jobs:
      pull-requests: write
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

-      - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+      - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
          github-token: ${{ steps.token.outputs.token }}
          script: |
@@ -48,14 +48,14 @@ jobs:
              name: 'preview'
            })

-      - uses: mshick/add-pr-comment@64b8e914979889d746c99dea15a76e77ef64580a # v3.10.0
+      - uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
        if: ${{ github.event.pull_request.head.repo.fork }}
        with:
          github-token: ${{ steps.token.outputs.token }}
          message-id: 'preview-status'
          message: 'PRs from forks cannot have preview environments.'

-      - uses: mshick/add-pr-comment@64b8e914979889d746c99dea15a76e77ef64580a # v3.10.0
+      - uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
        if: ${{ !github.event.pull_request.head.repo.fork }}
        with:
          github-token: ${{ steps.token.outputs.token }}
--- a/.github/workflows/sdk.yml
+++ b/.github/workflows/sdk.yml
@@ -19,7 +19,7 @@ jobs:
        working-directory: ./open-api/typescript-sdk
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -30,7 +30,7 @@ jobs:
          token: ${{ steps.token.outputs.token }}

      - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0

      # Setup .npmrc file to publish to npm
      - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
--- a/.github/workflows/static_analysis.yml
+++ b/.github/workflows/static_analysis.yml
@@ -20,14 +20,14 @@ jobs:
      should_run: ${{ steps.check.outputs.should_run }}
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Check what should run
        id: check
-        uses: immich-app/devtools/actions/pre-job@f50e3b600b6ac1763ddb8f3dfc69093512b967a1 # pre-job-action-v2.0.3
+        uses: immich-app/devtools/actions/pre-job@eed0f8b8165ffcb951f2ba854b2dd031935e1d73 # pre-job-action-v2.0.2
        with:
          github-token: ${{ steps.token.outputs.token }}
          filters: |
@@ -49,7 +49,7 @@ jobs:
        working-directory: ./mobile
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -61,7 +61,7 @@ jobs:
          token: ${{ steps.token.outputs.token }}

      - name: Setup Flutter SDK
-        uses: subosito/flutter-action@1a449444c387b1966244ae4d4f8c696479add0b2 # v2.23.0
+        uses: subosito/flutter-action@fd55f4c5af5b953cc57a2be44cb082c8f6635e8e # v2.21.0
        with:
          channel: 'stable'
          flutter-version-file: ./mobile/pubspec.yaml
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -17,14 +17,14 @@ jobs:
      should_run: ${{ steps.check.outputs.should_run }}
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Check what should run
        id: check
-        uses: immich-app/devtools/actions/pre-job@f50e3b600b6ac1763ddb8f3dfc69093512b967a1 # pre-job-action-v2.0.3
+        uses: immich-app/devtools/actions/pre-job@eed0f8b8165ffcb951f2ba854b2dd031935e1d73 # pre-job-action-v2.0.2
        with:
          github-token: ${{ steps.token.outputs.token }}
          filters: |
@@ -63,7 +63,7 @@ jobs:
        working-directory: ./server
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -75,7 +75,7 @@ jobs:
          token: ${{ steps.token.outputs.token }}

      - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0
      - name: Setup Node
        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
        with:
@@ -108,7 +108,7 @@ jobs:
        working-directory: ./cli
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -119,7 +119,7 @@ jobs:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0
      - name: Setup Node
        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
        with:
@@ -155,7 +155,7 @@ jobs:
        working-directory: ./cli
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -166,7 +166,7 @@ jobs:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0
      - name: Setup Node
        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
        with:
@@ -197,7 +197,7 @@ jobs:
        working-directory: ./web
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -208,7 +208,7 @@ jobs:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0
      - name: Setup Node
        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
        with:
@@ -241,7 +241,7 @@ jobs:
        working-directory: ./web
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -252,7 +252,7 @@ jobs:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0
      - name: Setup Node
        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
        with:
@@ -279,7 +279,7 @@ jobs:
      contents: read
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -290,7 +290,7 @@ jobs:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0
      - name: Setup Node
        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
        with:
@@ -327,7 +327,7 @@ jobs:
        working-directory: ./e2e
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -338,7 +338,7 @@ jobs:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0
      - name: Setup Node
        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
        with:
@@ -373,7 +373,7 @@ jobs:
        working-directory: ./server
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -385,7 +385,7 @@ jobs:
          submodules: 'recursive'
          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0
      - name: Setup Node
        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
        with:
@@ -412,7 +412,7 @@ jobs:
        runner: [ubuntu-latest, ubuntu-24.04-arm]
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -424,7 +424,7 @@ jobs:
          submodules: 'recursive'
          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0
      - name: Setup Node
        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
        with:
@@ -464,7 +464,7 @@ jobs:
        run: docker compose logs --no-color > docker-compose-logs.txt
        working-directory: ./e2e
      - name: Archive Docker logs
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        if: always()
        with:
          name: e2e-server-docker-logs-${{ matrix.runner }}
@@ -484,7 +484,7 @@ jobs:
        runner: [ubuntu-latest, ubuntu-24.04-arm]
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -496,7 +496,7 @@ jobs:
          submodules: 'recursive'
          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0
      - name: Setup Node
        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
        with:
@@ -522,7 +522,7 @@ jobs:
        run: pnpm test:web
        if: ${{ !cancelled() }}
      - name: Archive e2e test (web) results
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        if: success() || failure()
        with:
          name: e2e-web-test-results-${{ matrix.runner }}
@@ -533,7 +533,7 @@ jobs:
        run: pnpm test:web:ui
        if: ${{ !cancelled() }}
      - name: Archive ui test (web) results
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        if: success() || failure()
        with:
          name: e2e-ui-test-results-${{ matrix.runner }}
@@ -544,7 +544,7 @@ jobs:
        run: pnpm test:web:maintenance
        if: ${{ !cancelled() }}
      - name: Archive maintenance tests (web) results
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        if: success() || failure()
        with:
          name: e2e-maintenance-isolated-test-results-${{ matrix.runner }}
@@ -554,7 +554,7 @@ jobs:
        run: docker compose logs --no-color > docker-compose-logs.txt
        working-directory: ./e2e
      - name: Archive Docker logs
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        if: always()
        with:
          name: e2e-web-docker-logs-${{ matrix.runner }}
@@ -566,7 +566,7 @@ jobs:
    runs-on: ubuntu-latest
    if: always()
    steps:
-      - uses: immich-app/devtools/actions/success-check@53bb77345ee9f953f93bd6fd9980f07a2f24965e # success-check-action-v0.0.5
+      - uses: immich-app/devtools/actions/success-check@68f10eb389bb02a3cf9d1156111964c549eb421b # 0.0.4
        with:
          needs: ${{ toJSON(needs) }}
  mobile-unit-tests:
@@ -578,7 +578,7 @@ jobs:
      contents: read
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -588,7 +588,7 @@ jobs:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
      - name: Setup Flutter SDK
-        uses: subosito/flutter-action@1a449444c387b1966244ae4d4f8c696479add0b2 # v2.23.0
+        uses: subosito/flutter-action@fd55f4c5af5b953cc57a2be44cb082c8f6635e8e # v2.21.0
        with:
          channel: 'stable'
          flutter-version-file: ./mobile/pubspec.yaml
@@ -610,7 +610,7 @@ jobs:
        working-directory: ./machine-learning
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -620,7 +620,7 @@ jobs:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
      - name: Install uv
-        uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0
+        uses: astral-sh/setup-uv@6ee6290f1cbc4156c0bdd66691b2c144ef8df19a # v7.4.0
        with:
          python-version: 3.11
      - name: Install dependencies
@@ -650,7 +650,7 @@ jobs:
        working-directory: ./.github
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -661,7 +661,7 @@ jobs:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0
      - name: Setup Node
        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
        with:
@@ -680,7 +680,7 @@ jobs:
      contents: read
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -701,7 +701,7 @@ jobs:
      contents: read
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -712,7 +712,7 @@ jobs:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0
      - name: Setup Node
        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
        with:
@@ -763,7 +763,7 @@ jobs:
        working-directory: ./server
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -774,7 +774,7 @@ jobs:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0
      - name: Setup Node
        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
        with:
--- a/.github/workflows/weblate-lock.yml
+++ b/.github/workflows/weblate-lock.yml
@@ -24,14 +24,14 @@ jobs:
      should_run: ${{ steps.check.outputs.should_run }}
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Check what should run
        id: check
-        uses: immich-app/devtools/actions/pre-job@f50e3b600b6ac1763ddb8f3dfc69093512b967a1 # pre-job-action-v2.0.3
+        uses: immich-app/devtools/actions/pre-job@eed0f8b8165ffcb951f2ba854b2dd031935e1d73 # pre-job-action-v2.0.2
        with:
          github-token: ${{ steps.token.outputs.token }}
          filters: |
@@ -47,7 +47,7 @@ jobs:
    if: ${{ fromJSON(needs.pre-job.outputs.should_run).i18n == true }}
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -68,6 +68,6 @@ jobs:
    permissions: {}
    if: always()
    steps:
-      - uses: immich-app/devtools/actions/success-check@53bb77345ee9f953f93bd6fd9980f07a2f24965e # success-check-action-v0.0.5
+      - uses: immich-app/devtools/actions/success-check@68f10eb389bb02a3cf9d1156111964c549eb421b # 0.0.4
        with:
          needs: ${{ toJSON(needs) }}
--- a/.gitignore
+++ b/.gitignore
@@ -28,5 +28,3 @@ vite.config.js.timestamp-*
 .pnpm-store
 .devcontainer/library
 .devcontainer/.env*
-*.tsbuildinfo
-*.tsbuildInfo
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,3 +1,6 @@
+[submodule "mobile/.isar"]
+	path = mobile/.isar
+	url = https://github.com/isar/isar
 [submodule "e2e/test-assets"]
 	path = e2e/test-assets
 	url = https://github.com/immich-app/test-assets
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -13,6 +13,10 @@
    "editor.wordBasedSuggestions": "off"
  },
  "[javascript]": {
+    "editor.codeActionsOnSave": {
+      "source.organizeImports": "explicit",
+      "source.removeUnusedImports": "explicit"
+    },
    "editor.defaultFormatter": "esbenp.prettier-vscode",
    "editor.formatOnSave": true
  },
@@ -25,10 +29,18 @@
    "editor.formatOnSave": true
  },
  "[svelte]": {
+    "editor.codeActionsOnSave": {
+      "source.organizeImports": "explicit",
+      "source.removeUnusedImports": "explicit"
+    },
    "editor.defaultFormatter": "svelte.svelte-vscode",
    "editor.formatOnSave": true
  },
  "[typescript]": {
+    "editor.codeActionsOnSave": {
+      "source.organizeImports": "explicit",
+      "source.removeUnusedImports": "explicit"
+    },
    "editor.defaultFormatter": "esbenp.prettier-vscode",
    "editor.formatOnSave": true
  },
--- a/cli/.nvmrc
+++ b/cli/.nvmrc
@@ -1 +1 @@
-24.15.0
+24.13.1
--- a/cli/package.json
+++ b/cli/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@immich/cli",
-  "version": "2.7.5",
+  "version": "2.6.0",
  "description": "Command Line Interface (CLI) for Immich",
  "type": "module",
  "exports": "./dist/index.js",
@@ -20,7 +20,7 @@
    "@types/lodash-es": "^4.17.12",
    "@types/micromatch": "^4.0.9",
    "@types/mock-fs": "^4.13.1",
-    "@types/node": "^24.12.2",
+    "@types/node": "^24.11.0",
    "@vitest/coverage-v8": "^4.0.0",
    "byte-size": "^9.0.0",
    "cli-progress": "^3.12.0",
@@ -28,14 +28,15 @@
    "eslint": "^10.0.0",
    "eslint-config-prettier": "^10.1.8",
    "eslint-plugin-prettier": "^5.1.3",
-    "eslint-plugin-unicorn": "^64.0.0",
+    "eslint-plugin-unicorn": "^63.0.0",
    "globals": "^17.0.0",
    "mock-fs": "^5.2.0",
    "prettier": "^3.7.4",
    "prettier-plugin-organize-imports": "^4.0.0",
-    "typescript": "^6.0.0",
-    "typescript-eslint": "^8.58.0",
-    "vite": "^8.0.0",
+    "typescript": "^5.3.3",
+    "typescript-eslint": "^8.28.0",
+    "vite": "^7.0.0",
+    "vite-tsconfig-paths": "^6.0.0",
    "vitest": "^4.0.0",
    "vitest-fetch-mock": "^0.4.0",
    "yaml": "^2.3.1"
@@ -68,6 +69,6 @@
    "micromatch": "^4.0.8"
  },
  "volta": {
-    "node": "24.15.0"
+    "node": "24.13.1"
  }
 }
--- a/cli/src/commands/asset.spec.ts
+++ b/cli/src/commands/asset.spec.ts
@@ -4,7 +4,7 @@ import path from 'node:path';
 import { setTimeout as sleep } from 'node:timers/promises';
 import { describe, expect, it, MockedFunction, vi } from 'vitest';

-import { AssetRejectReason, AssetUploadAction, checkBulkUpload, defaults, getSupportedMediaTypes } from '@immich/sdk';
+import { Action, checkBulkUpload, defaults, getSupportedMediaTypes, Reason } from '@immich/sdk';
 import createFetchMock from 'vitest-fetch-mock';

 import {
@@ -120,7 +120,7 @@ describe('checkForDuplicates', () => {
    vi.mocked(checkBulkUpload).mockResolvedValue({
      results: [
        {
-          action: AssetUploadAction.Accept,
+          action: Action.Accept,
          id: testFilePath,
        },
      ],
@@ -144,10 +144,10 @@ describe('checkForDuplicates', () => {
    vi.mocked(checkBulkUpload).mockResolvedValue({
      results: [
        {
-          action: AssetUploadAction.Reject,
+          action: Action.Reject,
          id: testFilePath,
          assetId: 'fc5621b1-86f6-44a1-9905-403e607df9f5',
-          reason: AssetRejectReason.Duplicate,
+          reason: Reason.Duplicate,
        },
      ],
    });
@@ -167,7 +167,7 @@ describe('checkForDuplicates', () => {
    vi.mocked(checkBulkUpload).mockResolvedValue({
      results: [
        {
-          action: AssetUploadAction.Accept,
+          action: Action.Accept,
          id: testFilePath,
        },
      ],
@@ -187,7 +187,7 @@ describe('checkForDuplicates', () => {
    mocked.mockResolvedValue({
      results: [
        {
-          action: AssetUploadAction.Accept,
+          action: Action.Accept,
          id: testFilePath,
        },
      ],
--- a/cli/src/commands/asset.ts
+++ b/cli/src/commands/asset.ts
@@ -1,9 +1,9 @@
 import {
+  Action,
  AssetBulkUploadCheckItem,
  AssetBulkUploadCheckResult,
  AssetMediaResponseDto,
  AssetMediaStatus,
-  AssetUploadAction,
  Permission,
  addAssetsToAlbum,
  checkBulkUpload,
@@ -234,7 +234,7 @@ export const checkForDuplicates = async (files: string[], { concurrency, skipHas
      const results = response.results as AssetBulkUploadCheckResults;

      for (const { id: filepath, assetId, action } of results) {
-        if (action === AssetUploadAction.Accept) {
+        if (action === Action.Accept) {
          newFiles.push(filepath);
        } else {
          // rejects are always duplicates
@@ -404,6 +404,8 @@ const uploadFile = async (input: string, stats: Stats): Promise<AssetMediaRespon
  const { baseUrl, headers } = defaults;

  const formData = new FormData();
+  formData.append('deviceAssetId', `${basename(input)}-${stats.size}`.replaceAll(/\s+/g, ''));
+  formData.append('deviceId', 'CLI');
  formData.append('fileCreatedAt', stats.mtime.toISOString());
  formData.append('fileModifiedAt', stats.mtime.toISOString());
  formData.append('fileSize', String(stats.size));
--- a/cli/tsconfig.json
+++ b/cli/tsconfig.json
@@ -15,12 +15,8 @@
    "incremental": true,
    "skipLibCheck": true,
    "esModuleInterop": true,
-    "rootDir": "./src",
-    "paths": {
-      "src/*": ["./src/*"],
-    },
-    "tsBuildInfoFile": "./dist/tsconfig.tsbuildinfo",
+    "baseUrl": "./",
    "types": ["vitest/globals"]
  },
-  "exclude": ["dist", "node_modules", "vite.config.ts"]
+  "exclude": ["dist", "node_modules"]
 }
--- a/cli/vite.config.ts
+++ b/cli/vite.config.ts
@@ -1,12 +1,10 @@
 import { defineConfig, UserConfig } from 'vite';
+import tsconfigPaths from 'vite-tsconfig-paths';

 export default defineConfig({
-  resolve: {
-    alias: { src: '/src' },
-    tsconfigPaths: true,
-  },
+  resolve: { alias: { src: '/src' } },
  build: {
-    rolldownOptions: {
+    rollupOptions: {
      input: 'src/index.ts',
      output: {
        dir: 'dist',
@@ -18,6 +16,7 @@ export default defineConfig({
    // bundle everything except for Node built-ins
    noExternal: /^(?!node:).*$/,
  },
+  plugins: [tsconfigPaths()],
  test: {
    name: 'cli:unit',
    globals: true,
--- a/deployment/mise.toml
+++ b/deployment/mise.toml
@@ -1,6 +1,6 @@
 [tools]
-terragrunt = "1.0.1"
-opentofu = "1.11.6"
+terragrunt = "0.99.4"
+opentofu = "1.11.5"

 [tasks."tg:fmt"]
 run = "terragrunt hclfmt"
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@@ -20,7 +20,6 @@ services:
      - /tmp
    volumes:
      - ..:/usr/src/app
-      # - ../../ui:/usr/src/ui
      - pnpm_cache:/buildcache/pnpm_cache
      - server_node_modules:/usr/src/app/server/node_modules
      - web_node_modules:/usr/src/app/web/node_modules
@@ -91,7 +90,6 @@ services:
      IMMICH_THIRD_PARTY_BUG_FEATURE_URL: https://github.com/immich-app/immich/issues
      IMMICH_THIRD_PARTY_DOCUMENTATION_URL: https://docs.immich.app
      IMMICH_THIRD_PARTY_SUPPORT_URL: https://docs.immich.app/community-guides
-      IMMICH_HELMET_FILE: 'true'
    ports:
      - 9230:9230
      - 9231:9231
@@ -157,7 +155,7 @@ services:

  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:9@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9
+    image: docker.io/valkey/valkey:9@sha256:3eeb09785cd61ec8e3be35f8804c8892080f3ca21934d628abc24ee4ed1698f6
    healthcheck:
      test: redis-cli ping || exit 1

--- a/docker/docker-compose.prod.yml
+++ b/docker/docker-compose.prod.yml
@@ -56,7 +56,7 @@ services:

  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:9@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9
+    image: docker.io/valkey/valkey:9@sha256:3eeb09785cd61ec8e3be35f8804c8892080f3ca21934d628abc24ee4ed1698f6
    healthcheck:
      test: redis-cli ping || exit 1
    restart: always
@@ -85,7 +85,7 @@ services:
    container_name: immich_prometheus
    ports:
      - 9090:9090
-    image: prom/prometheus@sha256:5550dc63da361dc30f6fe02ac0e4dfc736ededfef3c8d12a634db04a67824d78
+    image: prom/prometheus@sha256:4a61322ac1103a0e3aea2a61ef1718422a48fa046441f299d71e660a3bc71ae9
    volumes:
      - ./prometheus.yml:/etc/prometheus/prometheus.yml
      - prometheus-data:/prometheus
@@ -97,7 +97,7 @@ services:
    command: ['./run.sh', '-disable-reporting']
    ports:
      - 3000:3000
-    image: grafana/grafana:12.4.2-ubuntu@sha256:78839fe49e1425c02416fa8072591533a72bd9598e563b54a07d78f9e27fb5d3
+    image: grafana/grafana:12.3.2-ubuntu@sha256:6cca4b429a1dc0d37d401dee54825c12d40056c3c6f3f56e3f0d6318ce77749b
    volumes:
      - grafana-data:/var/lib/grafana

--- a/docker/docker-compose.rootless.yml
+++ b/docker/docker-compose.rootless.yml
@@ -61,7 +61,7 @@ services:

  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:9@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9
+    image: docker.io/valkey/valkey:9@sha256:3eeb09785cd61ec8e3be35f8804c8892080f3ca21934d628abc24ee4ed1698f6
    user: '1000:1000'
    security_opt:
      - no-new-privileges:true
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -49,7 +49,7 @@ services:

  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:9@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9
+    image: docker.io/valkey/valkey:9@sha256:3eeb09785cd61ec8e3be35f8804c8892080f3ca21934d628abc24ee4ed1698f6
    healthcheck:
      test: redis-cli ping || exit 1
    restart: always
--- a/docs/.nvmrc
+++ b/docs/.nvmrc
@@ -1 +1 @@
-24.15.0
+24.13.1
--- a/docs/docs/administration/backup-and-restore.md
+++ b/docs/docs/administration/backup-and-restore.md
@@ -210,7 +210,7 @@ The provided restore process ensures your database is never in a broken state by

 ## Filesystem

-Immich does not handle filesystem backups for you. You have to arrange these yourself! Immich stores two types of content in the filesystem: (a) original, unmodified assets (photos and videos), and (b) generated content. We recommend backing up the entire contents of `UPLOAD_LOCATION`, but only the original content is critical, which is stored in the following folders:
+Immich stores two types of content in the filesystem: (a) original, unmodified assets (photos and videos), and (b) generated content. We recommend backing up the entire contents of `UPLOAD_LOCATION`, but only the original content is critical, which is stored in the following folders:

 1. `UPLOAD_LOCATION/library`
 2. `UPLOAD_LOCATION/upload`
--- a/docs/docs/administration/img/keycloak-access-settings.webp
+++ b/docs/docs/administration/img/keycloak-access-settings.webp
--- a/docs/docs/administration/img/keycloak-capability-config.webp
+++ b/docs/docs/administration/img/keycloak-capability-config.webp
--- a/docs/docs/administration/img/keycloak-general-settings.webp
+++ b/docs/docs/administration/img/keycloak-general-settings.webp
--- a/docs/docs/administration/oauth.md
+++ b/docs/docs/administration/oauth.md
@@ -14,7 +14,6 @@ Immich supports 3rd party authentication via [OpenID Connect][oidc] (OIDC), an i
 - [Authelia](https://www.authelia.com/integration/openid-connect/immich/)
 - [Okta](https://www.okta.com/openid-connect/)
 - [Google](https://developers.google.com/identity/openid-connect/openid-connect)
- [Keycloak](https://www.keycloak.org)

 ## Prerequisites

@@ -50,10 +49,6 @@ Before enabling OAuth in Immich, a new client application needs to be configured
   - `https://immich.example.com/auth/login`
   - `https://immich.example.com/user-settings`

-3. Configure Backchannel logout URL
-
-   If the authentication server supports it, the **Backchannel logout URL** can be specified, and it is of the form: `http://DOMAIN:PORT/api/oauth/backchannel-logout`.
-
 ## Enable OAuth

 Once you have a new OAuth client application configured, Immich can be configured using the Administration Settings page, available on the web (Administration -> Settings).
@@ -67,8 +62,6 @@ Once you have a new OAuth client application configured, Immich can be configure
 | `scope`                                              | string  | openid email profile | Full list of scopes to send with the request (space delimited)                      |
 | `id_token_signed_response_alg`                       | string  | RS256                | The algorithm used to sign the id token (examples: RS256, HS256)                    |
 | `userinfo_signed_response_alg`                       | string  | none                 | The algorithm used to sign the userinfo response (examples: RS256, HS256)           |
-| `prompt`                                             | string  | (empty)              | Prompt parameter for authorization url (examples: select_account, login, consent)   |
-| `end_session_endpoint`                               | URL     | (empty)              | Http(s) alternative end session endpoint (logout URI)                               |
 | Request timeout                                      | string  | 30,000 (30 seconds)  | Number of milliseconds to wait for http requests to complete before giving up       |
 | Storage Label Claim                                  | string  | preferred_username   | Claim mapping for the user's storage label**¹**                                     |
 | Role Claim                                           | string  | immich_role          | Claim mapping for the user's role. (should return "user" or "admin")**¹**           |
@@ -187,7 +180,6 @@ Configuration of OAuth in Immich System Settings
 | Scope                              | openid email profile immich_scope                                   |
 | ID Token Signed Response Algorithm | RS256                                                               |
 | Userinfo Signed Response Algorithm | RS256                                                               |
-| End Session Endpoint               | https://auth.example.com/logout?rd=https://immich.example.com/      |
 | Storage Label Claim                | uid                                                                 |
 | Storage Quota Claim                | immich_quota                                                        |
 | Default Storage Quota (GiB)        | 0 (empty for unlimited quota)                                       |
@@ -261,40 +253,4 @@ Configuration of OAuth in Immich System Settings

 </details>

-<details>
-<summary>Keycloak Example</summary>
-
-### Keycloak Example
-
-Here's an example of OAuth configured for Keycloak:
-
-Create your immich client on your Keycloak Realm.
-
-<img src={require('./img/keycloak-general-settings.webp').default} width='100%' title="Keycloak Client general Settings" />
-<img src={require('./img/keycloak-access-settings.webp').default} width='100%' title="Keycloak Client Access Settings" />
-<img src={require('./img/keycloak-capability-config.webp').default} width='100%' title="Keycloak Client Capability Configuration" />
-
-Configuration of OAuth in Immich System Settings
-
-| Setting                      | Value                                                 |
-| ---------------------------- | ----------------------------------------------------- |
-| Issuer URL                   | `https://<KEYCLOAK_DOMAIN>/realms/<YOUR_REALM>`       |
-| Client ID                    | immich                                                |
-| Client Secret                | can be optained from Clients -> immich -> Credentials |
-| Scope                        | openid email profile                                  |
-| Signing Algorithm            | RS256                                                 |
-| Storage Label Claim          | preferred_username                                    |
-| Role Claim                   | immich_role                                           |
-| Storage Quota Claim          | immich_quota                                          |
-| Default Storage Quota (GiB)  | 0 (empty for unlimited quota)                         |
-| Button Text                  | Sign in with Keycloak (recommended)                   |
-| Auto Register                | Enabled (optional)                                    |
-| Auto Launch                  | Enabled (optional)                                    |
-| Mobile Redirect URI Override | Disabled                                              |
-| Mobile Redirect URI          |                                                       |
-
-Role Claim can be managed via Client Role. Remember to create a mapper with claim name `immich_role`.
-
-</details>
-
 [oidc]: https://openid.net/connect/
--- a/docs/docs/developer/setup.md
+++ b/docs/docs/developer/setup.md
@@ -80,9 +80,9 @@ To see local changes to `@immich/ui` in Immich, do the following:

 1. Install `@immich/ui` as a sibling to `immich/`, for example `/home/user/immich` and `/home/user/ui`
 2. Build the `@immich/ui` project via `pnpm run build`
-3. Uncomment the corresponding volume in web service of the `docker/docker-compose.dev.yml` file (`../../ui:/usr/src/ui`)
-4. Uncomment the corresponding alias in the `web/vite.config.ts` file (`'@immich/ui': path.resolve(\_\_dirname, '../../ui/packages/ui')`)
-5. Uncomment the import statement in `web/src/app.css` file `@import '../../../ui/packages/ui/dist/theme/default.css';` and comment out `@import '@immich/ui/theme/default.css';`
+3. Uncomment the corresponding volume in web service of the `docker/docker-compose.dev.yaml` file (`../../ui:/usr/ui`)
+4. Uncomment the corresponding alias in the `web/vite.config.js` file (`'@immich/ui': path.resolve(\_\_dirname, '../../ui')`)
+5. Uncomment the import statement in `web/src/app.css` file `@import '/usr/ui/dist/theme/default.css';` and comment out `@import '@immich/ui/theme/default.css';`
 6. Start up the stack via `make dev`
 7. After making changes in `@immich/ui`, rebuild it (`pnpm run build`)

--- a/docs/docs/features/duplicates-utility.md
+++ b/docs/docs/features/duplicates-utility.md
@@ -1,28 +0,0 @@
-# Duplicates Utility
-
-Immich comes with a duplicates utility to help you detect assets that look visually similar. The duplicate detection feature relies on machine learning and is enabled by default. For more information about when the duplicate detection job runs, see [Jobs and Workers](/administration/jobs-workers). Once an asset has been processed and added to a duplicate group, it becomes available to review in the "Review duplicates" utility, which can be found [here](https://my.immich.app/utilities/duplicates).
-
-## Reviewing duplicates
-
-The review duplicates page allows the user to individually select which assets should be kept and which ones should be trashed. When more than one asset is kept, there is an option to automatically put the kept assets into a stack.
-
-### Automatic preselection
-
-When using "Deduplicate All" or viewing suggestions, Immich automatically preselects which assets to keep based on:
-
-1. **Image size in bytes** — larger files are preferred as they typically have higher quality.
-2. **Count of EXIF data** — assets with more metadata are preferred.
-
-### Synchronizing metadata
-
-When resolving duplicates, metadata from trashed assets is automatically synchronized to the kept assets. The following metadata is synchronized:
-
-| Name        | Description                                                                                                                     |
-| ----------- | ------------------------------------------------------------------------------------------------------------------------------- |
-| Album       | The kept assets will be added to _every_ album that the other assets in the group belong to.                                    |
-| Favorite    | If any of the assets in the group have been added to favorites, every kept asset will also be added to favorites.               |
-| Rating      | If one or more assets in the duplicate group have a rating, the highest rating is selected and synchronized to the kept assets. |
-| Description | Descriptions from each asset are combined together and synchronized to all the kept assets.                                     |
-| Visibility  | The most restrictive visibility is applied to the kept assets.                                                                  |
-| Location    | Latitude and longitude are copied if all assets with geolocation data in the group share the same coordinates.                  |
-| Tag         | Tags from all assets in the group are merged and applied to every kept asset.                                                   |
--- a/docs/docs/features/searching.md
+++ b/docs/docs/features/searching.md
@@ -26,7 +26,7 @@ You can search the following types of content:
 | Time frame                          | Start and end date of a specific time bucket          |
 | Media type                          | Image or video or both                                |
 | Display options                     | In Archive, in Favorites or Not in any album          |
-| Star rating                         | User-assigned star rating                             |
+| Start rating                        | User-assigned start rating                            |

 <img src={require('./img/advanced-search-filters.webp').default} width="70%" title='Advanced search filters' />

--- a/docs/docs/features/supported-formats.md
+++ b/docs/docs/features/supported-formats.md
@@ -18,7 +18,6 @@ For the full list, refer to the [Immich source code](https://github.com/immich-a
 | `JPEG 2000` | `.jp2`                        | :white_check_mark: |                 |
 | `JPEG`      | `.jpeg` `.jpg` `.jpe` `.insp` | :white_check_mark: |                 |
 | `JPEG XL`   | `.jxl`                        | :white_check_mark: |                 |
-| `MPO`       | `.mpo`                        | :white_check_mark: | Multi-Picture   |
 | `PNG`       | `.png`                        | :white_check_mark: |                 |
 | `PSD`       | `.psd`                        | :white_check_mark: | Adobe Photoshop |
 | `RAW`       | `.raw`                        | :white_check_mark: |                 |
@@ -29,17 +28,17 @@ For the full list, refer to the [Immich source code](https://github.com/immich-a

 ## Video formats

-| Format      | Extension(s)                |     Supported?     | Notes |
-| :---------- | :-------------------------- | :----------------: | :---- |
-| `3GPP`      | `.3gp` `.3gpp`              | :white_check_mark: |       |
-| `AVI`       | `.avi`                      | :white_check_mark: |       |
-| `FLV`       | `.flv`                      | :white_check_mark: |       |
-| `M4V`       | `.m4v`                      | :white_check_mark: |       |
-| `MATROSKA`  | `.mkv`                      | :white_check_mark: |       |
-| `MP2T`      | `.mts` `.m2ts` `.m2t` `.ts` | :white_check_mark: |       |
-| `MP4`       | `.mp4` `.insv`              | :white_check_mark: |       |
-| `MPEG`      | `.mpg` `.mpe` `.mpeg`       | :white_check_mark: |       |
-| `MXF`       | `.mxf`                      | :white_check_mark: |       |
-| `QUICKTIME` | `.mov`                      | :white_check_mark: |       |
-| `WEBM`      | `.webm`                     | :white_check_mark: |       |
-| `WMV`       | `.wmv`                      | :white_check_mark: |       |
+| Format      | Extension(s)          |     Supported?     | Notes |
+| :---------- | :-------------------- | :----------------: | :---- |
+| `3GPP`      | `.3gp` `.3gpp`        | :white_check_mark: |       |
+| `AVI`       | `.avi`                | :white_check_mark: |       |
+| `FLV`       | `.flv`                | :white_check_mark: |       |
+| `M4V`       | `.m4v`                | :white_check_mark: |       |
+| `MATROSKA`  | `.mkv`                | :white_check_mark: |       |
+| `MP2T`      | `.mts` `.m2ts` `.m2t` | :white_check_mark: |       |
+| `MP4`       | `.mp4` `.insv`        | :white_check_mark: |       |
+| `MPEG`      | `.mpg` `.mpe` `.mpeg` | :white_check_mark: |       |
+| `MXF`       | `.mxf`                | :white_check_mark: |       |
+| `QUICKTIME` | `.mov`                | :white_check_mark: |       |
+| `WEBM`      | `.webm`               | :white_check_mark: |       |
+| `WMV`       | `.wmv`                | :white_check_mark: |       |
--- a/docs/docs/guides/custom-map-styles.md
+++ b/docs/docs/guides/custom-map-styles.md
@@ -3,8 +3,8 @@
 You may decide that you'd like to modify the style document which is used to
 draw the maps in Immich. In addition to visual customization, this also allows
 you to pick your own map tile provider instead of the default one. The default
-`style.json` for [light theme](https://tiles.immich.cloud/v1/style/light.json)
-and [dark theme](https://tiles.immich.cloud/v1/style/dark.json)
+`style.json` for [light theme](https://github.com/immich-app/immich/tree/main/server/resources/style-light.json)
+and [dark theme](https://github.com/immich-app/immich/blob/main/server/resources/style-dark.json)
 can be used as a basis for creating your own style.

 There are several sources for already-made `style.json` map themes, as well as
--- a/docs/docs/guides/python-file-upload.md
+++ b/docs/docs/guides/python-file-upload.md
@@ -20,6 +20,8 @@ def upload(file):
    }

    data = {
+        'deviceAssetId': f'{file}-{stats.st_mtime}',
+        'deviceId': 'python',
        'fileCreatedAt': datetime.fromtimestamp(stats.st_mtime),
        'fileModifiedAt': datetime.fromtimestamp(stats.st_mtime),
        'isFavorite': 'false',
--- a/docs/docs/install/config-file.md
+++ b/docs/docs/install/config-file.md
@@ -193,7 +193,6 @@ The default configuration looks like this:
    "defaultStorageQuota": null,
    "enabled": false,
    "issuerUrl": "",
-    "endSessionEndpoint": "",
    "mobileOverrideEnabled": false,
    "mobileRedirectUri": "",
    "profileSigningAlgorithm": "none",
--- a/docs/docs/install/environment-variables.md
+++ b/docs/docs/install/environment-variables.md
@@ -29,23 +29,22 @@ These environment variables are used by the `docker-compose.yml` file and do **N

 ## General

-| Variable                            | Description                                                                                                                                            |           Default            | Containers               | Workers            |
-| :---------------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------- | :--------------------------: | :----------------------- | :----------------- |
-| `TZ`                                | Timezone                                                                                                                                               |        <sup>\*1</sup>        | server                   | microservices      |
-| `IMMICH_ENV`                        | Environment (production, development)                                                                                                                  |         `production`         | server, machine learning | api, microservices |
-| `IMMICH_LOG_LEVEL`                  | Log level (verbose, debug, log, warn, error)                                                                                                           |            `log`             | server, machine learning | api, microservices |
-| `IMMICH_LOG_FORMAT`                 | Log output format (`console`, `json`)                                                                                                                  |          `console`           | server                   | api, microservices |
-| `IMMICH_MEDIA_LOCATION`             | Media location inside the container ⚠️**You probably shouldn't set this**<sup>\*2</sup>⚠️                                                              |           `/data`            | server                   | api, microservices |
-| `IMMICH_CONFIG_FILE`                | Path to config file                                                                                                                                    |                              | server                   | api, microservices |
-| `IMMICH_HELMET_FILE`                | Path to a json file with [helmet](https://www.npmjs.com/package/helmet) options. Set to `false` to disable. Set to `true` to use `server/helmet.json`. |           `false`            | server                   | api                |
-| `NO_COLOR`                          | Set to `true` to disable color-coded log output                                                                                                        |           `false`            | server, machine learning |                    |
-| `CPU_CORES`                         | Number of cores available to the Immich server                                                                                                         | auto-detected CPU core count | server                   |                    |
-| `IMMICH_API_METRICS_PORT`           | Port for the OTEL metrics                                                                                                                              |            `8081`            | server                   | api                |
-| `IMMICH_MICROSERVICES_METRICS_PORT` | Port for the OTEL metrics                                                                                                                              |            `8082`            | server                   | microservices      |
-| `IMMICH_PROCESS_INVALID_IMAGES`     | When `true`, generate thumbnails for invalid images                                                                                                    |                              | server                   | microservices      |
-| `IMMICH_TRUSTED_PROXIES`            | List of comma-separated IPs set as trusted proxies                                                                                                     |                              | server                   | api                |
-| `IMMICH_IGNORE_MOUNT_CHECK_ERRORS`  | See [System Integrity](/administration/system-integrity)                                                                                               |                              | server                   | api, microservices |
-| `IMMICH_ALLOW_SETUP`                | When `false` disables the `/auth/admin-sign-up` endpoint                                                                                               |            `true`            | server                   | api                |
+| Variable                            | Description                                                                               |           Default            | Containers               | Workers            |
+| :---------------------------------- | :---------------------------------------------------------------------------------------- | :--------------------------: | :----------------------- | :----------------- |
+| `TZ`                                | Timezone                                                                                  |        <sup>\*1</sup>        | server                   | microservices      |
+| `IMMICH_ENV`                        | Environment (production, development)                                                     |         `production`         | server, machine learning | api, microservices |
+| `IMMICH_LOG_LEVEL`                  | Log level (verbose, debug, log, warn, error)                                              |            `log`             | server, machine learning | api, microservices |
+| `IMMICH_LOG_FORMAT`                 | Log output format (`console`, `json`)                                                     |          `console`           | server                   | api, microservices |
+| `IMMICH_MEDIA_LOCATION`             | Media location inside the container ⚠️**You probably shouldn't set this**<sup>\*2</sup>⚠️ |           `/data`            | server                   | api, microservices |
+| `IMMICH_CONFIG_FILE`                | Path to config file                                                                       |                              | server                   | api, microservices |
+| `NO_COLOR`                          | Set to `true` to disable color-coded log output                                           |           `false`            | server, machine learning |                    |
+| `CPU_CORES`                         | Number of cores available to the Immich server                                            | auto-detected CPU core count | server                   |                    |
+| `IMMICH_API_METRICS_PORT`           | Port for the OTEL metrics                                                                 |            `8081`            | server                   | api                |
+| `IMMICH_MICROSERVICES_METRICS_PORT` | Port for the OTEL metrics                                                                 |            `8082`            | server                   | microservices      |
+| `IMMICH_PROCESS_INVALID_IMAGES`     | When `true`, generate thumbnails for invalid images                                       |                              | server                   | microservices      |
+| `IMMICH_TRUSTED_PROXIES`            | List of comma-separated IPs set as trusted proxies                                        |                              | server                   | api                |
+| `IMMICH_IGNORE_MOUNT_CHECK_ERRORS`  | See [System Integrity](/administration/system-integrity)                                  |                              | server                   | api, microservices |
+| `IMMICH_ALLOW_SETUP`                | When `false` disables the `/auth/admin-sign-up` endpoint                                  |            `true`            | server                   | api                |

 \*1: `TZ` should be set to a `TZ identifier` from [this list][tz-list]. For example, `TZ="Etc/UTC"`.
 `TZ` is used by `exiftool` as a fallback in case the timezone cannot be determined from the image metadata. It is also used for logfile timestamps and cron job execution.
--- a/docs/docs/install/requirements.md
+++ b/docs/docs/install/requirements.md
@@ -8,7 +8,7 @@ Hardware and software requirements for Immich:

 ## Hardware

- **OS**: Recommended Linux or \*nix 64-bit operating system (Ubuntu, Debian, etc).
+- **OS**: Recommended Linux or \*nix operating system (Ubuntu, Debian, etc).
  - Non-Linux OSes tend to provide a poor Docker experience and are strongly discouraged.
    Our ability to assist with setup or troubleshooting on non-Linux OSes will be severely reduced.
    If you still want to try to use a non-Linux OS, you can set it up as follows:
@@ -19,10 +19,6 @@ Hardware and software requirements for Immich:
    If you have issues, we recommend that you switch to a supported VM deployment.
 - **RAM**: Minimum 6GB, recommended 8GB.
 - **CPU**: Minimum 2 cores, recommended 4 cores.
-  - Immich runs on the `amd64` and `arm64` platforms.
-    Since `v2.6`, the machine learning container on `amd64` requires the `>= x86-64-v2` [microarchitecture level](https://en.wikipedia.org/wiki/X86-64#Microarchitecture_levels).
-    Most CPUs released since ~2012 support this microarchitecture.
-    If you are using a virtual machine, ensure you have selected a [supported microarchitecture](https://pve.proxmox.com/pve-docs/chapter-qm.html#_qemu_cpu_types).
 - **Storage**: Recommended Unix-compatible filesystem (EXT4, ZFS, APFS, etc.) with support for user/group ownership and permissions.
  - The generation of thumbnails and transcoded video can increase the size of the photo library by 10-20% on average.

@@ -49,7 +45,7 @@ Immich requires [**Docker**](https://docs.docker.com/get-started/get-docker/) wi
 The Compose plugin will be installed by both Docker Engine and Desktop by following the linked installation guides; it can also be [separately installed](https://docs.docker.com/compose/install/).

 :::note
-Immich requires the command `docker compose`; the similarly named `docker-compose` is [deprecated](https://docs.docker.com/retired/#docker-compose-v1-replaced-by-compose-v2) and is no longer supported by Immich.
+Immich requires the command `docker compose`; the similarly named `docker-compose` is [deprecated](https://docs.docker.com/compose/migrate/) and is no longer supported by Immich.
 :::

 ### Special requirements for Windows users
--- a/docs/docs/partials/_storage-template.md
+++ b/docs/docs/partials/_storage-template.md
@@ -6,8 +6,6 @@ You can read more about the differences between storage template engine on and o

 The admin user can set the template by using the template builder in the `Administration -> Settings -> Storage Template`. Immich provides a set of variables that you can use in constructing the template, along with additional custom text. If the template produces [multiple files with the same filename, they won't be overwritten](https://github.com/immich-app/immich/discussions/3324) as a sequence number is appended to the filename.

-Date and time variables in storage templates are rendered in the server's local timezone.
-
 ```bash title="Default template"
 Year/Year-Month-Day/Filename.Extension
 ```
--- a/docs/package.json
+++ b/docs/package.json
@@ -17,10 +17,10 @@
    "write-heading-ids": "docusaurus write-heading-ids"
  },
  "dependencies": {
-    "@docusaurus/core": "~3.10.0",
-    "@docusaurus/preset-classic": "~3.10.0",
-    "@docusaurus/theme-common": "~3.10.0",
-    "@docusaurus/theme-mermaid": "~3.10.0",
+    "@docusaurus/core": "~3.9.0",
+    "@docusaurus/preset-classic": "~3.9.0",
+    "@docusaurus/theme-common": "~3.9.0",
+    "@docusaurus/theme-mermaid": "~3.9.0",
    "@mdi/js": "^7.3.67",
    "@mdi/react": "^1.6.1",
    "@mdx-js/react": "^3.0.0",
@@ -30,17 +30,17 @@
    "postcss": "^8.4.25",
    "prism-react-renderer": "^2.3.1",
    "raw-loader": "^4.0.2",
-    "react": "^19.0.0",
-    "react-dom": "^19.0.0",
+    "react": "^18.0.0",
+    "react-dom": "^18.0.0",
    "tailwindcss": "^3.2.4",
    "url": "^0.11.0"
  },
  "devDependencies": {
-    "@docusaurus/module-type-aliases": "~3.10.0",
-    "@docusaurus/tsconfig": "^3.10.0",
-    "@docusaurus/types": "^3.10.0",
+    "@docusaurus/module-type-aliases": "~3.9.0",
+    "@docusaurus/tsconfig": "^3.7.0",
+    "@docusaurus/types": "^3.7.0",
    "prettier": "^3.7.4",
-    "typescript": "^6.0.0"
+    "typescript": "^5.1.6"
  },
  "browserslist": {
    "production": [
@@ -58,6 +58,6 @@
    "node": ">=20"
  },
  "volta": {
-    "node": "24.15.0"
+    "node": "24.13.1"
  }
 }
--- a/docs/static/archived-versions.json
+++ b/docs/static/archived-versions.json
@@ -1,11 +1,7 @@
 [
  {
-    "label": "v2.7.5",
-    "url": "https://docs.v2.7.5.archive.immich.app"
-  },
-  {
-    "label": "v2.6.3",
-    "url": "https://docs.v2.6.3.archive.immich.app"
+    "label": "v2.6.0",
+    "url": "https://docs.v2.6.0.archive.immich.app"
  },
  {
    "label": "v2.5.6",
--- a/docs/tsconfig.json
+++ b/docs/tsconfig.json
@@ -1,4 +1,8 @@
 {
  // This file is not used in compilation. It is here just for a nice editor experience.
-  "extends": "@docusaurus/tsconfig"
+  "extends": "@docusaurus/tsconfig",
+
+  "compilerOptions": {
+    "baseUrl": "."
+  }
 }
--- a/e2e-auth-server/auth-server.ts
+++ b/e2e-auth-server/auth-server.ts
@@ -1,12 +1,5 @@
-import {
-  calculateJwkThumbprint,
-  exportJWK,
-  importPKCS8,
-  importSPKI,
-  SignJWT,
-} from 'jose';
+import { exportJWK, generateKeyPair } from 'jose';
 import Provider from 'oidc-provider';
-import { PRIVATE_KEY_PEM, PUBLIC_KEY_PEM } from './test-keys';

 export enum OAuthClient {
  DEFAULT = 'client-default',
@@ -51,29 +44,6 @@ const claims = [
  },
 ];

-const privateKey = await importPKCS8(PRIVATE_KEY_PEM, 'RS256', {
-  extractable: true,
-});
-const publicKey = await importSPKI(PUBLIC_KEY_PEM, 'RS256', {
-  extractable: true,
-});
-const kid = await calculateJwkThumbprint(await exportJWK(publicKey));
-
-export async function generateLogoutToken(iss: string, sub: string) {
-  return await new SignJWT({
-    iss: iss,
-    aud: OAuthClient.DEFAULT,
-    iat: Math.floor(Date.now() / 1000),
-    jti: crypto.randomUUID(),
-    sub: sub,
-    events: {
-      'http://schemas.openid.net/event/backchannel-logout': {},
-    },
-  })
-    .setProtectedHeader({ alg: 'RS256', typ: 'logout+jwt', kid: kid })
-    .sign(privateKey);
-}
-
 const withDefaultClaims = (sub: string) => ({
  sub,
  email: `${sub}@immich.app`,
@@ -96,6 +66,8 @@ const getClaims = (sub: string, use?: string) => {
 };

 const setup = async () => {
+  const { privateKey, publicKey } = await generateKeyPair('RS256');
+
  const redirectUris = [
    'http://127.0.0.1:2285/auth/login',
    'https://photos.immich.app/oauth/mobile-redirect',
--- a/e2e-auth-server/package.json
+++ b/e2e-auth-server/package.json
@@ -7,7 +7,7 @@
    "start": "tsx startup.ts"
  },
  "devDependencies": {
-    "jose": "^6.0.0",
+    "jose": "^5.6.3",
    "@types/oidc-provider": "^9.0.0",
    "oidc-provider": "^9.0.0",
    "tsx": "^4.20.6"
--- a/e2e-auth-server/test-keys.ts
+++ b/e2e-auth-server/test-keys.ts
@@ -1,38 +0,0 @@
-export const PRIVATE_KEY_PEM = `-----BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCVj5C7hzN3E2HO
-TcJ+DN/e2NSTQFj4rPylz4J8xjm8Es7l0k2kK5EEGvUNVGZbw7s055c+6kwP9eqg
-B5XFE7+26Fcq1sou6Tbm310kU4dnMW5l2CgwrhaGyb1pNysao0AMLT60dFYqtUwn
-ha9ceCsa+ZU1JrknVf3rONtppBvhWoI7CO9XX1keVQ0unHPzCWUjpXTzC8OGEbmB
-2w7ZIUf8OfJkd5RZ4OtIpML71W9n13aDxT50x2/EW/pFLFtQ/oaleOKHpvlRXDRX
-W86G4moUJym3gHMXMUj2aOcFG2UJnpLruKz3i5qZwYiTRlBP6O9EIQNCVtYxchuN
-V1CCcBU1AgMBAAECggEAJLfXMu8Nx89ynPVyyUMMaFfoEpHC9iR0L5obQVpiPMYK
-VRqVVLecdftPS9s7eQ58BNBRzdC0ZVu841aRYs3HLNbsZZhPkYZQpAxU//Dg5okY
-fzj7Hv5yidt4HN9+Pd8z/3lRMnj4WapifLaBt8xJ2ujJBMBRxzJBsXDnT0+Kx7+y
-bYDeuVfyUTEikaK3QZTbuRF3D3eiuN16GG+hv8UqTF2eYbPxdiLjYpTSHa4mH88C
-qfJz2Xt4SEzmyeo3G+MO17wDFOwtEe8ojlJfULHnHJSFdUwTfYIFM1bg5/fJ9MOS
-/fO3TSG+wkQqjQa6eoGssAzP87fL2XNLzlDtGY/7uQKBgQDHuJHOtf1EjOvNYiP7
-EN+8QGs41ghzt9CQRQxWbHpusR3IW3P83KMXwYmrlG70oOUXBRGSB/ESXUofXc5W
-pu5+Y55S44aUnu/a9yOBttYW0dtHZSL0zFT+PlVASwUzFZ2zcH1KXlUkSpfL5OAD
-PyDDTnBZ2AWh45fRO9wLo6PPuQKBgQC/tI03RqU3mOjqukKbquYeIpXHfRU5Z0DM
-u9ru1THYEl6fmkMXycxo/mvW3awyFuyKy/VodqIgKnFgumEqCHZh6OAMm/LC7TfA
-l9tjFSs/MyOqQVD4kbX+z6Oq4c4GccDoXfsQ3gzECoBapegi/F+6/25y+/C8ghXb
-J/Jg1GQXXQKBgQDFgWbfzuVZZyrBfu4qGLPJDMN7/114YizknwPma3xf/tN/EcGQ
-K/k1QvWMMkvPq1UiAKcxjJ0AFjV482FcG9T6NDWbrtmmG88C8Sex3Ue2ZW2+GuwI
-vhDHJIlV/Vp0/Elp7DJa2xLDwuh+gCZvz3vs6KL+ljxrrhCyn8mp0PfsMQKBgFFZ
-KnuETOO0zVGdzFoGQTQUdP58A5+iQwsdxB+I9Ge+E80iRso3ZbhADj7VPhbbR3D2
-b6LuhImluQrUzBpsEOAnU7vGCVPSGdBuIDiBaSKebsn2gYeZPWNtdQQ0YZq2dqek
-Cb/0mfIuipzsvf7qnSza62F7q4IyqVegMegI+Jg5AoGATM3NMy7JZeKzSkm+3ohU
-3xZOwgqKV9SH+0OeYWpuBxT7D7FlrKKI4NJ3XN3hg2f/DJAF6dH11CPe7pk94yol
-HMbh+PQUQ6GYvAzxIOvagWboQ3lzeyubNMpyFjfOrIE/WOQCUBZ9tIwCHIarIuyi
-QRuNOj3+U8T/n1Ww352HBdw=
-----END PRIVATE KEY-----`;
-
-export const PUBLIC_KEY_PEM = `-----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlY+Qu4czdxNhzk3Cfgzf
-3tjUk0BY+Kz8pc+CfMY5vBLO5dJNpCuRBBr1DVRmW8O7NOeXPupMD/XqoAeVxRO/
-tuhXKtbKLuk25t9dJFOHZzFuZdgoMK4Whsm9aTcrGqNADC0+tHRWKrVMJ4WvXHgr
-GvmVNSa5J1X96zjbaaQb4VqCOwjvV19ZHlUNLpxz8wllI6V08wvDhhG5gdsO2SFH
-/DnyZHeUWeDrSKTC+9VvZ9d2g8U+dMdvxFv6RSxbUP6GpXjih6b5UVw0V1vOhuJq
-FCcpt4BzFzFI9mjnBRtlCZ6S67is94uamcGIk0ZQT+jvRCEDQlbWMXIbjVdQgnAV
-NQIDAQAB
-----END PUBLIC KEY-----`;
--- a/e2e/.nvmrc
+++ b/e2e/.nvmrc
@@ -1 +1 @@
-24.15.0
+24.13.1
--- a/e2e/docker-compose.yml
+++ b/e2e/docker-compose.yml
@@ -44,7 +44,7 @@ services:

  redis:
    container_name: immich-e2e-redis
-    image: docker.io/valkey/valkey:9@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9
+    image: docker.io/valkey/valkey:9@sha256:3eeb09785cd61ec8e3be35f8804c8892080f3ca21934d628abc24ee4ed1698f6
    healthcheck:
      test: redis-cli ping || exit 1

--- a/e2e/package.json
+++ b/e2e/package.json
@@ -1,6 +1,6 @@
 {
  "name": "immich-e2e",
-  "version": "2.7.5",
+  "version": "2.6.0",
  "description": "",
  "main": "index.js",
  "type": "module",
@@ -32,15 +32,15 @@
    "@playwright/test": "^1.44.1",
    "@socket.io/component-emitter": "^3.1.2",
    "@types/luxon": "^3.4.2",
-    "@types/node": "^24.12.2",
+    "@types/node": "^24.11.0",
    "@types/pg": "^8.15.1",
    "@types/pngjs": "^6.0.4",
-    "@types/supertest": "^7.0.0",
+    "@types/supertest": "^6.0.2",
    "dotenv": "^17.2.3",
    "eslint": "^10.0.0",
    "eslint-config-prettier": "^10.1.8",
    "eslint-plugin-prettier": "^5.1.3",
-    "eslint-plugin-unicorn": "^64.0.0",
+    "eslint-plugin-unicorn": "^63.0.0",
    "exiftool-vendored": "^35.0.0",
    "globals": "^17.0.0",
    "luxon": "^3.4.4",
@@ -51,13 +51,13 @@
    "sharp": "^0.34.5",
    "socket.io-client": "^4.7.4",
    "supertest": "^7.0.0",
-    "typescript": "^6.0.0",
+    "typescript": "^5.3.3",
    "typescript-eslint": "^8.28.0",
    "utimes": "^5.2.1",
    "vite-tsconfig-paths": "^6.1.1",
    "vitest": "^4.0.0"
  },
  "volta": {
-    "node": "24.15.0"
+    "node": "24.13.1"
  }
 }
--- a/e2e/src/api/specs/duplicate.e2e-spec.ts
+++ b/e2e/src/api/specs/duplicate.e2e-spec.ts
@@ -1,651 +0,0 @@
-import { LoginResponseDto } from '@immich/sdk';
-import { createUserDto, uuidDto } from 'src/fixtures';
-import { errorDto } from 'src/responses';
-import { app, utils } from 'src/utils';
-import request from 'supertest';
-import { beforeAll, beforeEach, describe, expect, it } from 'vitest';
-
-describe('/duplicates', () => {
-  let admin: LoginResponseDto;
-  let user1: LoginResponseDto;
-  let user2: LoginResponseDto;
-
-  beforeAll(async () => {
-    await utils.resetDatabase();
-
-    admin = await utils.adminSetup();
-
-    [user1, user2] = await Promise.all([
-      utils.userSetup(admin.accessToken, createUserDto.user1),
-      utils.userSetup(admin.accessToken, createUserDto.user2),
-    ]);
-  });
-
-  beforeEach(async () => {
-    // Reset assets, albums, tags, and stacks between tests to ensure clean state for repeated test runs
-    // Note: We don't reset users since they're set up once in beforeAll
-    // Stack must be reset before asset due to foreign key constraint
-    await utils.resetDatabase(['stack', 'asset', 'album', 'tag']);
-  });
-
-  describe('GET /duplicates', () => {
-    it('should return empty array when no duplicates', async () => {
-      const { status, body } = await request(app)
-        .get('/duplicates')
-        .set('Authorization', `Bearer ${user1.accessToken}`);
-
-      expect(status).toBe(200);
-      expect(body).toEqual([]);
-    });
-
-    it('should return duplicate groups with suggestedKeepAssetIds', async () => {
-      // Create assets with different file sizes for duplicate detection
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      // Manually set duplicateId on both assets to create a duplicate group
-      const duplicateId = '00000000-0000-4000-8000-000000000001';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      const { status, body } = await request(app)
-        .get('/duplicates')
-        .set('Authorization', `Bearer ${user1.accessToken}`);
-
-      expect(status).toBe(200);
-      expect(body).toEqual([
-        {
-          duplicateId,
-          assets: expect.arrayContaining([
-            expect.objectContaining({ id: asset1.id }),
-            expect.objectContaining({ id: asset2.id }),
-          ]),
-          suggestedKeepAssetIds: expect.any(Array),
-        },
-      ]);
-      expect(body[0].suggestedKeepAssetIds.length).toBe(1);
-    });
-  });
-
-  describe('POST /duplicates/resolve', () => {
-    it('should require authentication', async () => {
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .send({
-          groups: [{ duplicateId: uuidDto.dummy, keepAssetIds: [], trashAssetIds: [] }],
-        });
-
-      expect(status).toBe(401);
-      expect(body).toEqual(errorDto.unauthorized);
-    });
-
-    it('should return failure for non-existent duplicate group', async () => {
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId: uuidDto.dummy, keepAssetIds: [], trashAssetIds: [] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body).toEqual({
-        status: 'COMPLETED',
-        results: [
-          {
-            duplicateId: uuidDto.dummy,
-            status: 'FAILED',
-            reason: expect.stringContaining('not found or access denied'),
-          },
-        ],
-      });
-    });
-
-    it('should resolve duplicate group with keepers', async () => {
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      const duplicateId = '00000000-0000-4000-8000-000000000002';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [asset1.id], trashAssetIds: [asset2.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body).toEqual({
-        status: 'COMPLETED',
-        results: [
-          {
-            duplicateId,
-            status: 'SUCCESS',
-          },
-        ],
-      });
-
-      // Verify side effects: duplicateId cleared on kept asset
-      const keptAsset = await utils.getAssetInfo(user1.accessToken, asset1.id);
-      expect(keptAsset.duplicateId).toBeNull();
-
-      // Verify side effects: trashed asset is trashed and duplicateId cleared
-      const trashedAsset = await utils.getAssetInfo(user1.accessToken, asset2.id);
-      expect(trashedAsset.isTrashed).toBe(true);
-      expect(trashedAsset.duplicateId).toBeNull();
-    });
-
-    it('should reject when keepAssetIds and trashAssetIds overlap', async () => {
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      const duplicateId = '00000000-0000-4000-8000-000000000003';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [asset1.id], trashAssetIds: [asset1.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body.results[0].status).toBe('FAILED');
-      expect(body.results[0].reason).toContain('disjoint');
-    });
-
-    it('should require keepAssetIds when partially trashing', async () => {
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      const duplicateId = '00000000-0000-4000-8000-000000000004';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [], trashAssetIds: [asset1.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body.results[0].status).toBe('FAILED');
-      expect(body.results[0].reason).toContain('must cover all assets');
-    });
-
-    it('should reject partial resolution (not all assets covered)', async () => {
-      const [asset1, asset2, asset3] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      const duplicateId = '00000000-0000-4000-8000-000000000010';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset3.id, duplicateId);
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [asset1.id], trashAssetIds: [asset2.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body.results[0].status).toBe('FAILED');
-      expect(body.results[0].reason).toContain('must cover all assets');
-    });
-
-    it('should reject asset not in duplicate group', async () => {
-      const [asset1, asset2, outsideAsset] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      const duplicateId = '00000000-0000-4000-8000-000000000011';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [asset1.id], trashAssetIds: [outsideAsset.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body.results[0].status).toBe('FAILED');
-      expect(body.results[0].reason).toContain('not a member of duplicate group');
-    });
-
-    it('should allow trash-all without keepers', async () => {
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      const duplicateId = '00000000-0000-4000-8000-000000000012';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [], trashAssetIds: [asset1.id, asset2.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body).toEqual({
-        status: 'COMPLETED',
-        results: [
-          {
-            duplicateId,
-            status: 'SUCCESS',
-          },
-        ],
-      });
-
-      // Verify both assets are trashed
-      const [asset1Info, asset2Info] = await Promise.all([
-        utils.getAssetInfo(user1.accessToken, asset1.id),
-        utils.getAssetInfo(user1.accessToken, asset2.id),
-      ]);
-
-      expect(asset1Info.isTrashed).toBe(true);
-      expect(asset1Info.duplicateId).toBeNull();
-      expect(asset2Info.isTrashed).toBe(true);
-      expect(asset2Info.duplicateId).toBeNull();
-    });
-
-    it('should reject cross-user duplicate group access', async () => {
-      const asset1 = await utils.createAsset(user1.accessToken);
-      const asset2 = await utils.createAsset(user2.accessToken);
-
-      const duplicateId = '00000000-0000-4000-8000-000000000013';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user2.accessToken, asset2.id, duplicateId);
-
-      // User1 tries to resolve a group containing user2's asset
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [asset1.id], trashAssetIds: [asset2.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body.results[0].status).toBe('FAILED');
-      expect(body.results[0].reason).toContain('not a member of duplicate group');
-    });
-
-    it('should synchronize favorites when enabled', async () => {
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      // Mark one asset as favorite
-      await request(app)
-        .put('/assets')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({ ids: [asset2.id], isFavorite: true });
-
-      const duplicateId = '00000000-0000-4000-8000-000000000020';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [asset1.id], trashAssetIds: [asset2.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body.results[0].status).toBe('SUCCESS');
-
-      // Verify favorite was synchronized to keeper
-      const keptAsset = await utils.getAssetInfo(user1.accessToken, asset1.id);
-      expect(keptAsset.isFavorite).toBe(true);
-      expect(keptAsset.duplicateId).toBeNull();
-    });
-
-    it('should synchronize visibility when enabled', async () => {
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      // Archive one asset
-      await utils.archiveAssets(user1.accessToken, [asset2.id]);
-
-      const duplicateId = '00000000-0000-4000-8000-000000000021';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [asset1.id], trashAssetIds: [asset2.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body.results[0].status).toBe('SUCCESS');
-
-      // Verify visibility was synchronized to keeper
-      const keptAsset = await utils.getAssetInfo(user1.accessToken, asset1.id);
-      expect(keptAsset.visibility).toBe('archive');
-      expect(keptAsset.duplicateId).toBeNull();
-    });
-
-    it('should synchronize rating when enabled', async () => {
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      // Set rating on one asset
-      await request(app)
-        .put('/assets')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({ ids: [asset2.id], rating: 5 });
-
-      const duplicateId = '00000000-0000-4000-8000-000000000022';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [asset1.id], trashAssetIds: [asset2.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body.results[0].status).toBe('SUCCESS');
-
-      // Verify rating was synchronized to keeper
-      const keptAsset = await utils.getAssetInfo(user1.accessToken, asset1.id);
-      expect(keptAsset.exifInfo?.rating).toBe(5);
-      expect(keptAsset.duplicateId).toBeNull();
-    });
-
-    it('should synchronize description when enabled', async () => {
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      // Set description on one asset
-      await request(app)
-        .put('/assets')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({ ids: [asset2.id], description: 'Test description for duplicate' });
-
-      const duplicateId = '00000000-0000-4000-8000-000000000023';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [asset1.id], trashAssetIds: [asset2.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body.results[0].status).toBe('SUCCESS');
-
-      // Verify description was synchronized to keeper
-      const keptAsset = await utils.getAssetInfo(user1.accessToken, asset1.id);
-      expect(keptAsset.exifInfo?.description).toBe('Test description for duplicate');
-      expect(keptAsset.duplicateId).toBeNull();
-    });
-
-    it('should synchronize location when enabled', async () => {
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      // Set location on one asset
-      await request(app)
-        .put('/assets')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({ ids: [asset2.id], latitude: 40.7128, longitude: -74.006 });
-
-      const duplicateId = '00000000-0000-4000-8000-000000000024';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [asset1.id], trashAssetIds: [asset2.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body.results[0].status).toBe('SUCCESS');
-
-      // Verify location was synchronized to keeper
-      const keptAsset = await utils.getAssetInfo(user1.accessToken, asset1.id);
-      expect(keptAsset.exifInfo?.latitude).toBe(40.7128);
-      expect(keptAsset.exifInfo?.longitude).toBe(-74.006);
-      expect(keptAsset.duplicateId).toBeNull();
-    });
-
-    it('should synchronize albums when enabled', async () => {
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      // Create albums and add assets to different albums
-      const album1 = await utils.createAlbum(user1.accessToken, {
-        albumName: 'Album 1',
-        assetIds: [asset1.id],
-      });
-      const album2 = await utils.createAlbum(user1.accessToken, {
-        albumName: 'Album 2',
-        assetIds: [asset2.id],
-      });
-
-      const duplicateId = '00000000-0000-4000-8000-000000000025';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [asset1.id], trashAssetIds: [asset2.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body.results[0].status).toBe('SUCCESS');
-
-      // Verify keeper is now in both albums
-      const keptAsset = await utils.getAssetInfo(user1.accessToken, asset1.id);
-      expect(keptAsset.duplicateId).toBeNull();
-
-      // Check albums directly
-      const { status: album1Status, body: album1Body } = await request(app)
-        .get(`/albums/${album1.id}`)
-        .set('Authorization', `Bearer ${user1.accessToken}`);
-      const { status: album2Status, body: album2Body } = await request(app)
-        .get(`/albums/${album2.id}`)
-        .set('Authorization', `Bearer ${user1.accessToken}`);
-
-      expect(album1Status).toBe(200);
-      expect(album2Status).toBe(200);
-      expect(album1Body.assets.map((a: any) => a.id)).toContain(asset1.id);
-      expect(album2Body.assets.map((a: any) => a.id)).toContain(asset1.id);
-    });
-
-    it('should synchronize tags when enabled', async () => {
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      // Wait for metadata extraction to complete before adding tags
-      // Otherwise, metadata jobs will race and overwrite our tags
-      await utils.waitForQueueFinish(admin.accessToken, 'metadataExtraction');
-
-      // Create tags and tag assets differently
-      const tags = await utils.upsertTags(user1.accessToken, ['tag1', 'tag2']);
-      await utils.tagAssets(user1.accessToken, tags[0].id, [asset1.id]);
-      await utils.tagAssets(user1.accessToken, tags[1].id, [asset2.id]);
-
-      const duplicateId = '00000000-0000-4000-8000-000000000026';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [asset1.id], trashAssetIds: [asset2.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body.results[0].status).toBe('SUCCESS');
-
-      // Verify keeper has both tags
-      const keptAsset = await utils.getAssetInfo(user1.accessToken, asset1.id);
-      expect(keptAsset.duplicateId).toBeNull();
-      expect(keptAsset.tags).toBeDefined();
-      const tagIds = keptAsset.tags?.map((t) => t.id) || [];
-      expect(tagIds).toContain(tags[0].id);
-      expect(tagIds).toContain(tags[1].id);
-    });
-
-    it('should handle batch resolve with mixed success and failure', async () => {
-      // Create first group that will succeed
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-      const duplicateId1 = '00000000-0000-4000-8000-000000000027';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId1);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId1);
-
-      // Create second group with non-existent duplicate ID (will fail)
-      const fakeId = '00000000-0000-4000-8000-000000000099';
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [
-            { duplicateId: duplicateId1, keepAssetIds: [asset1.id], trashAssetIds: [asset2.id] },
-            { duplicateId: fakeId, keepAssetIds: [], trashAssetIds: [] },
-          ],
-        });
-
-      expect(status).toBe(200);
-      expect(body.status).toBe('COMPLETED');
-      expect(body.results).toHaveLength(2);
-
-      // First group should succeed
-      expect(body.results[0].duplicateId).toBe(duplicateId1);
-      expect(body.results[0].status).toBe('SUCCESS');
-
-      // Second group should fail
-      expect(body.results[1].duplicateId).toBe(fakeId);
-      expect(body.results[1].status).toBe('FAILED');
-      expect(body.results[1].reason).toContain('not found or access denied');
-
-      // Verify first group was actually resolved despite second failure
-      const asset1Info = await utils.getAssetInfo(user1.accessToken, asset1.id);
-      expect(asset1Info.duplicateId).toBeNull();
-      const asset2Info = await utils.getAssetInfo(user1.accessToken, asset2.id);
-      expect(asset2Info.isTrashed).toBe(true);
-    });
-
-    it('should trash assets when trash is enabled', async () => {
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      const duplicateId = '00000000-0000-4000-8000-000000000028';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      // Ensure trash is enabled (default)
-      const config = await utils.getSystemConfig(admin.accessToken);
-      expect(config.trash.enabled).toBe(true);
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [asset1.id], trashAssetIds: [asset2.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body.results[0].status).toBe('SUCCESS');
-
-      // Verify asset is trashed (not deleted)
-      const trashedAsset = await utils.getAssetInfo(user1.accessToken, asset2.id);
-      expect(trashedAsset.isTrashed).toBe(true);
-    });
-
-    it('should delete assets when trash is disabled', async () => {
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      const duplicateId = '00000000-0000-4000-8000-000000000029';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      // Disable trash
-      await request(app)
-        .put('/system-config')
-        .set('Authorization', `Bearer ${admin.accessToken}`)
-        .send({
-          trash: { enabled: false, days: 30 },
-        });
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [asset1.id], trashAssetIds: [asset2.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body.results[0].status).toBe('SUCCESS');
-
-      // Asset should be marked as deleted (force delete)
-      const { status: getStatus } = await request(app)
-        .get(`/assets/${asset2.id}`)
-        .set('Authorization', `Bearer ${user1.accessToken}`);
-
-      // Asset should still be accessible (soft deleted) but marked as deleted
-      expect(getStatus).toBe(200);
-
-      // Re-enable trash for other tests
-      await utils.resetAdminConfig(admin.accessToken);
-    });
-  });
-});
--- a/e2e/src/fixtures.ts
+++ b/e2e/src/fixtures.ts
@@ -2,8 +2,6 @@ export const uuidDto = {
  invalid: 'invalid-uuid',
  // valid uuid v4
  notFound: '00000000-0000-4000-a000-000000000000',
-  dummy: '00000000-0000-4000-a000-000000000001',
-  dummy2: '00000000-0000-4000-a000-000000000002',
 };

 const adminLoginDto = {
--- a/e2e/src/specs/maintenance/server/database-backups.e2e-spec.ts
+++ b/e2e/src/specs/maintenance/server/database-backups.e2e-spec.ts
@@ -10,9 +10,7 @@ describe('/admin/database-backups', () => {

  beforeAll(async () => {
    await utils.resetDatabase();
-    admin = await utils.adminSetup({
-      onboarding: false,
-    });
+    admin = await utils.adminSetup();
    await utils.resetBackups(admin.accessToken);
  });

@@ -96,9 +94,7 @@ describe('/admin/database-backups', () => {
        ({ status, body }) => status === 200 && !body.maintenanceMode,
      );

-      admin = await utils.adminSetup({
-        onboarding: false,
-      });
+      admin = await utils.adminSetup();
    });

    it.sequential('should not work when the server is configured', async () => {
--- a/e2e/src/specs/server/api/album.e2e-spec.ts
+++ b/e2e/src/specs/server/api/album.e2e-spec.ts
@@ -130,11 +130,12 @@ describe('/albums', () => {
  describe('GET /albums', () => {
    it("should not show other users' favorites", async () => {
      const { status, body } = await request(app)
-        .get(`/albums/${user1Albums[0].id}`)
+        .get(`/albums/${user1Albums[0].id}?withoutAssets=false`)
        .set('Authorization', `Bearer ${user2.accessToken}`);
      expect(status).toEqual(200);
      expect(body).toEqual({
        ...user1Albums[0],
+        assets: [expect.objectContaining({ isFavorite: false })],
        contributorCounts: [{ userId: user1.userId, assetCount: 1 }],
        lastModifiedAssetTimestamp: expect.any(String),
        startDate: expect.any(String),
@@ -154,31 +155,23 @@ describe('/albums', () => {
      expect(body).toEqual(
        expect.arrayContaining([
          expect.objectContaining({
+            ownerId: user1.userId,
            albumName: user1SharedLink,
-            albumUsers: expect.arrayContaining([
-              { role: AlbumUserRole.Owner, user: expect.objectContaining({ id: user1.userId }) },
-            ]),
            shared: true,
          }),
          expect.objectContaining({
+            ownerId: user1.userId,
            albumName: user1SharedEditorUser,
-            albumUsers: expect.arrayContaining([
-              { role: AlbumUserRole.Owner, user: expect.objectContaining({ id: user1.userId }) },
-            ]),
            shared: true,
          }),
          expect.objectContaining({
+            ownerId: user1.userId,
            albumName: user1SharedViewerUser,
-            albumUsers: expect.arrayContaining([
-              { role: AlbumUserRole.Owner, user: expect.objectContaining({ id: user1.userId }) },
-            ]),
            shared: true,
          }),
          expect.objectContaining({
+            ownerId: user2.userId,
            albumName: user2SharedUser,
-            albumUsers: expect.arrayContaining([
-              { role: AlbumUserRole.Owner, user: expect.objectContaining({ id: user2.userId }) },
-            ]),
            shared: true,
          }),
        ]),
@@ -192,31 +185,23 @@ describe('/albums', () => {
      expect(body).toEqual(
        expect.arrayContaining([
          expect.objectContaining({
+            ownerId: user1.userId,
            albumName: user1SharedEditorUser,
-            albumUsers: expect.arrayContaining([
-              { role: AlbumUserRole.Owner, user: expect.objectContaining({ id: user1.userId }) },
-            ]),
            shared: true,
          }),
          expect.objectContaining({
+            ownerId: user1.userId,
            albumName: user1SharedViewerUser,
-            albumUsers: expect.arrayContaining([
-              { role: AlbumUserRole.Owner, user: expect.objectContaining({ id: user1.userId }) },
-            ]),
            shared: true,
          }),
          expect.objectContaining({
+            ownerId: user1.userId,
            albumName: user1SharedLink,
-            albumUsers: expect.arrayContaining([
-              { role: AlbumUserRole.Owner, user: expect.objectContaining({ id: user1.userId }) },
-            ]),
            shared: true,
          }),
          expect.objectContaining({
+            ownerId: user1.userId,
            albumName: user1NotShared,
-            albumUsers: expect.arrayContaining([
-              { role: AlbumUserRole.Owner, user: expect.objectContaining({ id: user1.userId }) },
-            ]),
            shared: false,
          }),
        ]),
@@ -232,31 +217,23 @@ describe('/albums', () => {
      expect(body).toEqual(
        expect.arrayContaining([
          expect.objectContaining({
+            ownerId: user1.userId,
            albumName: user1SharedEditorUser,
-            albumUsers: expect.arrayContaining([
-              { role: AlbumUserRole.Owner, user: expect.objectContaining({ id: user1.userId }) },
-            ]),
            shared: true,
          }),
          expect.objectContaining({
+            ownerId: user1.userId,
            albumName: user1SharedViewerUser,
-            albumUsers: expect.arrayContaining([
-              { role: AlbumUserRole.Owner, user: expect.objectContaining({ id: user1.userId }) },
-            ]),
            shared: true,
          }),
          expect.objectContaining({
+            ownerId: user1.userId,
            albumName: user1SharedLink,
-            albumUsers: expect.arrayContaining([
-              { role: AlbumUserRole.Owner, user: expect.objectContaining({ id: user1.userId }) },
-            ]),
            shared: true,
          }),
          expect.objectContaining({
+            ownerId: user2.userId,
            albumName: user2SharedUser,
-            albumUsers: expect.arrayContaining([
-              { role: AlbumUserRole.Owner, user: expect.objectContaining({ id: user2.userId }) },
-            ]),
            shared: true,
          }),
        ]),
@@ -272,10 +249,8 @@ describe('/albums', () => {
      expect(body).toEqual(
        expect.arrayContaining([
          expect.objectContaining({
+            ownerId: user1.userId,
            albumName: user1NotShared,
-            albumUsers: expect.arrayContaining([
-              { role: AlbumUserRole.Owner, user: expect.objectContaining({ id: user1.userId }) },
-            ]),
            shared: false,
          }),
        ]),
@@ -312,17 +287,13 @@ describe('/albums', () => {
      expect(body).toEqual(
        expect.arrayContaining([
          expect.objectContaining({
+            ownerId: user4.userId,
            albumName: user4DeletedAsset,
-            albumUsers: expect.arrayContaining([
-              { role: AlbumUserRole.Owner, user: expect.objectContaining({ id: user4.userId }) },
-            ]),
            shared: false,
          }),
          expect.objectContaining({
+            ownerId: user4.userId,
            albumName: user4Empty,
-            albumUsers: expect.arrayContaining([
-              { role: AlbumUserRole.Owner, user: expect.objectContaining({ id: user4.userId }) },
-            ]),
            shared: false,
          }),
        ]),
@@ -333,12 +304,13 @@ describe('/albums', () => {
  describe('GET /albums/:id', () => {
    it('should return album info for own album', async () => {
      const { status, body } = await request(app)
-        .get(`/albums/${user1Albums[0].id}`)
+        .get(`/albums/${user1Albums[0].id}?withoutAssets=false`)
        .set('Authorization', `Bearer ${user1.accessToken}`);

      expect(status).toBe(200);
      expect(body).toEqual({
        ...user1Albums[0],
+        assets: [expect.objectContaining({ id: user1Albums[0].assets[0].id })],
        contributorCounts: [{ userId: user1.userId, assetCount: 1 }],
        lastModifiedAssetTimestamp: expect.any(String),
        startDate: expect.any(String),
@@ -350,7 +322,7 @@ describe('/albums', () => {

    it('should return album info for shared album (editor)', async () => {
      const { status, body } = await request(app)
-        .get(`/albums/${user2Albums[0].id}`)
+        .get(`/albums/${user2Albums[0].id}?withoutAssets=false`)
        .set('Authorization', `Bearer ${user1.accessToken}`);

      expect(status).toBe(200);
@@ -359,14 +331,14 @@ describe('/albums', () => {

    it('should return album info for shared album (viewer)', async () => {
      const { status, body } = await request(app)
-        .get(`/albums/${user1Albums[3].id}`)
+        .get(`/albums/${user1Albums[3].id}?withoutAssets=false`)
        .set('Authorization', `Bearer ${user2.accessToken}`);

      expect(status).toBe(200);
      expect(body).toMatchObject({ id: user1Albums[3].id });
    });

-    it('should return album info', async () => {
+    it('should return album info with assets when withoutAssets is undefined', async () => {
      const { status, body } = await request(app)
        .get(`/albums/${user1Albums[0].id}`)
        .set('Authorization', `Bearer ${user1.accessToken}`);
@@ -374,6 +346,25 @@ describe('/albums', () => {
      expect(status).toBe(200);
      expect(body).toEqual({
        ...user1Albums[0],
+        assets: [expect.objectContaining({ id: user1Albums[0].assets[0].id })],
+        contributorCounts: [{ userId: user1.userId, assetCount: 1 }],
+        lastModifiedAssetTimestamp: expect.any(String),
+        startDate: expect.any(String),
+        endDate: expect.any(String),
+        albumUsers: expect.any(Array),
+        shared: true,
+      });
+    });
+
+    it('should return album info without assets when withoutAssets is true', async () => {
+      const { status, body } = await request(app)
+        .get(`/albums/${user1Albums[0].id}?withoutAssets=true`)
+        .set('Authorization', `Bearer ${user1.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toEqual({
+        ...user1Albums[0],
+        assets: [],
        contributorCounts: [{ userId: user1.userId, assetCount: 1 }],
        assetCount: 1,
        lastModifiedAssetTimestamp: expect.any(String),
@@ -388,21 +379,21 @@ describe('/albums', () => {
      await utils.deleteAssets(user1.accessToken, [user1Asset2.id]);

      const { status, body } = await request(app)
-        .get(`/albums/${user2Albums[0].id}`)
+        .get(`/albums/${user2Albums[0].id}?withoutAssets=true`)
        .set('Authorization', `Bearer ${user1.accessToken}`);

      expect(status).toBe(200);
-      expect(body).toEqual(
-        expect.objectContaining({
-          contributorCounts: [{ userId: user1.userId, assetCount: 1 }],
-          assetCount: 1,
-          lastModifiedAssetTimestamp: expect.any(String),
-          endDate: expect.any(String),
-          startDate: expect.any(String),
-          albumUsers: expect.any(Array),
-          shared: true,
-        }),
-      );
+      expect(body).toEqual({
+        ...user2Albums[0],
+        assets: [],
+        contributorCounts: [{ userId: user1.userId, assetCount: 1 }],
+        assetCount: 1,
+        lastModifiedAssetTimestamp: expect.any(String),
+        endDate: expect.any(String),
+        startDate: expect.any(String),
+        albumUsers: expect.any(Array),
+        shared: true,
+      });
    });
  });

@@ -428,13 +419,16 @@ describe('/albums', () => {
        id: expect.any(String),
        createdAt: expect.any(String),
        updatedAt: expect.any(String),
+        ownerId: user1.userId,
        albumName: 'New album',
        description: '',
        albumThumbnailAssetId: null,
        shared: false,
-        albumUsers: [{ role: AlbumUserRole.Owner, user: expect.objectContaining({ id: user1.userId }) }],
+        albumUsers: [],
        hasSharedLink: false,
+        assets: [],
        assetCount: 0,
+        owner: expect.objectContaining({ email: user1.userEmail }),
        isActivityEnabled: true,
        order: AssetOrder.Desc,
      });
@@ -530,19 +524,14 @@ describe('/albums', () => {
      expect(body).toEqual(errorDto.badRequest('Not found or no album.update access'));
    });

-    it('should be able to update as an editor', async () => {
+    it('should not be able to update as an editor', async () => {
      const { status, body } = await request(app)
        .patch(`/albums/${user1Albums[0].id}`)
        .set('Authorization', `Bearer ${user2.accessToken}`)
        .send({ albumName: 'New album name' });

-      expect(status).toBe(200);
-      expect(body).toEqual(
-        expect.objectContaining({
-          id: user1Albums[0].id,
-          albumName: 'New album name',
-        }),
-      );
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.badRequest('Not found or no album.update access'));
    });
  });

@@ -650,11 +639,11 @@ describe('/albums', () => {
      expect(status).toBe(200);
      expect(body).toEqual(
        expect.objectContaining({
-          albumUsers: expect.arrayContaining([
+          albumUsers: [
            expect.objectContaining({
              user: expect.objectContaining({ id: user2.userId }),
            }),
-          ]),
+          ],
        }),
      );
    });
@@ -666,7 +655,7 @@ describe('/albums', () => {
        .send({ albumUsers: [{ userId: user1.userId, role: AlbumUserRole.Editor }] });

      expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest('User already added'));
+      expect(body).toEqual(errorDto.badRequest('Cannot be shared with owner'));
    });

    it('should not be able to add existing user to shared album', async () => {
@@ -692,7 +681,7 @@ describe('/albums', () => {
        albumUsers: [{ userId: user2.userId, role: AlbumUserRole.Viewer }],
      });

-      expect(album.albumUsers[1].role).toEqual(AlbumUserRole.Viewer);
+      expect(album.albumUsers[0].role).toEqual(AlbumUserRole.Viewer);

      const { status } = await request(app)
        .put(`/albums/${album.id}/user/${user2.userId}`)
@@ -707,10 +696,7 @@ describe('/albums', () => {
        .set('Authorization', `Bearer ${user1.accessToken}`);
      expect(body).toEqual(
        expect.objectContaining({
-          albumUsers: [
-            expect.objectContaining({ role: AlbumUserRole.Owner }),
-            expect.objectContaining({ role: AlbumUserRole.Editor }),
-          ],
+          albumUsers: [expect.objectContaining({ role: AlbumUserRole.Editor })],
        }),
      );
    });
@@ -721,7 +707,7 @@ describe('/albums', () => {
        albumUsers: [{ userId: user2.userId, role: AlbumUserRole.Viewer }],
      });

-      expect(album.albumUsers[1].role).toEqual(AlbumUserRole.Viewer);
+      expect(album.albumUsers[0].role).toEqual(AlbumUserRole.Viewer);

      const { status, body } = await request(app)
        .put(`/albums/${album.id}/user/${user2.userId}`)
--- a/e2e/src/specs/server/api/asset.e2e-spec.ts
+++ b/e2e/src/specs/server/api/asset.e2e-spec.ts
@@ -1,6 +1,7 @@
 import {
  AssetMediaResponseDto,
  AssetMediaStatus,
+  AssetResponseDto,
  AssetTypeEnum,
  AssetVisibility,
  getAssetInfo,
@@ -18,7 +19,7 @@ import { Socket } from 'socket.io-client';
 import { createUserDto, uuidDto } from 'src/fixtures';
 import { makeRandomImage } from 'src/generators';
 import { errorDto } from 'src/responses';
-import { app, asBearerAuth, tempDir, testAssetDir, utils } from 'src/utils';
+import { app, asBearerAuth, tempDir, TEN_TIMES, testAssetDir, utils } from 'src/utils';
 import request from 'supertest';
 import { afterAll, beforeAll, describe, expect, it } from 'vitest';

@@ -94,8 +95,8 @@ describe('/asset', () => {
      utils.createAsset(user1.accessToken),
      utils.createAsset(user1.accessToken, {
        isFavorite: true,
-        fileCreatedAt: yesterday.toUTC().toISO(),
-        fileModifiedAt: yesterday.toUTC().toISO(),
+        fileCreatedAt: yesterday.toISO(),
+        fileModifiedAt: yesterday.toISO(),
        assetData: { filename: 'example.mp4' },
      }),
      utils.createAsset(user1.accessToken),
@@ -379,12 +380,62 @@ describe('/asset', () => {
    });
  });

+  describe('GET /assets/random', () => {
+    beforeAll(async () => {
+      await Promise.all([
+        utils.createAsset(user1.accessToken),
+        utils.createAsset(user1.accessToken),
+        utils.createAsset(user1.accessToken),
+        utils.createAsset(user1.accessToken),
+        utils.createAsset(user1.accessToken),
+        utils.createAsset(user1.accessToken),
+      ]);
+
+      await utils.waitForQueueFinish(admin.accessToken, 'thumbnailGeneration');
+    });
+
+    it.each(TEN_TIMES)('should return 1 random assets', async () => {
+      const { status, body } = await request(app)
+        .get('/assets/random')
+        .set('Authorization', `Bearer ${user1.accessToken}`);
+
+      expect(status).toBe(200);
+
+      const assets: AssetResponseDto[] = body;
+      expect(assets.length).toBe(1);
+      expect(assets[0].ownerId).toBe(user1.userId);
+    });
+
+    it.each(TEN_TIMES)('should return 2 random assets', async () => {
+      const { status, body } = await request(app)
+        .get('/assets/random?count=2')
+        .set('Authorization', `Bearer ${user1.accessToken}`);
+
+      expect(status).toBe(200);
+
+      const assets: AssetResponseDto[] = body;
+      expect(assets.length).toBe(2);
+
+      for (const asset of assets) {
+        expect(asset.ownerId).toBe(user1.userId);
+      }
+    });
+
+    it.skip('should return 1 asset if there are 10 assets in the database but user 2 only has 1', async () => {
+      const { status, body } = await request(app)
+        .get('/assets/random')
+        .set('Authorization', `Bearer ${user2.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toEqual([expect.objectContaining({ id: user2Assets[0].id })]);
+    });
+  });
+
  describe('PUT /assets/:id', () => {
    it('should require access', async () => {
      const { status, body } = await request(app)
        .put(`/assets/${user2Assets[0].id}`)
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({});
+        .set('Authorization', `Bearer ${user1.accessToken}`);
      expect(status).toBe(400);
      expect(body).toEqual(errorDto.noPermission);
    });
@@ -1091,6 +1142,8 @@ describe('/asset', () => {
      const { body, status } = await request(app)
        .post('/assets')
        .set('Authorization', `Bearer ${quotaUser.accessToken}`)
+        .field('deviceAssetId', 'example-image')
+        .field('deviceId', 'e2e')
        .field('fileCreatedAt', new Date().toISOString())
        .field('fileModifiedAt', new Date().toISOString())
        .attach('assetData', makeRandomImage(), 'example.jpg');
@@ -1107,6 +1160,8 @@ describe('/asset', () => {
      const { body, status } = await request(app)
        .post('/assets')
        .set('Authorization', `Bearer ${quotaUser.accessToken}`)
+        .field('deviceAssetId', 'example-image')
+        .field('deviceId', 'e2e')
        .field('fileCreatedAt', new Date().toISOString())
        .field('fileModifiedAt', new Date().toISOString())
        .attach('assetData', randomBytes(2014), 'example.jpg');
@@ -1160,4 +1215,29 @@ describe('/asset', () => {
      expect(video.checksum).toStrictEqual(checksum);
    });
  });
+
+  describe('POST /assets/exist', () => {
+    it('ignores invalid deviceAssetIds', async () => {
+      const response = await utils.checkExistingAssets(user1.accessToken, {
+        deviceId: 'test-assets-exist',
+        deviceAssetIds: ['invalid', 'INVALID'],
+      });
+
+      expect(response.existingIds).toHaveLength(0);
+    });
+
+    it('returns the IDs of existing assets', async () => {
+      await utils.createAsset(user1.accessToken, {
+        deviceId: 'test-assets-exist',
+        deviceAssetId: 'test-asset-0',
+      });
+
+      const response = await utils.checkExistingAssets(user1.accessToken, {
+        deviceId: 'test-assets-exist',
+        deviceAssetIds: ['test-asset-0'],
+      });
+
+      expect(response.existingIds).toEqual(['test-asset-0']);
+    });
+  });
 });
--- a/e2e/src/specs/server/api/library.e2e-spec.ts
+++ b/e2e/src/specs/server/api/library.e2e-spec.ts
@@ -110,7 +110,7 @@ describe('/libraries', () => {
        });

      expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest(['[importPaths] Array must have unique items']));
+      expect(body).toEqual(errorDto.badRequest(["All importPaths's elements must be unique"]));
    });

    it('should not create an external library with duplicate exclusion patterns', async () => {
@@ -125,7 +125,7 @@ describe('/libraries', () => {
        });

      expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest(['[exclusionPatterns] Array must have unique items']));
+      expect(body).toEqual(errorDto.badRequest(["All exclusionPatterns's elements must be unique"]));
    });
  });

@@ -157,7 +157,7 @@ describe('/libraries', () => {
        .send({ name: '' });

      expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest(['[name] Too small: expected string to have >=1 characters']));
+      expect(body).toEqual(errorDto.badRequest(['name should not be empty']));
    });

    it('should change the import paths', async () => {
@@ -181,7 +181,7 @@ describe('/libraries', () => {
        .send({ importPaths: [''] });

      expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest(['[importPaths] Array items must not be empty']));
+      expect(body).toEqual(errorDto.badRequest(['each value in importPaths should not be empty']));
    });

    it('should reject duplicate import paths', async () => {
@@ -191,7 +191,7 @@ describe('/libraries', () => {
        .send({ importPaths: ['/path', '/path'] });

      expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest(['[importPaths] Array must have unique items']));
+      expect(body).toEqual(errorDto.badRequest(["All importPaths's elements must be unique"]));
    });

    it('should change the exclusion pattern', async () => {
@@ -215,7 +215,7 @@ describe('/libraries', () => {
        .send({ exclusionPatterns: ['**/*.jpg', '**/*.jpg'] });

      expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest(['[exclusionPatterns] Array must have unique items']));
+      expect(body).toEqual(errorDto.badRequest(["All exclusionPatterns's elements must be unique"]));
    });

    it('should reject an empty exclusion pattern', async () => {
@@ -225,7 +225,7 @@ describe('/libraries', () => {
        .send({ exclusionPatterns: [''] });

      expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest(['[exclusionPatterns] Array items must not be empty']));
+      expect(body).toEqual(errorDto.badRequest(['each value in exclusionPatterns should not be empty']));
    });
  });

--- a/e2e/src/specs/server/api/map.e2e-spec.ts
+++ b/e2e/src/specs/server/api/map.e2e-spec.ts
@@ -109,7 +109,7 @@ describe('/map', () => {
        .get('/map/reverse-geocode?lon=123')
        .set('Authorization', `Bearer ${admin.accessToken}`);
      expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest(['[lat] Invalid input: expected number, received NaN']));
+      expect(body).toEqual(errorDto.badRequest(['lat must be a number between -90 and 90']));
    });

    it('should throw an error if a lat is not a number', async () => {
@@ -117,7 +117,7 @@ describe('/map', () => {
        .get('/map/reverse-geocode?lat=abc&lon=123.456')
        .set('Authorization', `Bearer ${admin.accessToken}`);
      expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest(['[lat] Invalid input: expected number, received NaN']));
+      expect(body).toEqual(errorDto.badRequest(['lat must be a number between -90 and 90']));
    });

    it('should throw an error if a lat is out of range', async () => {
@@ -125,7 +125,7 @@ describe('/map', () => {
        .get('/map/reverse-geocode?lat=91&lon=123.456')
        .set('Authorization', `Bearer ${admin.accessToken}`);
      expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest(['[lat] Too big: expected number to be <=90']));
+      expect(body).toEqual(errorDto.badRequest(['lat must be a number between -90 and 90']));
    });

    it('should throw an error if a lon is not provided', async () => {
@@ -133,7 +133,7 @@ describe('/map', () => {
        .get('/map/reverse-geocode?lat=75')
        .set('Authorization', `Bearer ${admin.accessToken}`);
      expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest(['[lon] Invalid input: expected number, received NaN']));
+      expect(body).toEqual(errorDto.badRequest(['lon must be a number between -180 and 180']));
    });

    const reverseGeocodeTestCases = [
--- a/e2e/src/specs/server/api/oauth.e2e-spec.ts
+++ b/e2e/src/specs/server/api/oauth.e2e-spec.ts
@@ -1,10 +1,9 @@
-import { OAuthClient, OAuthUser, generateLogoutToken } from '@immich/e2e-auth-server';
+import { OAuthClient, OAuthUser } from '@immich/e2e-auth-server';
 import {
  LoginResponseDto,
  SystemConfigOAuthDto,
  getConfigDefaults,
  getMyUser,
-  getSessions,
  startOAuth,
  updateConfig,
 } from '@immich/sdk';
@@ -77,7 +76,6 @@ const setupOAuth = async (token: string, dto: Partial<SystemConfigOAuthDto>) =>
    ...defaults.oauth,
    buttonText: 'Login with Immich',
    issuerUrl: `${authServer.internal}/.well-known/openid-configuration`,
-    allowInsecureRequests: true,
    ...dto,
  };
  await updateConfig({ systemConfigDto: { ...defaults, oauth: merged } }, options);
@@ -89,23 +87,21 @@ describe(`/oauth`, () => {
  beforeAll(async () => {
    await utils.resetDatabase();
    admin = await utils.adminSetup();
+
+    await setupOAuth(admin.accessToken, {
+      enabled: true,
+      clientId: OAuthClient.DEFAULT,
+      clientSecret: OAuthClient.DEFAULT,
+      buttonText: 'Login with Immich',
+      storageLabelClaim: 'immich_username',
+    });
  });

  describe('POST /oauth/authorize', () => {
-    beforeAll(async () => {
-      await setupOAuth(admin.accessToken, {
-        enabled: true,
-        clientId: OAuthClient.DEFAULT,
-        clientSecret: OAuthClient.DEFAULT,
-        buttonText: 'Login with Immich',
-        storageLabelClaim: 'immich_username',
-      });
-    });
-
    it(`should throw an error if a redirect uri is not provided`, async () => {
      const { status, body } = await request(app).post('/oauth/authorize').send({});
      expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest(['[redirectUri] Invalid input: expected string, received undefined']));
+      expect(body).toEqual(errorDto.badRequest(['redirectUri must be a string', 'redirectUri should not be empty']));
    });

    it('should return a redirect uri', async () => {
@@ -121,56 +117,19 @@ describe(`/oauth`, () => {
      expect(params.get('redirect_uri')).toBe('http://127.0.0.1:2285/auth/login');
      expect(params.get('state')).toBeDefined();
    });
-
-    it('should not include the prompt parameter when not configured', async () => {
-      const { status, body } = await request(app)
-        .post('/oauth/authorize')
-        .send({ redirectUri: 'http://127.0.0.1:2285/auth/login' });
-      expect(status).toBe(201);
-
-      const params = new URL(body.url).searchParams;
-      expect(params.get('prompt')).toBeNull();
-    });
-
-    it('should include the prompt parameter when configured', async () => {
-      await setupOAuth(admin.accessToken, {
-        enabled: true,
-        clientId: OAuthClient.DEFAULT,
-        clientSecret: OAuthClient.DEFAULT,
-        prompt: 'select_account',
-      });
-
-      const { status, body } = await request(app)
-        .post('/oauth/authorize')
-        .send({ redirectUri: 'http://127.0.0.1:2285/auth/login' });
-      expect(status).toBe(201);
-
-      const params = new URL(body.url).searchParams;
-      expect(params.get('prompt')).toBe('select_account');
-    });
  });

  describe('POST /oauth/callback', () => {
-    beforeAll(async () => {
-      await setupOAuth(admin.accessToken, {
-        enabled: true,
-        clientId: OAuthClient.DEFAULT,
-        clientSecret: OAuthClient.DEFAULT,
-        buttonText: 'Login with Immich',
-        storageLabelClaim: 'immich_username',
-      });
-    });
-
    it(`should throw an error if a url is not provided`, async () => {
      const { status, body } = await request(app).post('/oauth/callback').send({});
      expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest(['[url] Invalid input: expected string, received undefined']));
+      expect(body).toEqual(errorDto.badRequest(['url must be a string', 'url should not be empty']));
    });

    it(`should throw an error if the url is empty`, async () => {
      const { status, body } = await request(app).post('/oauth/callback').send({ url: '' });
      expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest(['[url] Too small: expected string to have >=1 characters']));
+      expect(body).toEqual(errorDto.badRequest(['url should not be empty']));
    });

    it(`should throw an error if the state is not provided`, async () => {
@@ -199,9 +158,10 @@ describe(`/oauth`, () => {
    it(`should throw an error if the codeVerifier doesn't match the challenge`, async () => {
      const callbackParams = await loginWithOAuth('oauth-auto-register');
      const { codeVerifier } = await loginWithOAuth('oauth-auto-register');
-      const { status } = await request(app)
+      const { status, body } = await request(app)
        .post('/oauth/callback')
        .send({ ...callbackParams, codeVerifier });
+      console.log(body);
      expect(status).toBeGreaterThanOrEqual(400);
    });

@@ -298,7 +258,7 @@ describe(`/oauth`, () => {
        accessToken: expect.any(String),
        isAdmin: false,
        name: 'OAuth User',
-        userEmail: 'oauth-rs256-token@immich.app',
+        userEmail: 'oauth-RS256-token@immich.app',
        userId: expect.any(String),
      });
    });
@@ -373,50 +333,6 @@ describe(`/oauth`, () => {
    });
  });

-  describe(`POST /oauth/backchannel-logout`, () => {
-    it(`should throw an error if the logout_token is not provided`, async () => {
-      const { status, body } = await request(app).post('/oauth/backchannel-logout').send({});
-      expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest(['[logout_token] Invalid input: expected string, received undefined']));
-    });
-
-    it(`should throw an error if an invalid logout token is provided`, async () => {
-      const { status, body } = await request(app)
-        .post('/oauth/backchannel-logout')
-        .send({ logout_token: 'invalid token' });
-      expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest('Error backchannel logout: token validation failed'));
-    });
-
-    it(`should logout user if a valid logout token is provided`, async () => {
-      await setupOAuth(admin.accessToken, {
-        enabled: true,
-        clientId: OAuthClient.DEFAULT,
-        clientSecret: OAuthClient.DEFAULT,
-        autoRegister: true,
-        signingAlgorithm: 'RS256',
-        buttonText: 'Login with Immich',
-      });
-
-      const callbackParams = await loginWithOAuth('backchannel-logout-user');
-      const { status: callbackStatus, body: callbackBody } = await request(app)
-        .post('/oauth/callback')
-        .send(callbackParams);
-      expect(callbackStatus).toBe(201);
-
-      await expect(getSessions({ headers: asBearerAuth(callbackBody.accessToken) })).resolves.toHaveLength(1);
-
-      const logoutToken = await generateLogoutToken('http://0.0.0.0:2286', 'backchannel-logout-user');
-      const { status, body } = await request(app).post('/oauth/backchannel-logout').send({ logout_token: logoutToken });
-      expect(status).toBe(200);
-      expect(body).toMatchObject({});
-
-      await expect(getSessions({ headers: asBearerAuth(callbackBody.accessToken) })).rejects.toMatchObject({
-        status: 401,
-      });
-    });
-  });
-
  describe('mobile redirect override', () => {
    beforeAll(async () => {
      await setupOAuth(admin.accessToken, {
@@ -483,23 +399,4 @@ describe(`/oauth`, () => {
      });
    });
  });
-
-  describe('allowInsecureRequests: false', () => {
-    beforeAll(async () => {
-      await setupOAuth(admin.accessToken, {
-        enabled: true,
-        clientId: OAuthClient.DEFAULT,
-        clientSecret: OAuthClient.DEFAULT,
-        allowInsecureRequests: false,
-      });
-    });
-
-    it('should reject OAuth discovery over HTTP', async () => {
-      const { status, body } = await request(app)
-        .post('/oauth/authorize')
-        .send({ redirectUri: 'http://127.0.0.1:2285/auth/login' });
-      expect(status).toBe(500);
-      expect(body).toMatchObject({ statusCode: 500 });
-    });
-  });
 });
--- a/e2e/src/specs/server/api/search.e2e-spec.ts
+++ b/e2e/src/specs/server/api/search.e2e-spec.ts
@@ -74,6 +74,7 @@ describe('/search', () => {
      const bytes = await readFile(join(testAssetDir, filename));
      assets.push(
        await utils.createAsset(admin.accessToken, {
+          deviceAssetId: `test-${filename}`,
          assetData: { bytes, filename },
          ...dto,
        }),
@@ -457,7 +458,7 @@ describe('/search', () => {
      expect(Array.isArray(body)).toBe(true);
      if (Array.isArray(body)) {
        expect(body.length).toBeGreaterThan(10);
-        expect(body[0].name).toEqual(expect.stringContaining(name));
+        expect(body[0].name).toEqual(name);
        expect(body[0].admin2name).toEqual(name);
      }
    });
--- a/e2e/src/specs/server/api/server.e2e-spec.ts
+++ b/e2e/src/specs/server/api/server.e2e-spec.ts
@@ -207,6 +207,16 @@ describe('/server', () => {
    });
  });

+  describe('GET /server/theme', () => {
+    it('should respond with the server theme', async () => {
+      const { status, body } = await request(app).get('/server/theme');
+      expect(status).toBe(200);
+      expect(body).toEqual({
+        customCss: '',
+      });
+    });
+  });
+
  describe('GET /server/license', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).get('/server/license');
--- a/e2e/src/specs/server/api/shared-link.e2e-spec.ts
+++ b/e2e/src/specs/server/api/shared-link.e2e-spec.ts
@@ -243,21 +243,9 @@ describe('/shared-links', () => {
    });

    it('should get data for correct password protected link', async () => {
-      const response = await request(app)
-        .post('/shared-links/login')
-        .send({ password: 'foo' })
-        .query({ key: linkWithPassword.key });
-
-      expect(response.status).toBe(201);
-
-      const cookies = response.get('Set-Cookie') ?? [];
-      expect(cookies).toHaveLength(1);
-      expect(cookies[0]).toContain('immich_shared_link_token');
-
      const { status, body } = await request(app)
        .get('/shared-links/me')
-        .query({ key: linkWithPassword.key })
-        .set('Cookie', cookies);
+        .query({ key: linkWithPassword.key, password: 'foo' });

      expect(status).toBe(200);
      expect(body).toEqual(
--- a/e2e/src/specs/server/api/tag.e2e-spec.ts
+++ b/e2e/src/specs/server/api/tag.e2e-spec.ts
@@ -309,7 +309,7 @@ describe('/tags', () => {
        .get(`/tags/${uuidDto.invalid}`)
        .set('Authorization', `Bearer ${admin.accessToken}`);
      expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest(['[id] Invalid UUID']));
+      expect(body).toEqual(errorDto.badRequest(['id must be a UUID']));
    });

    it('should get tag details', async () => {
@@ -427,7 +427,7 @@ describe('/tags', () => {
        .delete(`/tags/${uuidDto.invalid}`)
        .set('Authorization', `Bearer ${admin.accessToken}`);
      expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest(['[id] Invalid UUID']));
+      expect(body).toEqual(errorDto.badRequest(['id must be a UUID']));
    });

    it('should delete a tag', async () => {
--- a/e2e/src/specs/server/api/user-admin.e2e-spec.ts
+++ b/e2e/src/specs/server/api/user-admin.e2e-spec.ts
@@ -287,8 +287,7 @@ describe('/admin/users', () => {
    it('should delete user', async () => {
      const { status, body } = await request(app)
        .delete(`/admin/users/${userToDelete.userId}`)
-        .set('Authorization', `Bearer ${admin.accessToken}`)
-        .send({});
+        .set('Authorization', `Bearer ${admin.accessToken}`);

      expect(status).toBe(200);
      expect(body).toMatchObject({
--- a/e2e/src/specs/server/api/user.e2e-spec.ts
+++ b/e2e/src/specs/server/api/user.e2e-spec.ts
@@ -178,9 +178,7 @@ describe('/users', () => {
        .set('Authorization', `Bearer ${admin.accessToken}`);

      expect(status).toBe(400);
-      expect(body).toEqual(
-        errorDto.badRequest(['[download.archiveSize] Invalid input: expected int, received number']),
-      );
+      expect(body).toEqual(errorDto.badRequest(['download.archiveSize must be an integer number']));
    });

    it('should update download archive size', async () => {
@@ -206,9 +204,7 @@ describe('/users', () => {
        .set('Authorization', `Bearer ${admin.accessToken}`);

      expect(status).toBe(400);
-      expect(body).toEqual(
-        errorDto.badRequest(['[download.includeEmbeddedVideos] Invalid input: expected boolean, received number']),
-      );
+      expect(body).toEqual(errorDto.badRequest(['download.includeEmbeddedVideos must be a boolean value']));
    });

    it('should update download include embedded videos', async () => {
--- a/e2e/src/specs/web/album.e2e-spec.ts
+++ b/e2e/src/specs/web/album.e2e-spec.ts
@@ -1,7 +1,6 @@
 import { LoginResponseDto } from '@immich/sdk';
-import { expect, test } from '@playwright/test';
-import { readFileSync } from 'node:fs';
-import { testAssetDir, utils } from 'src/utils';
+import { test } from '@playwright/test';
+import { utils } from 'src/utils';

 test.describe('Album', () => {
  let admin: LoginResponseDto;
@@ -23,41 +22,4 @@ test.describe('Album', () => {
    await page.reload();
    await page.getByRole('button', { name: 'Select photos' }).waitFor();
  });
-
-  test('should keep map view open after viewing an asset from the map and going back', async ({ context, page }) => {
-    await utils.setAuthCookies(context, admin.accessToken);
-
-    const imagePath = `${testAssetDir}/metadata/gps-position/thompson-springs.jpg`;
-    const mapAsset = await utils.createAsset(admin.accessToken, {
-      assetData: {
-        bytes: readFileSync(imagePath),
-        filename: 'thompson-springs.jpg',
-      },
-    });
-
-    await utils.waitForQueueFinish(admin.accessToken, 'metadataExtraction');
-
-    const mapAlbum = await utils.createAlbum(admin.accessToken, {
-      albumName: 'Map Test Album',
-      assetIds: [mapAsset.id],
-    });
-
-    await page.goto(`/albums/${mapAlbum.id}`);
-    const mapButton = page.getByRole('button', { name: 'Map' });
-    await expect(mapButton).toBeVisible();
-    await mapButton.click();
-
-    const mapModal = page.getByRole('dialog');
-    await expect(mapModal).toBeVisible();
-
-    const mapMarker = mapModal.getByRole('img', { name: /Map marker/i }).first();
-    await expect(mapMarker).toBeVisible();
-    await mapMarker.click();
-
-    await page.waitForSelector('#immich-asset-viewer');
-    await page.getByRole('button', { name: 'Go back' }).click();
-
-    await expect(page.locator('#immich-asset-viewer')).not.toBeVisible();
-    await expect(mapModal).toBeVisible();
-  });
 });
--- a/e2e/src/specs/web/asset-viewer/detail-panel.e2e-spec.ts
+++ b/e2e/src/specs/web/asset-viewer/detail-panel.e2e-spec.ts
@@ -1,9 +1,7 @@
 import { AssetMediaResponseDto, LoginResponseDto, SharedLinkType } from '@immich/sdk';
 import { expect, test } from '@playwright/test';
-import { readFile } from 'node:fs/promises';
-import { basename, join } from 'node:path';
 import type { Socket } from 'socket.io-client';
-import { testAssetDir, utils } from 'src/utils';
+import { utils } from 'src/utils';

 test.describe('Detail Panel', () => {
  let admin: LoginResponseDto;
@@ -85,42 +83,4 @@ test.describe('Detail Panel', () => {
    await utils.waitForWebsocketEvent({ event: 'assetUpdate', id: asset.id });
    await expect(textarea).toHaveValue('new description');
  });
-
-  test.describe('Date editor', () => {
-    test('displays inferred asset timezone', async ({ context, page }) => {
-      const test = {
-        filepath: 'metadata/dates/datetimeoriginal-gps.jpg',
-        expected: {
-          dateTime: '2025-12-01T11:30',
-          // Test with a timezone which is NOT the first among timezones with the same offset
-          // This is to check that the editor does not simply fall back to the first available timezone with that offset
-          // America/Denver (-07:00) is not the first among timezones with offset -07:00
-          timeZoneWithOffset: 'America/Denver (-07:00)',
-        },
-      };
-
-      const asset = await utils.createAsset(admin.accessToken, {
-        assetData: {
-          bytes: await readFile(join(testAssetDir, test.filepath)),
-          filename: basename(test.filepath),
-        },
-      });
-
-      await utils.waitForWebsocketEvent({ event: 'assetUpload', id: asset.id });
-
-      // asset viewer -> detail panel -> date editor
-      await utils.setAuthCookies(context, admin.accessToken);
-      await page.goto(`/photos/${asset.id}`);
-      await page.waitForSelector('#immich-asset-viewer');
-
-      await page.getByRole('button', { name: 'Info' }).click();
-      await page.getByTestId('detail-panel-edit-date-button').click();
-      await page.waitForSelector('[role="dialog"]');
-
-      const datetime = page.locator('#datetime');
-      await expect(datetime).toHaveValue(test.expected.dateTime);
-      const timezone = page.getByRole('combobox', { name: 'Timezone' });
-      await expect(timezone).toHaveValue(test.expected.timeZoneWithOffset);
-    });
-  });
 });
--- a/e2e/src/specs/web/duplicates.e2e-spec.ts
+++ b/e2e/src/specs/web/duplicates.e2e-spec.ts
@@ -1,51 +0,0 @@
-import { AssetMediaResponseDto, LoginResponseDto, updateAssets } from '@immich/sdk';
-import { expect, test } from '@playwright/test';
-import crypto from 'node:crypto';
-import { asBearerAuth, utils } from 'src/utils';
-
-test.describe('Duplicates Utility', () => {
-  let admin: LoginResponseDto;
-  let firstAsset: AssetMediaResponseDto;
-  let secondAsset: AssetMediaResponseDto;
-
-  test.beforeAll(async () => {
-    utils.initSdk();
-    await utils.resetDatabase();
-    admin = await utils.adminSetup();
-  });
-
-  test.beforeEach(async ({ context }) => {
-    [firstAsset, secondAsset] = await Promise.all([
-      utils.createAsset(admin.accessToken, {}),
-      utils.createAsset(admin.accessToken, {}),
-    ]);
-
-    await updateAssets(
-      {
-        assetBulkUpdateDto: {
-          ids: [firstAsset.id, secondAsset.id],
-          duplicateId: crypto.randomUUID(),
-        },
-      },
-      { headers: asBearerAuth(admin.accessToken) },
-    );
-
-    await utils.setAuthCookies(context, admin.accessToken);
-  });
-
-  test('navigates with arrow keys between duplicate preview assets', async ({ page }) => {
-    await page.goto('/utilities/duplicates');
-    await page.getByRole('button', { name: 'View' }).first().click();
-    await page.waitForSelector('#immich-asset-viewer');
-
-    const getViewedAssetId = () => new URL(page.url()).pathname.split('/').at(-1) ?? '';
-    const initialAssetId = getViewedAssetId();
-    expect([firstAsset.id, secondAsset.id]).toContain(initialAssetId);
-
-    await page.keyboard.press('ArrowRight');
-    await expect.poll(getViewedAssetId).not.toBe(initialAssetId);
-
-    await page.keyboard.press('ArrowLeft');
-    await expect.poll(getViewedAssetId).toBe(initialAssetId);
-  });
-});
--- a/e2e/src/specs/web/photo-viewer.e2e-spec.ts
+++ b/e2e/src/specs/web/photo-viewer.e2e-spec.ts
@@ -77,4 +77,18 @@ test.describe('Photo Viewer', () => {
    });
    expect(tagAtCenter).toBe('IMG');
  });
+
+  test('reloads photo when checksum changes', async ({ page }) => {
+    await page.goto(`/photos/${asset.id}`);
+
+    const preview = page.getByTestId('preview').filter({ visible: true });
+    await expect(preview).toHaveAttribute('src', /.+/);
+    const initialSrc = await preview.getAttribute('src');
+
+    const websocketEvent = utils.waitForWebsocketEvent({ event: 'assetUpdate', id: asset.id });
+    await utils.replaceAsset(admin.accessToken, asset.id);
+    await websocketEvent;
+
+    await expect(preview).not.toHaveAttribute('src', initialSrc!);
+  });
 });
--- a/e2e/src/ui/generators/timeline.ts
+++ b/e2e/src/ui/generators/timeline.ts
@@ -20,7 +20,7 @@ export {
  toColumnarFormat,
 } from './timeline/rest-response';

-export type { Changes } from './timeline/rest-response';
+export type { Changes, FaceData } from './timeline/rest-response';

 export { randomImage, randomImageFromString, randomPreview, randomThumbnail } from './timeline/images';

--- a/e2e/src/ui/generators/timeline/rest-response.ts
+++ b/e2e/src/ui/generators/timeline/rest-response.ts
@@ -3,13 +3,14 @@
 */

 import {
-  AlbumUserRole,
  AssetTypeEnum,
  AssetVisibility,
  UserAvatarColor,
  type AlbumResponseDto,
+  type AssetFaceWithoutPersonResponseDto,
  type AssetResponseDto,
  type ExifResponseDto,
+  type PersonWithFacesResponseDto,
  type TimeBucketAssetResponseDto,
  type TimeBucketsResponseDto,
  type UserResponseDto,
@@ -285,7 +286,16 @@ const createDefaultOwner = (ownerId: string) => {
 * Convert a TimelineAssetConfig to a full AssetResponseDto
 * This matches the response from GET /api/assets/:id
 */
-export function toAssetResponseDto(asset: MockTimelineAsset, owner?: UserResponseDto): AssetResponseDto {
+export type FaceData = {
+  people: PersonWithFacesResponseDto[];
+  unassignedFaces: AssetFaceWithoutPersonResponseDto[];
+};
+
+export function toAssetResponseDto(
+  asset: MockTimelineAsset,
+  owner?: UserResponseDto,
+  faceData?: FaceData,
+): AssetResponseDto {
  const now = new Date().toISOString();

  // Default owner if not provided
@@ -316,9 +326,11 @@ export function toAssetResponseDto(asset: MockTimelineAsset, owner?: UserRespons

  return {
    id: asset.id,
+    deviceAssetId: `device-${asset.id}`,
    ownerId: asset.ownerId,
    owner: owner || defaultOwner,
    libraryId: `library-${asset.ownerId}`,
+    deviceId: `device-${asset.ownerId}`,
    type: asset.isVideo ? AssetTypeEnum.Video : AssetTypeEnum.Image,
    originalPath: `/original/${asset.id}.${asset.isVideo ? 'mp4' : 'jpg'}`,
    originalFileName: `${asset.id}.${asset.isVideo ? 'mp4' : 'jpg'}`,
@@ -333,12 +345,12 @@ export function toAssetResponseDto(asset: MockTimelineAsset, owner?: UserRespons
    isArchived: false,
    isTrashed: asset.isTrashed,
    visibility: asset.visibility,
-    duration: asset.duration,
+    duration: asset.duration || '0:00:00.00000',
    exifInfo,
    livePhotoVideoId: asset.livePhotoVideoId,
    tags: [],
-    people: [],
-    unassignedFaces: [],
+    people: faceData?.people ?? [],
+    unassignedFaces: faceData?.unassignedFaces ?? [],
    stack: asset.stack,
    isOffline: false,
    hasMetadata: true,
@@ -421,11 +433,14 @@ export function getAlbum(
    albumThumbnailAssetId: album.thumbnailAssetId,
    createdAt: album.createdAt,
    updatedAt: album.updatedAt,
-    albumUsers: [{ user: albumOwner, role: AlbumUserRole.Owner }],
+    ownerId: albumOwner.id,
+    owner: albumOwner,
+    albumUsers: [], // Empty array for non-shared album
    shared: false,
    hasSharedLink: false,
    isActivityEnabled: true,
    assetCount: albumAssets.length,
+    assets: albumAssets,
    startDate: albumAssets.length > 0 ? albumAssets.at(-1)?.fileCreatedAt : undefined,
    endDate: albumAssets.length > 0 ? albumAssets[0].fileCreatedAt : undefined,
    lastModifiedAssetTimestamp: albumAssets.length > 0 ? albumAssets[0].fileCreatedAt : undefined,
--- a/e2e/src/ui/mock-network/base-network.ts
+++ b/e2e/src/ui/mock-network/base-network.ts
@@ -1,5 +1,5 @@
 import { BrowserContext } from '@playwright/test';
-import { playwrightHost } from 'src/../playwright.config';
+import { playwrightHost } from 'playwright.config';

 export const setupBaseMockApiRoutes = async (context: BrowserContext, adminUserId: string) => {
  await context.addCookies([
@@ -173,7 +173,6 @@ export const setupBaseMockApiRoutes = async (context: BrowserContext, adminUserI
          '.mpeg',
          '.mpg',
          '.mts',
-          '.ts',
          '.vob',
          '.webm',
          '.wmv',
@@ -223,7 +222,6 @@ export const setupBaseMockApiRoutes = async (context: BrowserContext, adminUserI
          '.jp2',
          '.jpe',
          '.jxl',
-          '.mpo',
          '.svg',
          '.tif',
          '.tiff',
--- a/e2e/src/ui/mock-network/broken-asset-network.ts
+++ b/e2e/src/ui/mock-network/broken-asset-network.ts
@@ -16,6 +16,7 @@ export const createMockStackAsset = (ownerId: string): AssetResponseDto => {
  const now = new Date().toISOString();
  return {
    id: assetId,
+    deviceAssetId: `device-${assetId}`,
    ownerId,
    owner: {
      id: ownerId,
@@ -26,6 +27,7 @@ export const createMockStackAsset = (ownerId: string): AssetResponseDto => {
      avatarColor: 'blue' as never,
    },
    libraryId: `library-${ownerId}`,
+    deviceId: `device-${ownerId}`,
    type: AssetTypeEnum.Image,
    originalPath: `/original/${assetId}.jpg`,
    originalFileName: `${assetId}.jpg`,
@@ -40,7 +42,7 @@ export const createMockStackAsset = (ownerId: string): AssetResponseDto => {
    isArchived: false,
    isTrashed: false,
    visibility: AssetVisibility.Timeline,
-    duration: null,
+    duration: '0:00:00.00000',
    exifInfo: {
      make: null,
      model: null,
@@ -67,7 +69,7 @@ export const createMockStackAsset = (ownerId: string): AssetResponseDto => {
    tags: [],
    people: [],
    unassignedFaces: [],
-    stack: undefined,
+    stack: null,
    isOffline: false,
    hasMetadata: true,
    duplicateId: null,
--- a/e2e/src/ui/mock-network/face-editor-network.ts
+++ b/e2e/src/ui/mock-network/face-editor-network.ts
@@ -1,5 +1,6 @@
+import type { AssetFaceResponseDto, AssetResponseDto, PersonWithFacesResponseDto, SourceType } from '@immich/sdk';
 import { BrowserContext } from '@playwright/test';
-import { randomThumbnail } from 'src/ui/generators/timeline';
+import { type FaceData, randomThumbnail } from 'src/ui/generators/timeline';

 // Minimal valid H.264 MP4 (8x8px, 1 frame) that browsers can decode to get videoWidth/videoHeight
 const MINIMAL_MP4_BASE64 =
@@ -125,3 +126,84 @@ export const setupFaceEditorMockApiRoutes = async (
    });
  });
 };
+
+export type MockFaceSpec = {
+  personId: string;
+  personName: string;
+  faceId: string;
+  boundingBoxX1: number;
+  boundingBoxY1: number;
+  boundingBoxX2: number;
+  boundingBoxY2: number;
+};
+
+const toPersonResponseDto = (spec: MockFaceSpec) => ({
+  id: spec.personId,
+  name: spec.personName,
+  birthDate: null,
+  isHidden: false,
+  thumbnailPath: `/upload/thumbs/${spec.personId}.jpeg`,
+  updatedAt: '2025-01-01T00:00:00.000Z',
+});
+
+const toBoundingBox = (spec: MockFaceSpec, imageWidth: number, imageHeight: number) => ({
+  id: spec.faceId,
+  imageWidth,
+  imageHeight,
+  boundingBoxX1: spec.boundingBoxX1,
+  boundingBoxY1: spec.boundingBoxY1,
+  boundingBoxX2: spec.boundingBoxX2,
+  boundingBoxY2: spec.boundingBoxY2,
+});
+
+export const createMockFaceData = (specs: MockFaceSpec[], imageWidth: number, imageHeight: number): FaceData => {
+  const people: PersonWithFacesResponseDto[] = specs.map((spec) => ({
+    ...toPersonResponseDto(spec),
+    faces: [toBoundingBox(spec, imageWidth, imageHeight)],
+  }));
+
+  return { people, unassignedFaces: [] };
+};
+
+export const createMockAssetFaces = (
+  specs: MockFaceSpec[],
+  imageWidth: number,
+  imageHeight: number,
+): AssetFaceResponseDto[] => {
+  return specs.map((spec) => ({
+    ...toBoundingBox(spec, imageWidth, imageHeight),
+    person: toPersonResponseDto(spec),
+    sourceType: 'machine-learning' as SourceType,
+  }));
+};
+
+export const setupGetFacesMockApiRoute = async (context: BrowserContext, faces: AssetFaceResponseDto[]) => {
+  await context.route('**/api/faces?*', async (route, request) => {
+    if (request.method() !== 'GET') {
+      return route.fallback();
+    }
+    return route.fulfill({
+      status: 200,
+      contentType: 'application/json',
+      json: faces,
+    });
+  });
+};
+
+export const setupFaceOverlayMockApiRoutes = async (context: BrowserContext, assetDto: AssetResponseDto) => {
+  await context.route('**/api/assets/*', async (route, request) => {
+    if (request.method() !== 'GET') {
+      return route.fallback();
+    }
+    const url = new URL(request.url());
+    const assetId = url.pathname.split('/').at(-1);
+    if (assetId !== assetDto.id) {
+      return route.fallback();
+    }
+    return route.fulfill({
+      status: 200,
+      contentType: 'application/json',
+      json: assetDto,
+    });
+  });
+};
--- a/e2e/src/ui/specs/asset-viewer/face-editor.e2e-spec.ts
+++ b/e2e/src/ui/specs/asset-viewer/face-editor.e2e-spec.ts
@@ -149,7 +149,7 @@ test.describe('face-editor', () => {
    await expect(page.getByRole('dialog')).toBeVisible();
  });

-  test('Confirming tag calls createFace API and closes editor', async ({ page }) => {
+  test('Confirming tag calls createFace API with valid coordinates and closes editor', async ({ page }) => {
    const asset = selectRandom(fixture.assets, rng);
    await openFaceEditor(page, asset);

@@ -163,8 +163,15 @@ test.describe('face-editor', () => {
    await expect(page.locator('#face-editor')).toBeHidden();

    expect(faceCreateCapture.requests).toHaveLength(1);
-    expect(faceCreateCapture.requests[0].assetId).toBe(asset.id);
-    expect(faceCreateCapture.requests[0].personId).toBe(personToTag.id);
+    const request = faceCreateCapture.requests[0];
+    expect(request.assetId).toBe(asset.id);
+    expect(request.personId).toBe(personToTag.id);
+    expect(request.x).toBeGreaterThanOrEqual(0);
+    expect(request.y).toBeGreaterThanOrEqual(0);
+    expect(request.width).toBeGreaterThan(0);
+    expect(request.height).toBeGreaterThan(0);
+    expect(request.x + request.width).toBeLessThanOrEqual(request.imageWidth);
+    expect(request.y + request.height).toBeLessThanOrEqual(request.imageHeight);
  });

  test('Cancel button closes face editor', async ({ page }) => {
@@ -282,4 +289,39 @@ test.describe('face-editor', () => {
    expect(afterDrag.left).toBeGreaterThan(beforeDrag.left + 50);
    expect(afterDrag.top).toBeGreaterThan(beforeDrag.top + 20);
  });
+
+  test('Cancel on confirmation dialog keeps face editor open', async ({ page }) => {
+    const asset = selectRandom(fixture.assets, rng);
+    await openFaceEditor(page, asset);
+
+    const personToTag = mockPeople[0];
+    await page.locator('#face-selector').getByText(personToTag.name).click();
+
+    await expect(page.getByRole('dialog')).toBeVisible();
+    await page
+      .getByRole('dialog')
+      .getByRole('button', { name: /cancel/i })
+      .click();
+
+    await expect(page.getByRole('dialog')).toBeHidden();
+    await expect(page.locator('#face-selector')).toBeVisible();
+    await expect(page.locator('#face-editor')).toBeVisible();
+    expect(faceCreateCapture.requests).toHaveLength(0);
+  });
+
+  test('Clicking on face rect center does not reposition it', async ({ page }) => {
+    const asset = selectRandom(fixture.assets, rng);
+    await openFaceEditor(page, asset);
+
+    const beforeClick = await getFaceBoxRect(page);
+    const centerX = beforeClick.left + beforeClick.width / 2;
+    const centerY = beforeClick.top + beforeClick.height / 2;
+
+    await page.mouse.click(centerX, centerY);
+    await page.waitForTimeout(300);
+
+    const afterClick = await getFaceBoxRect(page);
+    expect(Math.abs(afterClick.left - beforeClick.left)).toBeLessThan(3);
+    expect(Math.abs(afterClick.top - beforeClick.top)).toBeLessThan(3);
+  });
 });
--- a/e2e/src/ui/specs/asset-viewer/face-overlay.e2e-spec.ts
+++ b/e2e/src/ui/specs/asset-viewer/face-overlay.e2e-spec.ts
@@ -0,0 +1,264 @@
+import { expect, test } from '@playwright/test';
+import { toAssetResponseDto } from 'src/ui/generators/timeline';
+import {
+  createMockAssetFaces,
+  createMockFaceData,
+  createMockPeople,
+  type MockFaceSpec,
+  setupFaceEditorMockApiRoutes,
+  setupFaceOverlayMockApiRoutes,
+  setupGetFacesMockApiRoute,
+} from 'src/ui/mock-network/face-editor-network';
+import { assetViewerUtils } from '../timeline/utils';
+import { ensureDetailPanelVisible, setupAssetViewerFixture } from './utils';
+
+test.describe.configure({ mode: 'parallel' });
+
+const FACE_SPECS: MockFaceSpec[] = [
+  {
+    personId: 'person-alice',
+    personName: 'Alice Johnson',
+    faceId: 'face-alice',
+    boundingBoxX1: 1000,
+    boundingBoxY1: 500,
+    boundingBoxX2: 1500,
+    boundingBoxY2: 1200,
+  },
+  {
+    personId: 'person-bob',
+    personName: 'Bob Smith',
+    faceId: 'face-bob',
+    boundingBoxX1: 2000,
+    boundingBoxY1: 800,
+    boundingBoxX2: 2400,
+    boundingBoxY2: 1600,
+  },
+];
+
+const setupFaceMocks = async (
+  context: import('@playwright/test').BrowserContext,
+  fixture: ReturnType<typeof setupAssetViewerFixture>,
+) => {
+  const mockPeople = createMockPeople(4);
+  const faceData = createMockFaceData(
+    FACE_SPECS,
+    fixture.primaryAssetDto.width ?? 3000,
+    fixture.primaryAssetDto.height ?? 4000,
+  );
+  const assetDtoWithFaces = toAssetResponseDto(fixture.primaryAsset, undefined, faceData);
+  await setupFaceOverlayMockApiRoutes(context, assetDtoWithFaces);
+  await setupFaceEditorMockApiRoutes(context, mockPeople, { requests: [] });
+};
+
+test.describe('face overlay bounding boxes', () => {
+  const fixture = setupAssetViewerFixture(901);
+
+  test.beforeEach(async ({ context }) => {
+    await setupFaceMocks(context, fixture);
+  });
+
+  test('face overlay divs render with correct aria labels', async ({ page }) => {
+    await page.goto(`/photos/${fixture.primaryAsset.id}`);
+    await assetViewerUtils.waitForViewerLoad(page, fixture.primaryAsset);
+
+    const aliceOverlay = page.getByLabel('Person: Alice Johnson');
+    const bobOverlay = page.getByLabel('Person: Bob Smith');
+
+    await expect(aliceOverlay).toBeVisible();
+    await expect(bobOverlay).toBeVisible();
+  });
+
+  test('face overlay shows border on hover', async ({ page }) => {
+    await page.goto(`/photos/${fixture.primaryAsset.id}`);
+    await assetViewerUtils.waitForViewerLoad(page, fixture.primaryAsset);
+
+    const aliceOverlay = page.getByLabel('Person: Alice Johnson');
+    await expect(aliceOverlay).toBeVisible();
+
+    const activeBorder = page.locator('[data-viewer-content] .border-solid.border-white.border-3');
+    await expect(activeBorder).toHaveCount(0);
+
+    await aliceOverlay.hover();
+    await expect(activeBorder).toHaveCount(1);
+  });
+
+  test('face name tooltip appears on hover', async ({ page }) => {
+    await page.goto(`/photos/${fixture.primaryAsset.id}`);
+    await assetViewerUtils.waitForViewerLoad(page, fixture.primaryAsset);
+
+    const aliceOverlay = page.getByLabel('Person: Alice Johnson');
+    await expect(aliceOverlay).toBeVisible();
+
+    await aliceOverlay.hover();
+
+    const nameTooltip = page.locator('[data-viewer-content]').getByText('Alice Johnson');
+    await expect(nameTooltip).toBeVisible();
+  });
+
+  test('face overlays hidden in face edit mode', async ({ page }) => {
+    await page.goto(`/photos/${fixture.primaryAsset.id}`);
+    await assetViewerUtils.waitForViewerLoad(page, fixture.primaryAsset);
+
+    const aliceOverlay = page.getByLabel('Person: Alice Johnson');
+    await expect(aliceOverlay).toBeVisible();
+
+    await ensureDetailPanelVisible(page);
+    await page.getByLabel('Tag people').click();
+    await page.locator('#face-selector').waitFor({ state: 'visible' });
+
+    await expect(aliceOverlay).toBeHidden();
+  });
+
+  test('face overlay hover works after exiting face edit mode', async ({ page }) => {
+    await page.goto(`/photos/${fixture.primaryAsset.id}`);
+    await assetViewerUtils.waitForViewerLoad(page, fixture.primaryAsset);
+
+    const aliceOverlay = page.getByLabel('Person: Alice Johnson');
+    await expect(aliceOverlay).toBeVisible();
+
+    await ensureDetailPanelVisible(page);
+    await page.getByLabel('Tag people').click();
+    await page.locator('#face-selector').waitFor({ state: 'visible' });
+    await expect(aliceOverlay).toBeHidden();
+
+    await page.getByRole('button', { name: /cancel/i }).click();
+    await expect(page.locator('#face-selector')).toBeHidden();
+
+    await expect(aliceOverlay).toBeVisible();
+
+    const activeBorder = page.locator('[data-viewer-content] .border-solid.border-white.border-3');
+    await expect(activeBorder).toHaveCount(0);
+    await aliceOverlay.hover();
+    await expect(activeBorder).toHaveCount(1);
+  });
+});
+
+test.describe('zoom and face editor interaction', () => {
+  const fixture = setupAssetViewerFixture(902);
+
+  test.beforeEach(async ({ context }) => {
+    await setupFaceMocks(context, fixture);
+  });
+
+  test('zoom is preserved when entering face edit mode', async ({ page }) => {
+    await page.goto(`/photos/${fixture.primaryAsset.id}`);
+    await assetViewerUtils.waitForViewerLoad(page, fixture.primaryAsset);
+
+    const { width, height } = page.viewportSize()!;
+    await page.mouse.move(width / 2, height / 2);
+    await page.mouse.wheel(0, -1);
+
+    const imgLocator = page.locator('[data-viewer-content] img[draggable="false"]');
+    await expect(async () => {
+      const transform = await imgLocator.evaluate((element) => {
+        return getComputedStyle(element.closest('[style*="transform"]') ?? element).transform;
+      });
+      expect(transform).not.toBe('none');
+      expect(transform).not.toBe('');
+    }).toPass({ timeout: 2000 });
+
+    await ensureDetailPanelVisible(page);
+    await page.getByLabel('Tag people').click();
+    await page.locator('#face-selector').waitFor({ state: 'visible' });
+
+    await expect(page.locator('#face-editor')).toBeVisible();
+
+    const afterTransform = await imgLocator.evaluate((element) => {
+      return getComputedStyle(element.closest('[style*="transform"]') ?? element).transform;
+    });
+    expect(afterTransform).not.toBe('none');
+  });
+});
+
+test.describe('face overlay via detail panel interaction', () => {
+  const fixture = setupAssetViewerFixture(903);
+
+  test.beforeEach(async ({ context }) => {
+    await setupFaceMocks(context, fixture);
+  });
+
+  test('hovering person in detail panel shows face overlay border', async ({ page }) => {
+    await page.goto(`/photos/${fixture.primaryAsset.id}`);
+    await assetViewerUtils.waitForViewerLoad(page, fixture.primaryAsset);
+
+    await ensureDetailPanelVisible(page);
+
+    const personLink = page.locator('#detail-panel a').filter({ hasText: 'Alice Johnson' });
+    await expect(personLink).toBeVisible();
+
+    const activeBorder = page.locator('[data-viewer-content] .border-solid.border-white.border-3');
+    await expect(activeBorder).toHaveCount(0);
+
+    await personLink.hover();
+    await expect(activeBorder).toHaveCount(1);
+  });
+
+  test('touch pointer on person in detail panel shows face overlay border', async ({ page }) => {
+    await page.goto(`/photos/${fixture.primaryAsset.id}`);
+    await assetViewerUtils.waitForViewerLoad(page, fixture.primaryAsset);
+
+    await ensureDetailPanelVisible(page);
+
+    const personLink = page.locator('#detail-panel a').filter({ hasText: 'Alice Johnson' });
+    await expect(personLink).toBeVisible();
+
+    const activeBorder = page.locator('[data-viewer-content] .border-solid.border-white.border-3');
+    await expect(activeBorder).toHaveCount(0);
+
+    // Simulate a touch-type pointerover (the fix changed from onmouseover to onpointerover,
+    // which fires for touch pointers unlike mouseover)
+    await personLink.dispatchEvent('pointerover', { pointerType: 'touch' });
+    await expect(activeBorder).toHaveCount(1);
+  });
+
+  test('hovering person in detail panel works after exiting face edit mode', async ({ page }) => {
+    await page.goto(`/photos/${fixture.primaryAsset.id}`);
+    await assetViewerUtils.waitForViewerLoad(page, fixture.primaryAsset);
+
+    await ensureDetailPanelVisible(page);
+    await page.getByLabel('Tag people').click();
+    await page.locator('#face-selector').waitFor({ state: 'visible' });
+
+    await page.getByRole('button', { name: /cancel/i }).click();
+    await expect(page.locator('#face-selector')).toBeHidden();
+
+    const personLink = page.locator('#detail-panel a').filter({ hasText: 'Alice Johnson' });
+    await expect(personLink).toBeVisible();
+
+    const activeBorder = page.locator('[data-viewer-content] .border-solid.border-white.border-3');
+    await personLink.hover();
+    await expect(activeBorder).toHaveCount(1);
+  });
+});
+
+test.describe('face overlay via edit faces side panel', () => {
+  const fixture = setupAssetViewerFixture(904);
+
+  test.beforeEach(async ({ context }) => {
+    await setupFaceMocks(context, fixture);
+
+    const assetFaces = createMockAssetFaces(
+      FACE_SPECS,
+      fixture.primaryAssetDto.width ?? 3000,
+      fixture.primaryAssetDto.height ?? 4000,
+    );
+    await setupGetFacesMockApiRoute(context, assetFaces);
+  });
+
+  test('hovering person in edit faces panel shows face overlay border', async ({ page }) => {
+    await page.goto(`/photos/${fixture.primaryAsset.id}`);
+    await assetViewerUtils.waitForViewerLoad(page, fixture.primaryAsset);
+
+    await ensureDetailPanelVisible(page);
+    await page.getByLabel('Edit people').click();
+
+    const faceThumbnail = page.locator('section div[role="button"]').first();
+    await expect(faceThumbnail).toBeVisible();
+
+    const activeBorder = page.locator('[data-viewer-content] .border-solid.border-white.border-3');
+    await expect(activeBorder).toHaveCount(0);
+
+    await faceThumbnail.hover();
+    await expect(activeBorder).toHaveCount(1);
+  });
+});
--- a/e2e/src/ui/specs/search/search-gallery.e2e-spec.ts
+++ b/e2e/src/ui/specs/search/search-gallery.e2e-spec.ts
@@ -6,7 +6,6 @@ import {
  generateTimelineData,
  TimelineAssetConfig,
  TimelineData,
-  toAssetResponseDto,
 } from 'src/ui/generators/timeline';
 import { setupBaseMockApiRoutes } from 'src/ui/mock-network/base-network';
 import { setupTimelineMockApiRoutes, TimelineTestContext } from 'src/ui/mock-network/timeline-network';
@@ -31,10 +30,6 @@ test.describe('search gallery-viewer', () => {
  };

  test.beforeAll(async () => {
-    test.fail(
-      process.env.PW_EXPERIMENTAL_SERVICE_WORKER_NETWORK_EVENTS !== '1',
-      'This test requires env var: PW_EXPERIMENTAL_SERVICE_WORKER_NETWORK_EVENTS=1',
-    );
    adminUserId = faker.string.uuid();
    testContext.adminId = adminUserId;
    timelineRestData = generateTimelineData({ ...createDefaultTimelineConfig(), ownerId: adminUserId });
@@ -49,10 +44,7 @@ test.describe('search gallery-viewer', () => {

    await context.route('**/api/search/metadata', async (route, request) => {
      if (request.method() === 'POST') {
-        const searchAssets = assets
-          .slice(0, 5)
-          .filter((asset) => !changes.assetDeletions.includes(asset.id))
-          .map((asset) => toAssetResponseDto(asset));
+        const searchAssets = assets.slice(0, 5).filter((asset) => !changes.assetDeletions.includes(asset.id));
        return route.fulfill({
          status: 200,
          contentType: 'application/json',
--- a/e2e/src/ui/specs/timeline/timeline.e2e-spec.ts
+++ b/e2e/src/ui/specs/timeline/timeline.e2e-spec.ts
@@ -349,7 +349,7 @@ test.describe('Timeline', () => {
        expect(visibleMockAssetsYearMonths).toContain(month);
      }
    });
-    test.skip('Deep link to last photo, scroll up', async ({ page }) => {
+    test('Deep link to last photo, scroll up', async ({ page }) => {
      const lastAsset = assets.at(-1)!;
      await pageUtils.deepLinkPhotosPage(page, lastAsset.id);

@@ -361,7 +361,7 @@ test.describe('Timeline', () => {

      await thumbnailUtils.expectInViewport(page, '14e5901f-fd7f-40c0-b186-4d7e7fc67968');
    });
-    test.skip('Deep link to first bucket, scroll down', async ({ page }) => {
+    test('Deep link to first bucket, scroll down', async ({ page }) => {
      const lastAsset = assets.at(0)!;
      await pageUtils.deepLinkPhotosPage(page, lastAsset.id);
      await timelineUtils.locator(page).hover();
@@ -440,7 +440,7 @@ test.describe('Timeline', () => {
      await thumbnailUtils.expectInViewport(page, asset.id);
      await thumbnailUtils.expectSelectedDisabled(page, asset.id);
    });
-    test.skip('Add photos to album', async ({ page }) => {
+    test('Add photos to album', async ({ page }) => {
      const album = timelineRestData.album;
      await pageUtils.openAlbumPage(page, album.id);
      await page.locator('nav button[aria-label="Add photos"]').click();
@@ -752,7 +752,7 @@ test.describe('Timeline', () => {
      await page.getByText('Photos', { exact: true }).click();
      await thumbnailUtils.expectInViewport(page, assetToFavorite.id);
    });
-    test.skip('open /favorites, archive photo, unarchive photo', async ({ page }) => {
+    test('open /favorites, archive photo, unarchive photo', async ({ page }) => {
      await pageUtils.openFavorites(page);
      const assetToArchive = getAsset(timelineRestData, 'ad31e29f-2069-4574-b9a9-ad86523c92cb')!;
      await thumbnailUtils.withAssetId(page, assetToArchive.id).hover();
--- a/e2e/src/ui/specs/timeline/utils.ts
+++ b/e2e/src/ui/specs/timeline/utils.ts
@@ -62,7 +62,7 @@ export const thumbnailUtils = {
    return page.locator(`[data-thumbnail-focus-container][data-asset="${assetId}"]`);
  },
  selectButton(page: Page, assetId: string) {
-    return page.locator(`[data-thumbnail-focus-container][data-asset="${assetId}"] button[role="checkbox"]`);
+    return page.locator(`[data-thumbnail-focus-container][data-asset="${assetId}"] button`);
  },
  selectedAsset(page: Page) {
    return page.locator('[data-thumbnail-focus-container][data-selected]');
--- a/e2e/src/utils.ts
+++ b/e2e/src/utils.ts
@@ -3,6 +3,7 @@ import {
  AssetMediaResponseDto,
  AssetResponseDto,
  AssetVisibility,
+  CheckExistingAssetsDto,
  CreateAlbumDto,
  CreateLibraryDto,
  JobCreateDto,
@@ -19,6 +20,7 @@ import {
  UserAdminCreateDto,
  UserPreferencesUpdateDto,
  ValidateLibraryDto,
+  checkExistingAssets,
  createAlbum,
  createApiKey,
  createJob,
@@ -341,6 +343,8 @@ export const utils = {
    },
  ) => {
    const _dto = {
+      deviceAssetId: 'test-1',
+      deviceId: 'test',
      fileCreatedAt: new Date().toISOString(),
      fileModifiedAt: new Date().toISOString(),
      ...dto,
@@ -371,6 +375,40 @@ export const utils = {
    return body as AssetMediaResponseDto;
  },

+  replaceAsset: async (
+    accessToken: string,
+    assetId: string,
+    dto?: Partial<Omit<AssetMediaCreateDto, 'assetData'>> & { assetData?: FileData },
+  ) => {
+    const _dto = {
+      deviceAssetId: 'test-1',
+      deviceId: 'test',
+      fileCreatedAt: new Date().toISOString(),
+      fileModifiedAt: new Date().toISOString(),
+      ...dto,
+    };
+
+    const assetData = dto?.assetData?.bytes || makeRandomImage();
+    const filename = dto?.assetData?.filename || 'example.png';
+
+    if (dto?.assetData?.bytes) {
+      console.log(`Uploading ${filename}`);
+    }
+
+    const builder = request(app)
+      .put(`/assets/${assetId}/original`)
+      .attach('assetData', assetData, filename)
+      .set('Authorization', `Bearer ${accessToken}`);
+
+    for (const [key, value] of Object.entries(_dto)) {
+      void builder.field(key, String(value));
+    }
+
+    const { body } = await builder;
+
+    return body as AssetMediaResponseDto;
+  },
+
  createImageFile: (path: string) => {
    if (!existsSync(dirname(path))) {
      mkdirSync(dirname(path), { recursive: true });
@@ -412,6 +450,9 @@ export const utils = {

  getAssetInfo: (accessToken: string, id: string) => getAssetInfo({ id }, { headers: asBearerAuth(accessToken) }),

+  checkExistingAssets: (accessToken: string, checkExistingAssetsDto: CheckExistingAssetsDto) =>
+    checkExistingAssets({ checkExistingAssetsDto }, { headers: asBearerAuth(accessToken) }),
+
  searchAssets: async (accessToken: string, dto: MetadataSearchDto) => {
    return searchAssets({ metadataSearchDto: dto }, { headers: asBearerAuth(accessToken) });
  },
@@ -469,9 +510,6 @@ export const utils = {
  createStack: (accessToken: string, assetIds: string[]) =>
    createStack({ stackCreateDto: { assetIds } }, { headers: asBearerAuth(accessToken) }),

-  setAssetDuplicateId: (accessToken: string, assetId: string, duplicateId: string | null) =>
-    updateAssets({ assetBulkUpdateDto: { ids: [assetId], duplicateId } }, { headers: asBearerAuth(accessToken) }),
-
  upsertTags: (accessToken: string, tags: string[]) =>
    upsertTags({ tagUpsertDto: { tags } }, { headers: asBearerAuth(accessToken) }),

--- a/e2e/test-assets
+++ b/e2e/test-assets
--- a/e2e/tsconfig.json
+++ b/e2e/tsconfig.json
@@ -14,10 +14,8 @@
    "outDir": "./dist",
    "incremental": true,
    "skipLibCheck": true,
-    "paths": {
-      "src/*": ["./src/*"]
-    },
    "esModuleInterop": true,
+    "baseUrl": "./"
  },
  "include": ["src/**/*.ts", "vitest*.config.ts"],
  "exclude": ["dist", "node_modules"]
--- a/i18n/af.json
+++ b/i18n/af.json
@@ -178,17 +178,6 @@
  "stop_motion_photo": "Stop bewegingsfoto",
  "stop_photo_sharing": "Staak die deel van u foto’s?",
  "stop_photo_sharing_description": "{partner} sal nie meer toegang tot u foto’s hê nie.",
-  "unnamed_share": "Naamlose deelskakel",
-  "unsaved_change": "Onbewaarde verandering",
-  "unselect_all": "Ontkies alles",
-  "unselect_all_duplicates": "Ontkies alle duplikate",
-  "unselect_all_in": "Ontkies alles in {group}",
-  "unstack": "Ontstapel",
-  "unstack_action_prompt": "{count} ongestapel",
-  "unstacked_assets_count": "{count, plural, one {# item} other {# items}} ontstapel",
-  "unsupported_field_type": "Onondersteunde veldtipe",
-  "unsupported_file_type": "Lêer {file} kan nie opgelaai word nie omdat die lêertipe {type} nie ondersteun word nie.",
-  "untagged": "Sonder etiket",
  "untitled_workflow": "Naamlose werkvloei",
  "up_next": "Volgende",
  "update_location_action_prompt": "Werk die ligging van {count} gekose items by met:",
@@ -198,7 +187,6 @@
  "upload_concurrency": "Aantal gelyktydige oplaaie",
  "upload_details": "Oplaaidetails",
  "upload_dialog_info": "Wil u ’n rugsteun maak van die gekose item(s) op die bediener?",
-  "upload_dialog_title": "Laai item op",
  "upload_error_with_count": "Oplaaifout vir {count, plural, one {# item} other {# items}}",
  "upload_errors": "Oplaai voltooi met {count, plural, one {# fout} other {# foute}}, verfris die blad om die nuwe items te sien.",
  "upload_finished": "Klaar opgelaai",
@@ -269,7 +257,6 @@
  "viewer_remove_from_stack": "Verwyder van stapel",
  "viewer_stack_use_as_main_asset": "Gebruik as hoofitem",
  "viewer_unstack": "Ontstapel",
-  "visibility": "Sigbaarheid",
  "visibility_changed": "Sigbaarheid verander vir {count, plural, one {# mens} other {# mense}}",
  "visual": "Visueel",
  "visual_builder": "Visuele bouer",
--- a/i18n/ar.json
+++ b/i18n/ar.json
@@ -3,7 +3,7 @@
  "account": "حساب",
  "account_settings": "إعدادات الحساب",
  "acknowledge": "أُدرك ذلك",
-  "action": "إجراء",
+  "action": "عملية",
  "action_common_update": "تحديث",
  "action_description": "مجموعة من الفعاليات التي ستنفذ على الأصول التي تم تصفيتها",
  "actions": "عمليات",
@@ -61,8 +61,8 @@
    "backup_onboarding_1_description": "نسخة خارج الموقع في موقع آخر.",
    "backup_onboarding_2_description": "نسخ محلية على أجهزة مختلفة. يشمل ذلك الملفات الرئيسية ونسخة احتياطية محلية منها.",
    "backup_onboarding_3_description": "إجمالي نُسخ بياناتك، بما في ذلك الملفات الأصلية. يشمل ذلك نسخةً واحدةً خارج الموقع ونسختين محليتين.",
-    "backup_onboarding_description": "يُنصح باتباع <backblaze-link>استراتيجية النسخ الاحتياطي 3-2- 1</backblaze-link> لحماية بياناتك. احتفظ بنسخ احتياطية من صورك/فيديوهاتك المحمّلة، بالإضافة إلى قاعدة بيانات Immich، لضمان حل نسخ احتياطي شامل.",
-    "backup_onboarding_footer": "لمزيد من المعلومات حول النسخ الاحتياطي لـ <link>Immich</link>، يرجى الرجوع إلى <link>الوثائق</link>.",
+    "backup_onboarding_description": "يُنصح باتباع <backblaze-link>استراتيجية النسخ الاحتياطي 3-2-1</backblaze-link> لحماية بياناتك. احتفظ بنسخ احتياطية من صورك/فيديوهاتك المحمّلة، بالإضافة إلى قاعدة بيانات Immich، لضمان حل نسخ احتياطي شامل.",
+    "backup_onboarding_footer": "لمزيد من المعلومات حول النسخ الاحتياطي لـ Immich، يرجى الرجوع إلى <link> التعليمات </link>.",
    "backup_onboarding_parts_title": "يتضمن النسخ الاحتياطي 3-2-1 ما يلي:",
    "backup_onboarding_title": "النسخ الاحتياطية",
    "backup_settings": "إعدادات تفريغ قاعدة البيانات",
@@ -333,7 +333,7 @@
    "storage_template_migration_description": "قم بتطبيق القالب الحالي <link>{template}</link> على المحتويات التي تم رفعها سابقًا",
    "storage_template_migration_info": "تغييرات النموذج الخزني ستغير جميع الصيغ الى احرف صغيرة. تغييرات النموذج ستنطبق فقط على المحتويات الجديدة. لتطبيق النموذج على المحتويات التي تم رفعها سابقًا، قم بتشغيل <link>{job}</link>.",
    "storage_template_migration_job": "وظيفة تهجير قالب التخزين",
-    "storage_template_more_details": "لمزيد من التفاصيل حول هذه الميزة، يرجى الرجوع إلى <template-link>Storage Template</template-link> و <implications-link>implications</implications-link>.",
+    "storage_template_more_details": "لمزيد من التفاصيل حول هذه الميزة، يرجى الرجوع إلى <template-link>Storage Template</template-link> و<implications-link>implications</implications-link>",
    "storage_template_onboarding_description_v2": "عند التفعيل. هذه الخاصية ستقوم بالترتيب التلقائي للملفات بناء على نموذج معرف من قبل المستخدم. رجاء اطلع على <link>التوثيق</link>.",
    "storage_template_path_length": "الحد التقريبي لطول المسار: <b>{length, number}</b>/{limit, number}",
    "storage_template_settings": "قالب التخزين",
@@ -372,7 +372,7 @@
    "transcoding_audio_codec": "كود الصوت",
    "transcoding_audio_codec_description": "Opus هو الخيار ذو أعلى جودة، ولكنه يتمتع بتوافق أقل مع الأجهزة أو البرمجيات القديمة.",
    "transcoding_bitrate_description": "مقاطع الفيديو التي يتجاوز معدل البت أقصى قيمة أو التي لا تكون في تنسيق مقبول",
-    "transcoding_codecs_learn_more": "لمعرفة المزيد حول المصطلحات المستخدمة هنا، يرجى الرجوع إلى وثائق FFmpeg لـ <h264-link>H.264 codec</h264-link>، و <hevc-link>HEVC codec</hevc-link> و <vp9-link>VP9 codec</vp9-link>.",
+    "transcoding_codecs_learn_more": "لمعرفة المزيد حول المصطلحات المستخدمة هنا، يرجى الرجوع إلى وثائق FFmpeg لل<h264-link>H.264 codec</h264-link>, <hevc-link>HEVC codec</hevc-link> and <vp9-link>VP9 codec</vp9-link>.",
    "transcoding_constant_quality_mode": "وضع الجودة الثابتة",
    "transcoding_constant_quality_mode_description": "ICQ أفضل من CQP، ولكن بعض أجهزة عتاد التسريع لا تدعم هذا الوضع. تعيين هذا الخيار يسجعل الأفضلية للوضع المحدد عند استخدام الترميز بناءً على الجودة. يتم تجاهله بواسطة NVENC لأنه لا يدعم ICQ.",
    "transcoding_constant_rate_factor": "عامل معدل الجودة الثابت (-crf)",
@@ -441,7 +441,7 @@
    "user_successfully_removed": "المستخدم {email} تمت ازالته بنجاح.",
    "users_page_description": "صفحة ادارة المستخدمين",
    "version_check_enabled_description": "تفعيل التحقق من الإصدارات الجديدة",
-    "version_check_implications": "تعتمد ميزة التحقق من الإصدار على التواصل الدوري مع {server}",
+    "version_check_implications": "تعتمد ميزة التحقق من الإصدار على التواصل الدوري مع github.com",
    "version_check_settings": "التحقق من الإصدار",
    "version_check_settings_description": "تفعيل/تعطيل الإشعار لإصدار جديد",
    "video_conversion_job": "تحويل أشرطة الفيديو",
@@ -849,12 +849,9 @@
  "create_link_to_share": "إنشاء رابط للمشاركة",
  "create_link_to_share_description": "السماح لأي شخص لديه الرابط بمشاهدة الصورة (الصور) المحددة",
  "create_new": "انشاء جديد",
-  "create_new_face": "إنشاء وجه جديد",
  "create_new_person": "إنشاء شخص جديد",
  "create_new_person_hint": "تعيين المحتويات المحددة لشخص جديد",
  "create_new_user": "إنشاء مستخدم جديد",
-  "create_person": "إنشاء شخص",
-  "create_person_subtitle": "أضف اسماً للوجه المحدد لإنشاء الشخص الجديد والإشارة إليه",
  "create_shared_album_page_share_add_assets": "إضافة الأصول",
  "create_shared_album_page_share_select_photos": "حدد الصور",
  "create_shared_link": "انشاء رابط مشترك",
@@ -869,7 +866,6 @@
  "crop_aspect_ratio_fixed": "تم الاصلاح",
  "crop_aspect_ratio_free": "حر",
  "crop_aspect_ratio_original": "اصلي",
-  "crop_aspect_ratio_square": "مربع",
  "curated_object_page_title": "أشياء",
  "current_device": "الجهاز الحالي",
  "current_pin_code": "رمز PIN الحالي",
@@ -884,7 +880,7 @@
  "daily_title_text_date": "E ، MMM DD",
  "daily_title_text_date_year": "E ، MMM DD ، yyyy",
  "dark": "معتم",
-  "dark_theme": "تبديل المظهر إلى الداكن",
+  "dark_theme": "تبديل المظهر الداكن",
  "date": "تاريخ",
  "date_after": "التارخ بعد",
  "date_and_time": "التاريخ و الوقت",
@@ -895,8 +891,10 @@
  "day": "يوم",
  "days": "ايام",
  "deduplicate_all": "إلغاء تكرار الكل",
-  "default_locale": "الإعدادات المحلية الافتراضية",
-  "default_locale_description": "تنسيق التواريخ والأرقام بناءً على الإعدادات المحلية للمتصفح",
+  "deduplication_criteria_1": "حجم الصورة بوحدات البايت",
+  "deduplication_criteria_2": "عدد بيانات EXIF",
+  "deduplication_info": "معلومات إلغاء البيانات المكررة",
+  "deduplication_info_description": "لتحديد الأصول مسبقا تلقائيا وإزالة التكرارات بكميات كبيرة، ننظر إلى:",
  "delete": "حذف",
  "delete_action_confirmation_message": "هل انت متأكد من حذف هذا الملف؟ هذا سؤدي الى نقل الملف الى سلة مهملات الخادم وسيتم اشعارك ان كنت تريد حذفه على الجهاز",
  "delete_action_prompt": "تم حذف {count}",
@@ -972,7 +970,7 @@
  "downloading_media": "تنزيل الوسائط",
  "drop_files_to_upload": "قم بإسقاط الملفات في أي مكان لرفعها",
  "duplicates": "التكرارات",
-  "duplicates_description": "قم بحل كل مجموعة من خلال الإشارة إلى التكرارات، إن وجدت.",
+  "duplicates_description": "قم بحل كل مجموعة من خلال الإشارة إلى التكرارات، إن وجدت",
  "duration": "المدة",
  "edit": "تعديل",
  "edit_album": "تعديل الألبوم",
@@ -1389,11 +1387,9 @@
  "library_page_sort_title": "عنوان الألبوم",
  "licenses": "رُخَص",
  "light": "المضيئ",
-  "light_theme": "التبديل إلى المظهر الفاتح",
  "like": "اعجاب",
  "like_deleted": "تم حذف الإعجاب",
  "link_motion_video": "رابط فيديو الحركة",
-  "link_to_docs": "لمزيد من المعلومات، يُرجى الرجوع إلى <link>الوثائق</link>.",
  "link_to_oauth": "الربط مع OAuth",
  "linked_oauth_account": "حساب مرتبط بـ OAuth",
  "list": "قائمة",
@@ -1655,7 +1651,6 @@
  "only_favorites": "المفضلة فقط",
  "open": "فتح",
  "open_calendar": "افتح الرزنامة",
-  "open_in_browser": "فتح في متصفح",
  "open_in_map_view": "فتح في عرض الخريطة",
  "open_in_openstreetmap": "فتح في OpenStreetMap",
  "open_the_search_filters": "افتح مرشحات البحث",
@@ -2217,7 +2212,6 @@
  "tag": "العلامة",
  "tag_assets": "أصول العلامة",
  "tag_created": "تم إنشاء العلامة: {tag}",
-  "tag_face": "علِّم الوجه",
  "tag_feature_description": "تصفح الصور ومقاطع الفيديو المجمعة حسب مواضيع العلامات المنطقية",
  "tag_not_found_question": "لا يمكن العثور على علامة؟ <link>قم بإنشاء علامة جديدة.</link>",
  "tag_people": "علِّم الأشخاص",
@@ -2392,14 +2386,13 @@
  "view_name": "عرض",
  "view_next_asset": "عرض المحتوى التالي",
  "view_previous_asset": "عرض المحتوى السابق",
-  "view_qr_code": "عرض رمز الاستجابة السريعة",
+  "view_qr_code": "عرض رمز الاستجابة السريعة",
  "view_similar_photos": "عرض صور مشابهة",
  "view_stack": "عرض التكديس",
  "view_user": "عرض المستخدم",
  "viewer_remove_from_stack": "حذف من الكومه أو المجموعة",
  "viewer_stack_use_as_main_asset": "استخدم كأصل رئيسي",
  "viewer_unstack": "فك الكومه",
-  "visibility": "إمكانية الرؤية",
  "visibility_changed": "الرؤية تغيرت لـ {count, plural, one {شخص واحد} other {# عدة أشخاص}}",
  "visual": "مرئي",
  "visual_builder": "اداة نشاء مرئية",
@@ -2411,14 +2404,14 @@
  "welcome_to_immich": "مرحباً بك في Immich",
  "width": "عُرض",
  "wifi_name": "اسم شبكة Wi-Fi",
-  "workflow_delete_prompt": "متأكد من حذف سير العمل هذا؟",
+  "workflow_delete_prompt": "هل أنت متأكد من حذف سير العمل هذا؟",
  "workflow_deleted": "تم حذف سير العمل",
  "workflow_description": "وصف سير العمل",
  "workflow_info": "معلومات سير العمل",
  "workflow_json": "ملف JSON لسير العمل",
  "workflow_json_help": "قم بتعديل إعدادات سير العمل بصيغة JSON. ستتم مزامنة التغييرات مع أداة الإنشاء المرئية.",
  "workflow_name": "اسم سير العمل",
-  "workflow_navigation_prompt": "متاكد من المغادرة بدون حفظ التغييرات؟",
+  "workflow_navigation_prompt": "هل انت متاكد من المغادرة بدون حفظ التغييرات؟",
  "workflow_summary": "ملخص سير العمل",
  "workflow_update_success": "تم تحديث سير العمل بنجاح",
  "workflow_updated": "تم تحديث سير العمل",
--- a/i18n/be.json
+++ b/i18n/be.json
@@ -239,7 +239,7 @@
    "user_settings": "Налады карыстальніка",
    "user_settings_description": "Кіраванне наладамі карыстальніка",
    "version_check_enabled_description": "Уключыць праверку версіі",
-    "version_check_implications": "Функцыя праверкі версіі перыядычна звяртаецца да {server}",
+    "version_check_implications": "Функцыя праверкі версіі перыядычна звяртаецца да github.com",
    "version_check_settings": "Праверка версіі",
    "version_check_settings_description": "Уключыць/адключыць апавяшчэнні аб новай версіі"
  },
--- a/i18n/bg.json
+++ b/i18n/bg.json
@@ -333,7 +333,7 @@
    "storage_template_migration_description": "Прилагане на текущия <link>{template}</link> към предишно качените файлове",
    "storage_template_migration_info": "Шаблона ще преобразува всички разширения на имената на файловете в долен регистър. Промените в шаблоните ще се прилагат само за нови елементи. За да приложите принудително шаблона към вече качени елементи, изпълнете <link>{job}</link>.",
    "storage_template_migration_job": "Задача за миграция на шаблона за съхранение",
-    "storage_template_more_details": "За повече подробности относно тази функция се обърнете към шаблона <template-link>Storage Template</template-link> и неговите <implications-link>последствия</implications-link>",
+    "storage_template_more_details": "За повече подробности относно тази функция се обърнете към шаблона <template-link>Storage Template</template-link> и неговите <implications-link> последствия </implications-link>",
    "storage_template_onboarding_description_v2": "Когато е разрешена, тази функция ще организира автоматично файловете, според шаблон, дефиниран от потребителя. За допълнителна информация, моля вижте <link>документацията</link>.",
    "storage_template_path_length": "Ограничение на дължината на пътя: <b>{length, number}</b>/{limit, number}",
    "storage_template_settings": "Шаблон за съхранение",
@@ -441,7 +441,7 @@
    "user_successfully_removed": "Потребител {email} е успешно премахнат.",
    "users_page_description": "Страница за администриране на потребители",
    "version_check_enabled_description": "Активирай проверка на версията",
-    "version_check_implications": "Функцията за проверка на версията разчита на периодична комуникация с {server}",
+    "version_check_implications": "Функцията за проверка на версията разчита на периодична комуникация с github.com",
    "version_check_settings": "Проверка на версията",
    "version_check_settings_description": "Активирайте/деактивирайте известието за нова версия",
    "video_conversion_job": "Транскодиране на видеоклиповете",
@@ -849,12 +849,9 @@
  "create_link_to_share": "Създаване на линк за споделяне",
  "create_link_to_share_description": "Позволете на всеки, който има линк, да види избраната(ите) снимка(и)",
  "create_new": "СЪЗДАЙ НОВ",
-  "create_new_face": "Създай ново лице",
  "create_new_person": "Създаване на ново лице",
  "create_new_person_hint": "Присвойте избраните файлове на нов човек",
  "create_new_user": "Създаване на нов потребител",
-  "create_person": "Създай човек",
-  "create_person_subtitle": "Добави име към избраното лице за да създадеш и да сложиш етикет на новия човек",
  "create_shared_album_page_share_add_assets": "ДОБАВИ ОБЕКТИ",
  "create_shared_album_page_share_select_photos": "Избери снимки",
  "create_shared_link": "Създай линк за споделяне",
@@ -869,7 +866,6 @@
  "crop_aspect_ratio_fixed": "Фиксиран",
  "crop_aspect_ratio_free": "Свободен",
  "crop_aspect_ratio_original": "Оригинален",
-  "crop_aspect_ratio_square": "Квадрат",
  "curated_object_page_title": "Неща",
  "current_device": "Текущо устройство",
  "current_pin_code": "Сегашен PIN код",
@@ -884,7 +880,7 @@
  "daily_title_text_date": "E, dd MMM",
  "daily_title_text_date_year": "E, dd MMM yyyy",
  "dark": "Тъмен",
-  "dark_theme": "Премини към тъмна тема",
+  "dark_theme": "Тъмна тема",
  "date": "Дата",
  "date_after": "Дата след",
  "date_and_time": "Дата и час",
@@ -895,8 +891,10 @@
  "day": "Ден",
  "days": "Дни",
  "deduplicate_all": "Дедупликиране на всички",
-  "default_locale": "Език по подразбиране",
-  "default_locale_description": "Формат на дата и числа според езиковата настройка на браузъра",
+  "deduplication_criteria_1": "Размер на снимката в байтове",
+  "deduplication_criteria_2": "Брой EXIF данни",
+  "deduplication_info": "Информация за дедупликацията",
+  "deduplication_info_description": "За автоматично предварително избиране на ресурси и премахване на дубликати на едро, разглеждаме:",
  "delete": "Изтрий",
  "delete_action_confirmation_message": "Сигурни ли сте, че искате да изтриете този обект? Следва преместване на обекта в коша за отпадъци на сървъра и ще получите предложение обекта да бъде изтрит локално",
  "delete_action_prompt": "{count} са изтрити",
@@ -972,7 +970,7 @@
  "downloading_media": "Изтегляне на медия",
  "drop_files_to_upload": "Пуснете файловете, за да ги качите",
  "duplicates": "Дубликати",
-  "duplicates_description": "Изберете всяка група, като посочите кои, ако има такива, са дубликати.",
+  "duplicates_description": "Изберете всяка група, като посочите кои, ако има такива, са дубликати",
  "duration": "Продължителност",
  "edit": "Редактиране",
  "edit_album": "Редактиране на албум",
@@ -1389,11 +1387,9 @@
  "library_page_sort_title": "Заглавие на албума",
  "licenses": "Лицензи",
  "light": "Светло",
-  "light_theme": "Премини към светла тема",
  "like": "Харесайте",
  "like_deleted": "Като изтрит",
  "link_motion_video": "Линк към видео",
-  "link_to_docs": "За повече информация вижте <link>документацията</link>.",
  "link_to_oauth": "Линк към OAuth",
  "linked_oauth_account": "Свързан OAuth акаунт",
  "list": "Лист",
@@ -1655,14 +1651,13 @@
  "only_favorites": "Само любими",
  "open": "Отвори",
  "open_calendar": "Отвори календар",
-  "open_in_browser": "Отвори в браузър",
  "open_in_map_view": "Отвори изглед на карта",
  "open_in_openstreetmap": "Отвори в OpenStreetMap",
  "open_the_search_filters": "Отвари филтрите за търсене",
  "options": "Настройки",
  "or": "или",
-  "organize_into_albums": "Подредете в албуми",
-  "organize_into_albums_description": "Добавете наличните снимки в албуми, като използвате текущите настройки за синхронизиране",
+  "organize_into_albums": "Organitzar per àlbums",
+  "organize_into_albums_description": "Posar les fotos existents dins dels àlbums fent servir la configuració de sincronització",
  "organize_your_library": "Организиране на вашата библиотека",
  "original": "оригинал",
  "other": "Други",
@@ -1810,7 +1805,7 @@
  "purchase_server_description_2": "Статус на поддръжник",
  "purchase_server_title": "Сървър",
  "purchase_settings_server_activated": "Продуктовият ключ на сървъра се управлява от администратора",
-  "query_asset_id": "Търсене на елемент по ID",
+  "query_asset_id": "Buscar item per ID",
  "queue_status": "В опашка {count} от {total}",
  "rate_asset": "Задаване на рейтинг",
  "rating": "Оценка със звезди",
@@ -2217,7 +2212,6 @@
  "tag": "Таг",
  "tag_assets": "Тагни елементи",
  "tag_created": "Създаден етикет: {tag}",
-  "tag_face": "Отбележи лице",
  "tag_feature_description": "Разглеждане на снимки и видеоклипове, групирани по теми с логически тагове",
  "tag_not_found_question": "Не можете да намерите етикет? <link>Създайте нов етикет.</link>",
  "tag_people": "Отбележи Хора",
@@ -2399,7 +2393,6 @@
  "viewer_remove_from_stack": "Премахване от опашката",
  "viewer_stack_use_as_main_asset": "Използвай като основен",
  "viewer_unstack": "Премахни от опашката",
-  "visibility": "Видимост",
  "visibility_changed": "Видимостта е променена за {count, plural, one {# човек} other {# човека}}",
  "visual": "Визуален",
  "visual_builder": "Визуален конструктор",
--- a/i18n/bn.json
+++ b/i18n/bn.json
@@ -231,8 +231,6 @@
    "metadata_settings_description": "মেটাডেটা সেটিংস পরিচালনা করুন (Manage metadata settings)",
    "migration_job": "মাইগ্রেশন (Migration)",
    "migration_job_description": "অ্যাসেট এবং ফেস থাম্বনেইলগুলোকে সর্বশেষ ফোল্ডার স্ট্রাকচারে মাইগ্রেট করুন। (Migrate thumbnails for assets and faces to the latest folder structure)",
-    "nightly_tasks_cluster_faces_setting_description": "নতুন শনাক্ত হওয়া মুখগুলিতে ফেসিয়াল রিকগনিশন চালান",
-    "nightly_tasks_cluster_new_faces_setting": "নতুন মুখগুলোর গুচ্ছ",
    "nightly_tasks_database_cleanup_setting": "ডেটাবেস ক্লিনআপ টাস্কসমূহ (Database cleanup tasks)",
    "nightly_tasks_database_cleanup_setting_description": "ডেটাবেস থেকে পুরোনো এবং মেয়াদোত্তীর্ণ ডেটা মুছে ফেলুন",
    "nightly_tasks_generate_memories_setting": "মেমোরিজ তৈরি করুন (Generate memories)",
@@ -259,20 +257,6 @@
    "notification_email_secure": "SMTPS (স্মার্ট মেইল ট্রান্সফার প্রোটোকল সিকিউর)",
    "notification_email_secure_description": "SMTPS (SMTP over TLS) ব্যবহার করুন",
    "notification_email_sent_test_email_button": "টেস্ট ইমেল পাঠান এবং সেভ করুন",
-    "notification_email_setting_description": "ইমেল নোটিফিকেশন পাঠানোর সেটিংস",
-    "notification_email_test_email": "পরীক্ষামূলক ইমেইল পাঠান",
-    "notification_email_test_email_failed": "পরীক্ষামূলক ইমেল পাঠানো সম্ভব হয়নি, আপনার সেটিংস যাচাই করুন",
-    "notification_email_test_email_sent": "{email}-এ একটি পরীক্ষামূলক ইমেল পাঠানো হয়েছে। অনুগ্রহ করে আপনার ইনবক্স দেখুন।",
-    "notification_email_username_description": "ইমেল সার্ভারে ভেরিফিকেসনের জন্য ব্যবহৃত ইউজারনেম",
-    "notification_enable_email_notifications": "ইমেল নোটিফিকেসন সক্রিয় করুন",
-    "notification_settings": "নোটিফিকেসন সেটিংস",
-    "notification_settings_description": "ইমেইল সহ নোটিফিকেশন সেটিংস পরিচালনা করুন",
-    "oauth_auto_launch": "অটো লঞ্চ",
-    "oauth_auto_launch_description": "লগইন পেজে প্রবেশ করার সাথে সাথে OAuth লগইন প্রক্রিয়াটি স্বয়ংক্রিয়ভাবে শুরু করুন",
-    "oauth_auto_register": "সয়ংক্রিয়ভাবে রেজিস্টার করুন",
-    "oauth_auto_register_description": "OAuth দিয়ে সাইন ইন করার পর নতুন ব্যবহারকারীদের স্বয়ংক্রিয়ভাবে নিবন্ধন করুন",
-    "oauth_button_text": "বাটন টেক্সট",
-    "oauth_client_secret_description": "গোপনীয় ক্লায়েন্টের জন্য প্রয়োজন, অথবা যদি পাবলিক ক্লায়েন্টের জন্য PKCE (Proof Key for Code Exchange) সমর্থিত না হয়।",
    "oauth_enable_description": "OAuth-এর মাধ্যমে লগইন করুন",
    "oauth_mobile_redirect_uri": "মোবাইল রিডাইরেক্ট ইউআরআই (URI)",
    "oauth_mobile_redirect_uri_override": "মোবাইল রিডাইরেক্ট ইউআরআই (URI) ওভাররাইড",
@@ -339,20 +323,6 @@
    "storage_template_settings": "স্টোরেজ টেমপ্লেট (Storage Template)",
    "storage_template_settings_description": "আপলোড করা অ্যাসেটের ফোল্ডার স্ট্রাকচার এবং ফাইল নেম ম্যানেজ করুন",
    "storage_template_user_label": "<code>{label}</code> হলো ব্যবহারকারীর স্টোরেজ লেবেল (Storage Label)",
-    "system_settings": "সিস্টেম সেটিংস",
-    "tag_cleanup_job": "ট্যাগ মুছে ফেলা",
-    "template_email_available_tags": "আপনি আপনার টেমপ্লেটে নিম্নলিখিত ভেরিয়েবলগুলো ব্যবহার করতে পারেন: {tags}",
-    "template_email_if_empty": "টেমপ্লেটটি খালি থাকলে ডিফল্ট ইমেল ব্যবহার করা হবে।",
-    "template_email_invite_album": "ইনভাইট অ্যালবাম টেমপ্লেট",
-    "template_email_preview": "প্রিভিউ",
-    "template_email_settings": "ইমেইল টেমপ্লেট",
-    "template_email_update_album": "অ্যালবাম টেমপ্লেট আপডেট করুন",
-    "template_email_welcome": "স্বাগতম ইমেইল টেমপ্লেট",
-    "template_settings": "নোটিফিকেশন টেমপ্লেট",
-    "template_settings_description": "নোটিফিকেশনের জন্য কাস্টম টেমপ্লেট পরিচালনা করুন",
-    "theme_custom_css_settings": "কাস্টম CSS",
-    "theme_custom_css_settings_description": "ক্যাসকেডিং স্টাইল শীট ব্যবহার করে Immich এর ডিজাইন কাস্টমাইজ করা যায়।",
-    "theme_settings": "থীম সেটিংস",
    "theme_settings_description": "ইমিচ (Immich) ওয়েব ইন্টারফেসের কাস্টমাইজেশন ম্যানেজ করুন",
    "thumbnail_generation_job": "থাম্বনেইল তৈরি করুন (Generate Thumbnails)",
    "thumbnail_generation_job_description": "প্রতিটি অ্যাসেটের জন্য বড়, ছোট এবং ব্লার (অস্পষ্ট) থাম্বনেইল তৈরি করুন, সেই সাথে প্রতিটি ব্যক্তির জন্যও থাম্বনেইল তৈরি করুন।",
@@ -364,281 +334,8 @@
    "transcoding_acceleration_vaapi": "VA-API (ভিডিও অ্যাক্সিলারেশন এপিআই)",
    "transcoding_accepted_audio_codecs": "গ্রহণযোগ্য অডিও কোডেকসমূহ (Accepted audio codecs)",
    "transcoding_accepted_audio_codecs_description": "কোন অডিও কোডেকগুলো ট্রানসকোড করার প্রয়োজন নেই তা নির্বাচন করুন। এটি শুধুমাত্র নির্দিষ্ট ট্রানসকোড পলিসির (transcode policies) জন্য ব্যবহৃত হয়।",
-    "transcoding_accepted_containers": "গ্রহণযোগ্য কন্টেইনারসমূহ (Accepted containers)",
-    "transcoding_accepted_containers_description": "কোন কন্টেইনার ফরম্যাটগুলোকে MP4-এ রিমুক্স করার প্রয়োজন নেই তা নির্বাচন করুন। শুধুমাত্র নির্দিষ্ট ট্রান্সকোড পলিসির জন্য ব্যবহৃত হয়।",
-    "transcoding_accepted_video_codecs": "সমর্থিত ভিডিও কোডেকগুলো",
-    "transcoding_accepted_video_codecs_description": "কোন ভিডিও কোডেকগুলো ট্রান্সকোড করার প্রয়োজন নেই তা নির্বাচন করুন। শুধুমাত্র নির্দিষ্ট ট্রান্সকোড নীতির জন্য ব্যবহৃত হয়।",
-    "transcoding_advanced_options_description": "বেশিরভাগ ব্যবহারকারীর পরিবর্তন করার প্রয়োজন নেই এমন অপশনসমূহ",
-    "transcoding_audio_codec": "অডিও কোডেক",
-    "transcoding_audio_codec_description": "Opus সর্বোচ্চ মানের অপশন, তবে পুরোনো ডিভাইস বা সফটওয়্যারের সাথে এর সামঞ্জস্য কম।",
-    "transcoding_bitrate_description": "সর্বোচ্চ বিটরেটের চেয়ে বেশি বা সমর্থিত ফরম্যাটে নয় এমন ভিডিও",
-    "transcoding_codecs_learn_more": "এখানে ব্যবহৃত পরিভাষা সম্পর্কে আরও জানতে FFmpeg ডকুমেন্টেশন দেখুন, <h264-link>H.264 কোডেক</h264-link>, <hevc-link>HEVC কোডেক</hevc-link> এবং <vp9-link>VP9 কোডেক</vp9-link>।",
-    "transcoding_constant_quality_mode": "নির্দিষ্ট মান মোড",
-    "transcoding_constant_quality_mode_description": "ICQ, CQP-এর চেয়ে ভালো মান দেয়, কিন্তু সব হার্ডওয়্যার অ্যাক্সেলারেশন ডিভাইসে কাজ করে না। এই অপশন চালু থাকলে কোয়ালিটি-ভিত্তিক এনকোডিংয়ে এটি প্রাধান্য পাবে। NVENC এটি সমর্থন করে না, তাই এটি উপেক্ষা করা হবে।",
-    "transcoding_constant_rate_factor": "নির্দিষ্ট রেট ফ্যাক্টর (-crf)",
-    "transcoding_constant_rate_factor_description": "ভিডিওর গুণমানের স্তর। সাধারণ মানগুলো হলো H.264-এর জন্য ২৩, HEVC-এর জন্য ২৮, VP9-এর জন্য ৩১ এবং AV1-এর জন্য ৩৫। মান যত কম হবে, ভিডিওর গুণমান তত উন্নত হবে, তবে ফাইলের আকার তত বড় হবে।",
-    "transcoding_disabled_description": "কোনো ভিডিও ট্রান্সকোড করবেন না, এতে কিছু ক্লায়েন্টে প্লেব্যাক নষ্ট হতে পারে",
-    "transcoding_encoding_options": "এনকোডিং এর অপশনগুলি",
-    "transcoding_encoding_options_description": "এনকোড করা ভিডিওগুলির জন্য কোডেক, রেজোলিউশন, কোয়ালিটি এবং অন্যান্য অপশন সেট করুন",
-    "transcoding_hardware_acceleration": "হার্ডওয়্যার এক্সিলারেসন (Acceleration)",
-    "transcoding_hardware_acceleration_description": "পরীক্ষামূলক: দ্রুততর ট্রান্সকোডিং, কিন্তু একই বিটরেটে গুণমান হ্রাস পেতে পারে",
-    "transcoding_hardware_decoding": "হার্ডওয়্যার ডিকোডিং",
-    "transcoding_hardware_decoding_setting_description": "শুধু এনকোডিং অ্যাক্সিলারেশন করার পরিবর্তে এটি এন্ড-টু-এন্ড অ্যাক্সিলারেশন সক্ষম করে। সব ভিডিওতে কাজ নাও করতে পারে।",
-    "transcoding_max_b_frames": "সর্বোচ্চ বি-ফ্রেম (B-frames)",
-    "transcoding_max_b_frames_description": "মান যত বেশি হবে, কমপ্রেশন তত ভালো হবে কিন্তু এনকোডিং ধীরে চলবে। পুরোনো ডিভাইসে হার্ডওয়্যার অ্যাক্সেলারেশন কাজ নাও করতে পারে। ০ দিলে B-frames বন্ধ থাকবে, -১ দিলে এটি নিজে থেকেই ঠিক হবে।",
-    "transcoding_max_bitrate": "সর্বোচ্চ বিটরেট",
-    "transcoding_max_bitrate_description": "সর্বোচ্চ বিটরেট নির্ধারণ করলে ফাইলের আকার আরও অনুমানযোগ্য হতে পারে, তবে এর ফলে কোয়ালিটির কিছুটা অবনতি ঘটে। 720p-তে, VP9 বা HEVC-এর জন্য সাধারণ মান হলো 2600 kbit/s, অথবা H.264-এর জন্য 4500 kbit/s।এর মান 0 সেট করা হলে এটি বন্ধ থাকে। যখন কোনো একক নির্দিষ্ট করা থাকে না, তখন k (kbit/s-এর জন্য) ধরে নেওয়া হয়; তাই 5000, 5000k, এবং 5M (Mbit/s-এর জন্য) সমতুল্য।",
-    "transcoding_max_keyframe_interval": "সর্বোচ্চ কীফ্রেম ব্যবধান",
-    "transcoding_max_keyframe_interval_description": "কীফ্রেমের মধ্যে সর্বোচ্চ ফ্রেম দূরত্ব নির্ধারণ করে। মান কম হলে কমপ্রেশন দক্ষতা কমে, তবে ভিডিওতে খুঁজে বের করা দ্রুত হয় এবং দ্রুত চলমান দৃশ্যে মানও কিছুটা ভালো হতে পারে। ০ দিলে এই মান স্বয়ংক্রিয়ভাবে নির্ধারিত হয়।",
-    "transcoding_optimal_description": "নির্দিষ্ট রেজোলিউশনের চেয়ে বড় বা সমর্থিত ফরম্যাটে নয় এমন ভিডিও",
-    "transcoding_policy": "ট্রান্সকোড নীতি",
-    "transcoding_policy_description": "ভিডিও কখন ট্রান্সকোড করা হবে তা সেট করুন",
-    "transcoding_preferred_hardware_device": "পছন্দের হার্ডওয়্যার ডিভাইস",
-    "transcoding_preferred_hardware_device_description": "শুধুমাত্র VAAPI এবং QSV-এর ক্ষেত্রে প্রযোজ্য। হার্ডওয়্যার ট্রান্সকোডিংয়ের জন্য ব্যবহৃত dri নোড নির্ধারণ করে।",
-    "transcoding_preset_preset": "প্রিসেট (-preset)",
-    "transcoding_preset_preset_description": "কম্প্রেশন স্পিড। ধীরগতির প্রিসেটগুলো ছোট ফাইল তৈরি করে এবং একটি নির্দিষ্ট বিটরেট লক্ষ্য করার সময় গুণমান বৃদ্ধি করে। VP9 'faster'-এর চেয়ে বেশি গতি উপেক্ষা করে।",
-    "transcoding_reference_frames": "রেফারেন্স ফ্রেম",
-    "transcoding_reference_frames_description": "একটি ফ্রেম কম্প্রেস করার সময় কতটি ফ্রেমকে রেফারেন্স হিসেবে নেওয়া হবে। মান যত বেশি হবে, কমপ্রেশন দক্ষতা তত ভালো হবে, তবে এনকোডিং ধীর হবে। ০ দিলে এই মান স্বয়ংক্রিয়ভাবে নির্ধারিত হবে।",
-    "transcoding_required_description": "শুধুমাত্র অনুমোদিত ফরম্যাটে নেই এমন ভিডিও",
-    "transcoding_settings": "ভিডিও ট্রান্সকোডিং সেটিংস",
-    "transcoding_settings_description": "নির্ধারণ করুন কোন ভিডিওগুলোকে ট্রান্সকোড করতে হবে এবং কিভাবে প্রক্রিয়া করতে হবে",
-    "transcoding_target_resolution": "টার্গেট রেজোলিউশন",
-    "transcoding_target_resolution_description": "উচ্চ রেজোলিউশন বেশি বিস্তারিত রাখে, কিন্তু এনকোডিং ধীরে হয়, ফাইল বড় হয়, এবং অ্যাপ ধীর প্রতিক্রিয়া করতে পারে।",
-    "transcoding_temporal_aq": "টেম্পোরাল AQ",
-    "transcoding_temporal_aq_description": "শুধুমাত্র NVENC-এর ক্ষেত্রে প্রযোজ্য। টেম্পোরাল অ্যাডাপটিভ কোয়ান্টাইজেশন (Adaptive Quantization) উচ্চ-বিস্তারিত ও স্বল্প-গতির দৃশ্যের মান বৃদ্ধি করে। পুরোনো ডিভাইসগুলোর সাথে সামঞ্জস্যপূর্ণ নাও হতে পারে।",
-    "transcoding_threads": "থ্রেড",
-    "transcoding_threads_description": "উচ্চ মানে এনকোডিং দ্রুত হয়, কিন্তু সার্ভার কম কাজ করতে পারে। CPU কোরের বেশি মান দেওয়া উচিত নয়। ০ দিলে সর্বাধিক ব্যবহার হবে।",
-    "transcoding_tone_mapping": "টোন-ম্যাপিং",
-    "transcoding_tone_mapping_description": "এইচডিআর (HDR) ভিডিওকে এসডিআর (SDR)-এ রূপান্তর করার সময় এর বাহ্যিক রূপ অক্ষুণ্ণ রাখার চেষ্টা করা হয়। প্রতিটি অ্যালগরিদম রঙ, ডিটেইল এবং উজ্জ্বলতার জন্য ভিন্ন ভিন্ন সমন্বয় করে। হেবল ডিটেইল, মোবিয়াস রঙ এবং রাইনহার্ড উজ্জ্বলতা অক্ষুণ্ণ রাখে।",
-    "transcoding_transcode_policy": "ট্রান্সকোড নীতি",
-    "transcoding_transcode_policy_description": "কখন একটি ভিডিও ট্রান্সকোড করা হবে তার নীতিমালা। HDR ভিডিও এবং YUV 4:2:0 ব্যতীত অন্য পিক্সেল ফরম্যাটের ভিডিও সর্বদা ট্রান্সকোড করা হবে (যদি না ট্রান্সকোডিং বন্ধ করা থাকে)।",
-    "transcoding_two_pass_encoding": "টু-পাস এনকোডিং",
-    "transcoding_two_pass_encoding_setting_description": "আরও উন্নত মানের এনকোডেড ভিডিও তৈরি করতে দুই ধাপে ট্রান্সকোড করুন। যখন সর্বোচ্চ বিটরেট সক্রিয় করা হয় (যা H.264 এবং HEVC-এর সাথে কাজ করার জন্য আবশ্যক), তখন এই মোডটি সর্বোচ্চ বিটরেটের উপর ভিত্তি করে একটি বিটরেট রেঞ্জ ব্যবহার করে এবং CRF উপেক্ষা করে। VP9-এর ক্ষেত্রে, সর্বোচ্চ বিটরেট নিষ্ক্রিয় থাকলেও CRF ব্যবহার করা যেতে পারে।",
-    "transcoding_video_codec": "ভিডিও কোডেক",
-    "transcoding_video_codec_description": "VP9 উচ্চ কর্মদক্ষতা সম্পন্ন এবং ওয়েবের সাথে সামঞ্জস্যপূর্ণ, কিন্তু ট্রান্সকোড করতে বেশি সময় লাগে। HEVC-এর কর্মক্ষমতাও প্রায় একই রকম, কিন্তু এর ওয়েব সামঞ্জস্যতা কম। H.264 ব্যাপকভাবে সামঞ্জস্যপূর্ণ এবং দ্রুত ট্রান্সকোড করা যায়, কিন্তু এটি অনেক বড় ফাইল তৈরি করে। AV1 সবচেয়ে কর্মদক্ষ কোডেক, কিন্তু পুরোনো ডিভাইসগুলোতে এর সমর্থন নেই।",
-    "trash_enabled_description": "ট্র্যাশ ফিচার চালু করুন",
-    "trash_number_of_days": "দিনের সংখ্যা",
-    "trash_number_of_days_description": "ট্র্যাশে থাকা অ্যাসেটগুলো স্থায়ীভাবে মুছে ফেলার আগে রাখার দিন সংখ্যা",
-    "trash_settings": "ট্র্যাশ সেটিংস",
-    "trash_settings_description": "ট্র্যাশ সেটিংস পরিচালনা করুন",
-    "unlink_all_oauth_accounts": "সকল OAuth অ্যাকাউন্ট আনলিঙ্ক করুন",
-    "unlink_all_oauth_accounts_description": "নতুন প্রোভাইডারে মাইগ্রেট করার আগে সব OAuth অ্যাকাউন্ট আনলিঙ্ক করুন।",
-    "unlink_all_oauth_accounts_prompt": "আপনি কি সব OAuth অ্যাকাউন্ট আনলিঙ্ক করতে নিশ্চিত? এটি প্রতিটি ব্যবহারকারীর OAuth আইডি রিসেট করে দেবে এবং এটি আর পূর্বাবস্থায় ফেরানো যাবে না।",
-    "user_cleanup_job": "ইউজার ক্লিনআপ",
-    "user_delete_delay": "<b>{user}</b>-এর অ্যাকাউন্ট এবং অ্যাসেট {delay, plural, one {# day} other {# days}} পর স্থায়ীভাবে মুছে ফেলার জন্য নির্ধারিত হবে।",
-    "user_delete_delay_settings": "মুছে ফেলার সময় বিলম্ব",
-    "user_delete_delay_settings_description": "অ্যাকাউন্ট এবং অ্যাসেট মুছে ফেলার পর কত দিনের মধ্যে স্থায়ীভাবে মুছে ফেলা হবে। ব্যবহারকারী মুছে ফেলার কাজ মধ্যরাতে চালানো হয় এবং দেখা হয় কোন ব্যবহারকারী স্থায়ীভাবে মুছে ফেলার জন্য প্রস্তুত। এই সেটিং পরিবর্তন করলে পরবর্তী এক্সিকিউশনের সময় তা প্রযোজ্য হবে।",
-    "user_delete_immediately": "<b>{user}</b>-এর অ্যাকাউন্ট এবং অ্যাসেট স্থায়ীভাবে মুছে ফেলার জন্য <b>immediately</b> কিউতে অন্তর্ভুক্ত করা হবে।",
-    "user_delete_immediately_checkbox": "ব্যবহারকারী ও অ্যাসেট তৎক্ষণাৎ মুছে ফেলার জন্য কিউ",
-    "user_details": "ব্যবহারকারী তথ্য",
-    "user_management": "ব্যবহারকারী ম্যানেজমেন্ট",
-    "user_password_has_been_reset": "ব্যবহারকারীর পাসওয়ার্ড রিসেট করা হয়েছে:",
-    "user_password_reset_description": "দয়া করে ব্যবহারকারীর জন্য সাময়িক পাসওয়ার্ড দিন এবং জানিয়ে দিন যে তারা পরবর্তী লগইনে পাসওয়ার্ড পরিবর্তন করবেন।",
-    "user_restore_description": "<b>{user}</b> এর অ্যাকাউন্ট পুনরুদ্ধার করা হবে।",
-    "user_restore_scheduled_removal": "ব্যবহারকারী পুনরুদ্ধার করুন - মুছে ফেলার জন্য নির্ধারিত তারিখ:{date, date, long}",
-    "user_settings": "ব্যবহারকারী সেটিংস",
-    "user_settings_description": "ব্যবহারকারী সেটিংস ম্যানেজ করুন",
-    "user_successfully_removed": "সফলভাবে ইউজার {email}-কে সরিয়ে দেওয়া হয়েছে।",
-    "version_check_enabled_description": "ভার্সন যাচাই চালু করুন",
-    "version_check_implications": "ভার্সন চেক ফিচারটি github.com-এর সঙ্গে নিয়মিত সংযোগের ওপর নির্ভরশীল",
-    "version_check_settings": "ভার্সন যাচাই",
-    "version_check_settings_description": "নতুন ভার্সনের নোটিফিকেশন চালু/বন্ধ করুন",
-    "video_conversion_job": "ভিডিও ট্রান্সকোড করুন",
-    "video_conversion_job_description": "ব্রাউজার এবং ডিভাইসে আরও ভালোভাবে চলার জন্য ভিডিও ট্রান্সকোড করুন"
+    "transcoding_accepted_containers": "গ্রহণযোগ্য কন্টেইনারসমূহ (Accepted containers)"
  },
-  "admin_email": "অ্যাডমিনের ইমেইল",
-  "admin_password": "অ্যাডমিনের পাসওয়ার্ড",
-  "administration": "অ্যাডমিন",
-  "advanced": "অ্যাডভান্সড",
-  "age_months": "বয়স {months, plural, one {# month} other {# months}}",
-  "age_year_months": "বয়স ১ বছর, {months, plural, one {# month} other {# months}}",
-  "album_added": "অ্যালবাম যুক্ত করা হয়েছে",
-  "album_added_notification_setting_description": "শেয়ার করা অ্যালবামে যুক্ত হলে ইমেইল নোটিফিকেশন পান",
-  "album_cover_updated": "অ্যালবামের কভার আপডেট হয়েছে",
-  "album_delete_confirmation": "আপনি কি সত্যিই অ্যালবাম {album} মুছে ফেলতে চান?",
-  "album_delete_confirmation_description": "অ্যালবামটি শেয়ার করা থাকলেও অন্য ব্যবহারকারীরা আর এটি অ্যাক্সেস করতে পারবেন না।",
-  "album_info_updated": "অ্যালবামের তথ্য আপডেট করা হয়েছে",
-  "album_leave": "অ্যালবাম থেকে বেরিয়ে যেতে চান ?",
-  "album_leave_confirmation": "আপনি কি নিশ্চিত যে আপনি {album} ছেড়ে যেতে চান?",
-  "album_name": "অ্যালবামের নাম",
-  "album_options": "অ্যালবামের অপশনসমূহ",
-  "album_remove_user": "ব্যবহারকারী সরাতে চান?",
-  "album_remove_user_confirmation": "আপনি কি নিশ্চিত যে আপনি {user}-কে সরাতে চান?",
-  "album_share_no_users": "এই অ্যালবামটি সব ব্যবহারকারীর সঙ্গে শেয়ার করা হয়েছে, বা শেয়ার করার জন্য কোনো ব্যবহারকারী নেই।",
-  "album_updated": "অ্যালবাম আপডেট করা হয়েছে",
-  "album_updated_setting_description": "নতুন অ্যাসেট যুক্ত হলে শেয়ার করা অ্যালবামের জন্য ইমেইল নোটিফিকেশন পান",
-  "album_user_left": "বাম {album}",
-  "album_user_removed": "{user} কে সরানো হয়েছে",
-  "album_with_link_access": "লিঙ্ক থাকা যে কেউ এই অ্যালবামের ছবি ও মানুষজনকে দেখতে পারবে।",
-  "albums": "অ্যালবামসমূহ",
-  "all": "সব",
-  "all_albums": "সকল অ্যালবামসমূহ",
-  "all_people": "সব ব্যবহারকারী",
-  "all_videos": "সব ভিডিও",
-  "allow_dark_mode": "ডার্ক মোড চালু করুন",
-  "allow_edits": "এডিটের অনুমতি দিন",
-  "allow_public_user_to_download": "সাধারণ ব্যবহারকারী ডাউনলোড করতে পারবে",
-  "allow_public_user_to_upload": "সাধারণ ব্যবহারকারী আপলোড করতে পারবে",
-  "anti_clockwise": "বিপরীত দিক",
-  "api_key": "API কী",
-  "api_key_description": "এই মান একবারই দেখানো হবে। উইন্ডো বন্ধ করার আগে অবশ্যই এটি কপি করুন।",
-  "api_key_empty": "API কী-এর নাম খালি রাখা যাবে না",
-  "api_keys": "API কী সমূহ",
-  "app_settings": "অ্যাপ সেটিংস",
-  "appears_in": "v1.106.4 থেকে, অ্যাসেট সাইডবারে ব্যবহার হয় ‘[albums]-এ উপস্থিত’ বোঝাতে",
-  "archive": "আর্কাইভ",
-  "archive_or_unarchive_photo": "ফটো আর্কাইভ অথবা আনআর্কাইভ করুন",
-  "archive_size": "আর্কাইভ সাইজ",
-  "archive_size_description": "ডাউনলোডের আর্কাইভ সাইজ নির্ধারণ করুন (GiB)",
-  "are_these_the_same_person": "এরা কি একই ব্যক্তি?",
-  "are_you_sure_to_do_this": "আপনি কি নিশ্চিত যে আপনি এটি করতে চান?",
-  "asset_added_to_album": "অ্যালবামে যুক্ত করা হয়েছে",
-  "asset_adding_to_album": "অ্যালবামে যুক্ত করা হচ্ছে…",
-  "asset_description_updated": "অ্যাসেটের বিবরণ আপডেট করা হয়েছে",
-  "asset_filename_is_offline": "{filename} অ্যাসেটটি বর্তমানে অফলাইন",
-  "asset_has_unassigned_faces": "অ্যাসেটটির কিছু মুখ অনির্ধারিত ফেস রয়েছে",
-  "asset_hashing": "হ্যাশিং চলছে…",
-  "asset_offline": "অ্যাসেট বর্তমানে অফলাইন",
-  "asset_offline_description": "এই এক্সটার্নাল অ্যাসেটটি এখন ডিস্কে নেই। সহায়তার জন্য Immich অ্যাডমিনিস্ট্রেটরের সাথে যোগাযোগ করুন।",
-  "asset_skipped": "এড়ানো হয়েছে",
-  "asset_skipped_in_trash": "ট্র্যাশে",
-  "asset_uploaded": "আপলোড সম্পন্ন",
-  "asset_uploading": "আপলোড চলছে…",
-  "assets": "অ্যাসেটসমূহ",
-  "assets_added_to_album_count": "অ্যালবামে {count, plural, one {# asset} other {# assets}} যুক্ত করা হয়েছে",
-  "assets_moved_to_trash_count": "{count, plural, one {# asset} other {# assets}} ট্র্যাশে সরানো হয়েছে",
-  "assets_permanently_deleted_count": "{count, plural, one {# asset} other {# assets}} স্থায়ীভাবে মুছে ফেলা হয়েছে",
-  "assets_removed_count": "{count, plural, one {# asset} other {# assets}} সরানো হয়েছে",
-  "assets_restore_confirmation": "আপনি কি সত্যিই আপনার সব ট্র্যাশ করা অ্যাসেট পুনরুদ্ধার করতে চান? এটি পূর্বাবস্থায় ফিরানো যাবে না। তবে অফলাইন অ্যাসেট এইভাবে পুনরুদ্ধার হবে না।",
-  "assets_restored_count": "{count, plural, one {# asset} other {# assets}} পুনরুদ্ধার করা হয়েছে",
-  "assets_trashed_count": "{count, plural, one {# asset} other {# assets}} ট্র্যাশে পাঠানো হয়েছে",
-  "assets_were_part_of_album_count": "{count, plural, one {Asset was} other {Assets were}} আগেই অ্যালবামে যুক্ত ছিল",
-  "authorized_devices": "অনুমোদিত ডিভাইস",
-  "back": "ফিরে যান",
-  "back_close_deselect": "ফিরে যান, বন্ধ করুন বা নির্বাচন বাতিল করুন",
-  "backward": "পিছনে",
-  "birthdate_saved": "জন্ম তারিখ সংরক্ষণ সম্পন্ন",
-  "birthdate_set_description": "একটি ছবির সময়ে ব্যক্তির বয়স গণনার জন্য জন্ম তারিখ ব্যবহার করা হয়।",
-  "blurred_background": "ব্লারড ব্যাকগ্রাউন্ড",
-  "bugs_and_feature_requests": "বাগ ও ফিচার রিকোয়েস্ট",
-  "build": "বিল্ড",
-  "build_image": "বিল্ড ইমেজ",
-  "bulk_delete_duplicates_confirmation": "আপনি কি সত্যিই {count, plural, one {# duplicate asset} other {# duplicate assets}} একসাথে মুছে ফেলতে চান? প্রতিটি গ্রুপের সবচেয়ে বড় অ্যাসেট রাখা হবে, বাকিগুলো স্থায়ীভাবে মুছে যাবে। এটি পূর্বাবস্থায় ফিরানো যাবে না!",
-  "bulk_keep_duplicates_confirmation": "আপনি কি সত্যিই {count, plural, one {# duplicate asset} other {# duplicate assets}} রাখতে চান? সব ডুপ্লিকেট গ্রুপ ঠিক করা হবে, কোনো কিছু মুছে ফেলা হবে না।",
-  "bulk_trash_duplicates_confirmation": "আপনি কি সত্যিই {count, plural, one {# duplicate asset} other {# duplicate assets}} একসাথে ট্র্যাশ করতে চান? প্রতিটি গ্রুপের সবচেয়ে বড় অ্যাসেট রাখা হবে, বাকিগুলো ট্র্যাশে যাবে।",
-  "buy": "Immich ক্রয় করুন",
-  "camera": "ক্যামেরা",
-  "camera_brand": "ক্যামেরা ব্র্যান্ড",
-  "camera_model": "ক্যামেরা মডেল",
-  "cancel": "বাতিল",
-  "cancel_search": "সার্চ বন্ধ করুন",
-  "cannot_merge_people": "ব্যক্তিদের একত্র করা সম্ভব নয়",
-  "cannot_undo_this_action": "এই কাজ পূর্বাবস্থায় ফেরানো যাবে না!",
-  "cannot_update_the_description": "বিবরণ পরিবর্তন সম্ভব নয়",
-  "change_date": "তারিখ পরিবর্তন",
-  "change_expiration_time": "মেয়াদ শেষের সময় পরিবর্তন",
-  "change_location": "লোকেশন পরিবর্তন",
-  "change_name": "নাম পরিবর্তন করুন",
-  "change_name_successfully": "নাম সফলভাবে পরিবর্তন হয়েছে",
-  "change_password": "পাসওয়ার্ড পরিবর্তন করুন",
-  "change_password_description": "আপনি হয়তো প্রথমবার লগইন করছেন বা পাসওয়ার্ড পরিবর্তনের অনুরোধ করেছেন। নিচে নতুন পাসওয়ার্ড দিন।",
-  "change_your_password": "আপনার পাসওয়ার্ড পরিবর্তন করুন",
-  "changed_visibility_successfully": "ভিসিবিলিটি সফলভাবে পরিবর্তন হয়েছে",
-  "check_logs": "লগ দেখুন",
-  "choose_matching_people_to_merge": "একত্র করার জন্য মিল থাকা ব্যক্তিদের নির্বাচন করুন",
-  "city": "শহর",
-  "clear": "মুছুন",
-  "clear_all": "সব মুছুন",
-  "clear_all_recent_searches": "সাম্প্রতিক সব অনুসন্ধান পরিষ্কার করুন",
-  "clear_message": "মেসেজ পরিষ্কার করুন",
-  "clear_value": "ভ্যালু মুছুন",
-  "clockwise": "ঘড়ির কাঁটার দিকে",
-  "close": "বন্ধ",
-  "collapse": "সংকুচিত করুন",
-  "collapse_all": "সব সংকুচিত",
-  "color": "রং",
-  "color_theme": "কালার থিম",
-  "comment_deleted": "মন্তব্য মুছে ফেলা হয়েছে",
-  "comment_options": "মন্তব্য অপশন",
-  "comments_and_likes": "মন্তব্য ও লাইক",
-  "comments_are_disabled": "মন্তব্য বন্ধ করা হয়েছে",
-  "confirm": "নিশ্চিত",
-  "confirm_admin_password": "অ্যাডমিন পাসওয়ার্ড পুনরায় লিখুন",
-  "confirm_delete_shared_link": "আপনি কি নিশ্চিত যে আপনি এই শেয়ার করা লিঙ্কটি মুছে ফেলতে চান?",
-  "confirm_keep_this_delete_others": "স্ট্যাকের এই অ্যাসেট ছাড়া সব অন্যান্য অ্যাসেট মুছে যাবে। আপনি কি নিশ্চিত যে আপনি চালিয়ে যেতে চান?",
-  "confirm_password": "পাসওয়ার্ড পুনরায় লিখুন",
-  "contain": "মাপমত",
-  "context": "প্রসঙ্গ",
-  "continue": "এগিয়ে যান",
-  "copied_image_to_clipboard": "ছবি ক্লিপবোর্ডে কপি হয়েছে।",
-  "copied_to_clipboard": "ক্লিপবোর্ডে কপি হয়েছে!",
-  "copy_error": "Error-টি কপি করুন",
-  "copy_file_path": "ফাইল পাথ কপি",
-  "copy_image": "ছবি কপি",
-  "copy_link": "লিঙ্ক কপি",
-  "copy_link_to_clipboard": "ক্লিপবোর্ডে লিঙ্ক কপি করুন",
-  "copy_password": "পাসওয়ার্ড কপি করুন",
-  "copy_to_clipboard": "ক্লিপবোর্ডে কপি করুন",
-  "country": "দেশ",
-  "cover": "সম্পূর্ণভাবে",
-  "covers": "কভারস",
-  "create": "তৈরি করুন",
-  "create_album": "অ্যালবাম তৈরি",
-  "create_library": "লাইব্রেরি তৈরি",
-  "create_link": "লিঙ্ক তৈরি",
-  "create_link_to_share": "শেয়ার লিঙ্ক তৈরি",
-  "create_link_to_share_description": "লিঙ্কের মাধ্যমে সবাই নির্বাচিত ছবি দেখতে পারবে",
-  "create_new_person": "নতুন ব্যক্তি যোগ করুন",
-  "create_new_person_hint": "নির্বাচিত অ্যাসেট নতুন ব্যক্তির সঙ্গে যুক্ত করুন",
-  "create_new_user": "নতুন ব্যবহারকারী যোগ করুন",
-  "create_tag": "ট্যাগ তৈরি",
-  "create_tag_description": "নতুন ট্যাগ তৈরি করুন। নেস্টেড ট্যাগের ক্ষেত্রে সম্পূর্ণ পাথ - ফরওয়ার্ড স্ল্যাশসহ দিন।",
-  "create_user": "ব্যবহারকারী যোগ করুন",
-  "created": "যোগ করা হয়েছে",
-  "current_device": "চলতি ডিভাইস",
-  "custom_locale": "কাস্টম লোকেল",
-  "custom_locale_description": "নির্বাচিত ভাষা এবং অঞ্চলের ভিত্তিতে তারিখ, সময় এবং সংখ্যা ফরম্যাট করুন",
-  "dark": "ডার্ক",
-  "date_after": "এর পরের তারিখ",
-  "date_and_time": "তারিখ এবং সময়",
-  "date_before": "এর আগের তারিখ",
-  "date_of_birth_saved": "জন্ম তারিখ সফলভাবে সংরক্ষণ করা হয়েছে",
-  "delete": "মুছুন",
-  "delete_album": "অ্যালবাম মুছুন",
-  "delete_api_key_prompt": "আপনি কি সত্যিই এই API key মুছে ফেলতে চান?",
-  "delete_duplicates_confirmation": "আপনি কি সত্যিই এই ডুপ্লিকেটগুলো স্থায়ীভাবে মুছতে চান?",
-  "delete_key": "key মুছুন",
-  "delete_library": "লাইব্রেরি মুছুন",
-  "delete_link": "লিঙ্ক মুছুন",
-  "delete_others": "বাকিগুলো মুছুন",
-  "delete_shared_link": "শেয়ার করা লিঙ্ক মুছুন",
-  "delete_tag": "ট্যাগ মুছুন",
-  "delete_tag_confirmation_prompt": "আপনি কি নিশ্চিতভাবে {tagName} ট্যাগটি মুছতে চান?",
-  "delete_user": "ইউজার মুছুন",
-  "deleted_shared_link": "শেয়ার করা লিঙ্কটি মুছুন",
-  "deletes_missing_assets": "ডিস্ক থেকে হারানো অ্যাসেটগুলো মুছে",
-  "description": "বিবরন",
-  "details": "বিস্তারিত",
-  "direction": "দিকনির্দেশনা",
-  "disabled": "নিষ্ক্রিয়",
-  "disallow_edits": "সম্পাদনা করার অনুমতি দেবেন না",
-  "discord": "ডিসকর্ড",
-  "discover": "ডিসকভার",
-  "dismiss_all_errors": "সব ত্রুটি বাতিল করুন",
-  "dismiss_error": "ত্রুটি বাতিল করুন",
-  "display_options": "ডিসপ্লে অপশন",
-  "display_order": "ডিসপ্লে অর্ডার",
-  "display_original_photos": "অরিজিনাল ছবি দেখান",
-  "display_original_photos_setting_description": "অরিজিনাল অ্যাসেটটি ওয়েব-সামঞ্জস্যপূর্ণ (web-compatible) হলে অ্যাসেট দেখার সময় থাম্বনেইলের পরিবর্তে মূল ফটোটি প্রদর্শন করতে অগ্রাধিকার দিন। এর ফলে ফটো প্রদর্শনের গতি কিছুটা ধীর হতে পারে।",
-  "do_not_show_again": "এই মেসেজটি আর দেখাবেন না",
-  "documentation": "সহায়ক নির্দেশিকা",
-  "done": "সম্পন্ন",
-  "download": "ডাউনলোড",
-  "download_include_embedded_motion_videos": "এমবেডেড ভিডিও",
-  "download_include_embedded_motion_videos_description": "মোশন ফটোর (motion photos) মধ্যে থাকা ভিডিওগুলোকে আলাদা ফাইল হিসেবে অন্তর্ভুক্ত করুন",
-  "download_settings": "ডাউনলোড",
-  "download_settings_description": "অ্যাসেট ডাউনলোডের সেটিংস পরিচালনা করুন",
-  "open_in_browser": "ব্রাউজারে ওপেন করুন",
  "user_usage_stats": "অ্যাকাউন্ট ব্যবহারের পরিসংখ্যান",
  "user_usage_stats_description": "অ্যাকাউন্ট ব্যবহারের পরিসংখ্যান দেখুন",
  "yes": "হ্যাঁ",
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .15.0
 .13.1