fix(mobile): only toggle backup from the switch, not the whole row (#29236 )

tapping anywhere on the enable backup row flipped backup on or off, so it was easy to toggle by accident. now only the switch does it.
feat: ultimate plugin type safety (#29340 )
2026-06-26 08:24:29 -07:00 · 2026-06-26 20:00:08 +05:30 · 2026-06-26 16:27:19 +02:00 · 2026-06-26 16:16:38 +02:00 · 2026-06-26 16:08:45 +02:00 · 2026-06-26 10:28:52 +00:00
28 changed files with 439 additions and 322 deletions
@@ -14,6 +14,8 @@ Under Email, enter the required details to connect with an SMTP server.

 You can use [this guide](/guides/smtp-gmail) to use Gmail's SMTP server.

+You can use [this guide](/guides/smtp-microsoft365) to use Microsoft's SMTP server.
+
 ## User's notifications settings

 Users can manage their email notification settings from their account settings page on the web. They can choose to turn email notifications on or off for the following events:
@@ -0,0 +1,19 @@
+# SMTP settings using Microsoft 365
+
+This guide walks you through how to get the information you need to set up your Immich instance to send emails using Microsoft's SMTP server.
+
+## Create an app password
+
+You will need to generate an app password to use your Microsoft email in Immich. Depending on if you have a personal or business account, you can use https://go.microsoft.com/fwlink/?linkid=2274139 or https://myaccount.microsoft.com/securtiy-info respectively.
+
+## Entering the SMTP credential in Immich
+
+Entering your credential in Immich's email notification settings at `Administration -> Settings -> Notification Settings`
+
+Host: smtp-mail.outlook.com
+Port: 587
+username: your mail address
+Password: app password you created earlier
+SMTPS: set it to disabled
+
+<img src={require('./img/email-ms-settings.webp').default} width="80%" title="SMTP settings" />
@@ -106,65 +106,57 @@ class BackupToggleButtonState extends ConsumerState<BackupToggleButton> with Sin
              borderRadius: const BorderRadius.all(Radius.circular(18.5)),
              color: context.colorScheme.surfaceContainerLow,
            ),
-            child: Material(
-              color: context.colorScheme.surfaceContainerLow,
-              borderRadius: const BorderRadius.all(Radius.circular(20.5)),
-              child: InkWell(
-                borderRadius: const BorderRadius.all(Radius.circular(20.5)),
-                onTap: () => _onToggle(!_isEnabled),
-                child: Padding(
-                  padding: const EdgeInsets.symmetric(horizontal: 20, vertical: 16),
-                  child: Row(
-                    children: [
-                      Container(
-                        padding: const EdgeInsets.all(8),
-                        decoration: BoxDecoration(
-                          shape: BoxShape.circle,
-                          gradient: LinearGradient(
-                            colors: [
-                              context.primaryColor.withValues(alpha: 0.2),
-                              context.primaryColor.withValues(alpha: 0.1),
-                            ],
-                          ),
-                        ),
-                        child: isProcessing
-                            ? const SizedBox(width: 24, height: 24, child: CircularProgressIndicator(strokeWidth: 2))
-                            : Icon(Icons.cloud_upload_outlined, color: context.primaryColor, size: 24),
+            child: Padding(
+              padding: const EdgeInsets.symmetric(horizontal: 20, vertical: 16),
+              child: Row(
+                children: [
+                  Container(
+                    padding: const EdgeInsets.all(8),
+                    decoration: BoxDecoration(
+                      shape: BoxShape.circle,
+                      gradient: LinearGradient(
+                        colors: [
+                          context.primaryColor.withValues(alpha: 0.2),
+                          context.primaryColor.withValues(alpha: 0.1),
+                        ],
                      ),
-                      const SizedBox(width: 16),
-                      Expanded(
-                        child: Column(
-                          crossAxisAlignment: CrossAxisAlignment.start,
+                    ),
+                    child: isProcessing
+                        ? const SizedBox(width: 24, height: 24, child: CircularProgressIndicator(strokeWidth: 2))
+                        : Icon(Icons.cloud_upload_outlined, color: context.primaryColor, size: 24),
+                  ),
+                  const SizedBox(width: 16),
+                  Expanded(
+                    child: Column(
+                      crossAxisAlignment: CrossAxisAlignment.start,
+                      children: [
+                        Row(
+                          crossAxisAlignment: CrossAxisAlignment.center,
                          children: [
-                            Row(
-                              crossAxisAlignment: CrossAxisAlignment.center,
-                              children: [
-                                Flexible(
-                                  child: Text(
-                                    "enable_backup".t(context: context),
-                                    style: context.textTheme.titleMedium?.copyWith(
-                                      fontWeight: FontWeight.w600,
-                                      color: context.primaryColor,
-                                    ),
-                                  ),
-                                ),
-                              ],
-                            ),
-                            if (errorCount > 0)
-                              Padding(
-                                padding: const EdgeInsets.only(top: 2),
-                                child: Text(
-                                  "upload_error_with_count".t(context: context, args: {'count': '$errorCount'}),
-                                  style: context.textTheme.labelMedium?.copyWith(color: context.colorScheme.error),
+                            Flexible(
+                              child: Text(
+                                "enable_backup".t(context: context),
+                                style: context.textTheme.titleMedium?.copyWith(
+                                  fontWeight: FontWeight.w600,
+                                  color: context.primaryColor,
                                ),
                              ),
+                            ),
                          ],
                        ),
-                      ),
-                      Switch.adaptive(value: _isEnabled, onChanged: (value) => _onToggle(value)),
-                    ],
+                        if (errorCount > 0)
+                          Padding(
+                            padding: const EdgeInsets.only(top: 2),
+                            child: Text(
+                              "upload_error_with_count".t(context: context, args: {'count': '$errorCount'}),
+                              style: context.textTheme.labelMedium?.copyWith(color: context.colorScheme.error),
+                            ),
+                          ),
+                      ],
+                    ),
                  ),
-                ),
+                  Switch.adaptive(value: _isEnabled, onChanged: (value) => _onToggle(value)),
+                ],
              ),
            ),
          ),
@@ -16252,7 +16252,7 @@
    },
    {
      "name": "Faces",
-      "description": "A face is a detected human face within an asset, which can be associated with a person. Faces are normally detected via machine learning, but can also be created via manually."
+      "description": "A face is a detected human face within an asset, which can be associated with a person. Faces are normally detected via machine learning, but can also be created manually."
    },
    {
      "name": "Integrity (admin)",
@@ -233,12 +233,6 @@
        }
      }
    },
-    {
-      "name": "assetTimeline",
-      "title": "Move to timeline",
-      "description": "Change visibility to timeline",
-      "types": ["AssetV1"]
-    },
    {
      "name": "assetVisibility",
      "title": "Update visibility",
@@ -301,100 +295,38 @@
      }
    },
    {
-      "name": "noop1",
-      "title": "DEV: Nested properties",
-      "description": "Example configuration with nested properties",
+      "name": "webhook",
+      "title": "Trigger Webhook",
+      "description": "POST/PUT event data to any URL",
      "types": ["AssetV1"],
+      "hostFunctions": true,
+      "allowedHosts": ["*"],
      "schema": {
        "type": "object",
        "properties": {
-          "number1": {
-            "type": "number",
-            "title": "Number 1",
-            "description": "Basic number"
-          },
-          "number2": {
-            "type": "number",
-            "title": "Number 2",
-            "array": true,
-            "description": "List of numbers"
-          },
-          "string1": {
+          "url": {
            "type": "string",
-            "title": "String 1",
-            "description": "Basic string"
+            "title": "URL",
+            "description": "Event data will be PUT/POSTed to this URL as a JSON object"
          },
-          "string2": {
+          "headerName": {
            "type": "string",
-            "title": "String 2",
-            "array": true,
-            "description": "List of strings"
+            "title": "Header name",
+            "description": "The name of an additional header to include with the request (e.g. authentication)"
          },
-          "string3": {
+          "headerValue": {
            "type": "string",
-            "title": "String 3",
-            "enum": ["choice-1", "choice-2"],
-            "description": "Select from a list"
+            "title": "Header value",
+            "description": "The value of the additional header"
          },
-          "nested": {
-            "type": "object",
-            "title": "Nested",
-            "description": "Nested properties for nesting",
-            "properties": {
-              "nested1": {
-                "type": "string",
-                "title": "Nested 1",
-                "description": "Nested string"
-              },
-              "nested2": {
-                "type": "number",
-                "title": "Nested 2",
-                "description": "Nested number"
-              },
-              "nested3": {
-                "type": "object",
-                "title": "Nested 3",
-                "description": "Nested again",
-                "properties": {
-                  "nested4": {
-                    "type": "boolean",
-                    "title": "Nested 4",
-                    "description": "Nested, nested boolean"
-                  }
-                }
-              }
-            }
+          "method": {
+            "type": "string",
+            "title": "Method",
+            "description": "The HTTP method to use in the request",
+            "enum": ["POST", "PUT"]
          }
-        }
-      }
-    },
-    {
-      "name": "noop2",
-      "title": "DEV: Album pickers",
-      "description": "Example configuration with album pickers",
-      "types": ["AssetV1"],
-      "schema": {
-        "properties": {
-          "albumId": {
-            "type": "string",
-            "title": "Album ID",
-            "description": "Target album ID",
-            "uiHint": {
-              "type": "AlbumId",
-              "order": 1
-            }
-          },
-          "albumIds": {
-            "type": "string",
-            "title": "Album IDs",
-            "description": "Target album IDs",
-            "array": true,
-            "uiHint": {
-              "type": "AlbumId",
-              "order": 2
-            }
-          }
-        }
+        },
+        "required": ["url"]
      }
    }
  ]
@@ -5,8 +5,8 @@
  "main": "src/index.ts",
  "scripts": {
    "build": "pnpm build:tsc && pnpm build:wasm",
-    "build:tsc": "mkdir -p dist && echo \"type Manifest = $(cat manifest.json); \nexport default Manifest;\" > dist/manifest.d.ts && tsc --noEmit && node esbuild.js",
-    "build:wasm": "extism-js dist/index.js -i src/index.d.ts -o dist/plugin.wasm"
+    "build:tsc": "plugin-sdk prepareBuild && tsc --noEmit && node esbuild.js",
+    "build:wasm": "extism-js dist/index.js -i dist/index.d.ts -o dist/plugin.wasm"
  },
  "keywords": [],
  "author": "",
@@ -1,27 +0,0 @@
-// keep in sync with plugin-sdk/host-functions.ts';
-declare module 'extism:host' {
-  interface user {
-    searchAlbums(ptr: PTR): I64;
-    createAlbum(ptr: PTR): I64;
-    addAssetsToAlbum(ptr: PTR): I64;
-    addAssetsToAlbums(ptr: PTR): I64;
-  }
-}
-
-// keep in sync with manifest.json
-declare module 'main' {
-  // filters
-  export function assetFileFilter(): I32;
-  export function assetMissingTimeZoneFilter(): I32;
-  export function assetLocationFilter(): I32;
-  export function assetTypeFilter(): I32;
-
-  // updates
-  export function assetFavorite(): I32;
-  export function assetVisibility(): I32;
-  export function assetArchive(): I32;
-  export function assetLock(): I32;
-  export function assetTimeline(): I32;
-  // export function assetTrash(): I32;
-  export function assetAddToAlbums(): I32;
-}
@@ -1,11 +1,59 @@
-import { getWrapper } from '@immich/plugin-sdk';
+import { wrapper } from '@immich/plugin-sdk';
 import { AssetVisibility } from '@immich/sdk';
-import type manifestType from '../dist/manifest';
+import type { Manifest } from '../dist/index.d.ts';

-const wrapper = getWrapper<manifestType>();
+const methods = wrapper<Manifest>({
+  assetAddToAlbums: ({ config, data, functions }) => {
+    const assetId = data.asset.id;

-export const assetFileFilter = () => {
-  return wrapper<'assetFileFilter'>(({ data, config }) => {
+    if (config.albumIds.length === 0) {
+      if (!config.albumName) {
+        return {};
+      }
+
+      const [existing] = functions.searchAlbums({ name: config.albumName });
+      if (!existing) {
+        const created = functions.createAlbum({ albumName: config.albumName, assetIds: [assetId] });
+        config.albumIds.push(created.id);
+        return {};
+      }
+
+      config.albumIds.push(existing.id);
+    }
+
+    if (config.albumIds.length === 1) {
+      functions.addAssetsToAlbum(config.albumIds[0], [assetId]);
+      return {};
+    }
+
+    functions.addAssetsToAlbums({ albumIds: config.albumIds, assetIds: [assetId] });
+    return {};
+  },
+
+  assetArchive: ({ config, data }) => {
+    if (!config.inverse && data.asset.visibility !== AssetVisibility.Archive) {
+      return { changes: { asset: { visibility: AssetVisibility.Archive } } };
+    }
+
+    if (config.inverse && data.asset.visibility === AssetVisibility.Archive) {
+      return { changes: { asset: { visibility: AssetVisibility.Timeline } } };
+    }
+
+    return {};
+  },
+
+  assetFavorite: ({ config, data }) => {
+    const target = config.inverse ? false : true;
+    if (target !== data.asset.isFavorite) {
+      return {
+        changes: {
+          asset: { isFavorite: target },
+        },
+      };
+    }
+  },
+
+  assetFileFilter: ({ data, config }) => {
    const { pattern, matchType = 'contains', caseSensitive = false } = config;

    const { asset } = data;
@@ -37,19 +85,9 @@ export const assetFileFilter = () => {
        return {};
      }
    }
-  });
-};
+  },

-export const assetMissingTimeZoneFilter = () => {
-  return wrapper<'assetMissingTimeZoneFilter'>(({ config, data }) => {
-    const hasTimeZone = !!data.asset?.exifInfo?.timeZone;
-    const needsTimeZone = config.inverse ? true : false;
-    return { workflow: { continue: hasTimeZone === needsTimeZone } };
-  });
-};
-
-export const assetLocationFilter = () => {
-  return wrapper<'assetLocationFilter'>(({ config, data }) => {
+  assetLocationFilter: ({ config, data }) => {
    if (
      (config.region?.country && config.region.country !== data.asset.exifInfo?.country) ||
      (config.region?.state && config.region.state !== data.asset.exifInfo?.state) ||
@@ -84,50 +122,9 @@ export const assetLocationFilter = () => {
    );

    return { workflow: { continue: earthDiameter * delta <= (config.coordinate?.radius ?? 0) } };
-  });
-};
+  },

-export const assetTypeFilter = () => {
-  return wrapper<'assetTypeFilter'>(({ config, data }) => {
-    return { workflow: { continue: config.allowedTypes.includes(data.asset.type) } };
-  });
-};
-
-export const assetFavorite = () => {
-  return wrapper<'assetFavorite'>(({ config, data }) => {
-    const target = config.inverse ? false : true;
-    if (target !== data.asset.isFavorite) {
-      return {
-        changes: {
-          asset: { isFavorite: target },
-        },
-      };
-    }
-  });
-};
-
-export const assetVisibility = () => {
-  return wrapper<'assetVisibility'>(({ config }) => ({
-    changes: { asset: { visibility: config.visibility as AssetVisibility } },
-  }));
-};
-
-export const assetArchive = () => {
-  return wrapper<'assetArchive'>(({ config, data }) => {
-    if (!config.inverse && data.asset.visibility !== AssetVisibility.Archive) {
-      return { changes: { asset: { visibility: AssetVisibility.Archive } } };
-    }
-
-    if (config.inverse && data.asset.visibility === AssetVisibility.Archive) {
-      return { changes: { asset: { visibility: AssetVisibility.Timeline } } };
-    }
-
-    return {};
-  });
-};
-
-export const assetLock = () => {
-  return wrapper<'assetLock'>(({ config, data }) => {
+  assetLock: ({ config, data }) => {
    if (!config.inverse && data.asset.visibility !== AssetVisibility.Locked) {
      return { changes: { asset: { visibility: AssetVisibility.Locked } } };
    }
@@ -137,39 +134,68 @@ export const assetLock = () => {
    }

    return {};
-  });
-};
+  },

-// export const assetTrash = () => {
-//   // TODO use trash/untrash host functions
-//   return wrapper<WorkflowType.AssetV1, { inverse?: boolean }>(() => ({}));
-// };
+  assetMissingTimeZoneFilter: ({ config, data }) => {
+    const hasTimeZone = !!data.asset?.exifInfo?.timeZone;
+    const needsTimeZone = config.inverse ? true : false;
+    return { workflow: { continue: hasTimeZone === needsTimeZone } };
+  },

-export const assetAddToAlbums = () => {
-  return wrapper<'assetAddToAlbums'>(({ config, data, functions }) => {
-    const assetId = data.asset.id;
+  assetTypeFilter: ({ config, data }) => {
+    return { workflow: { continue: config.allowedTypes.includes(data.asset.type) } };
+  },

-    if (config.albumIds.length === 0) {
-      if (!config.albumName) {
-        return {};
-      }
+  assetVisibility: ({ config }) => ({
+    changes: { asset: { visibility: config.visibility as AssetVisibility } },
+  }),

-      const [existing] = functions.searchAlbums({ name: config.albumName });
-      if (!existing) {
-        const created = functions.createAlbum({ albumName: config.albumName, assetIds: [assetId] });
-        config.albumIds.push(created.id);
-        return {};
-      }
+  webhook: ({ config, data, functions }) => {
+    const headers: Record<string, string> = {
+      'Content-Type': 'application/json',
+    };

-      config.albumIds.push(existing.id);
+    if (config.headerName && config.headerValue) {
+      headers[config.headerName] = config.headerValue;
    }

-    if (config.albumIds.length === 1) {
-      functions.addAssetsToAlbum(config.albumIds[0], [assetId]);
-      return {};
-    }
+    functions.httpRequest(config.url, {
+      method: config.method ?? 'POST',
+      body: JSON.stringify(data.asset),
+      headers,
+    });

-    functions.addAssetsToAlbums({ albumIds: config.albumIds, assetIds: [assetId] });
    return {};
-  });
+  },
+});
+
+const {
+  assetAddToAlbums,
+  assetArchive,
+  assetFavorite,
+  assetFileFilter,
+  assetLocationFilter,
+  assetLock,
+  assetMissingTimeZoneFilter,
+  assetTypeFilter,
+  assetVisibility,
+  webhook,
+
+  // should be empty. ensures that every field is destructured
+  ...rest
+} = methods;
+
+export {
+  assetAddToAlbums,
+  assetArchive,
+  assetFavorite,
+  assetFileFilter,
+  assetLocationFilter,
+  assetLock,
+  assetMissingTimeZoneFilter,
+  assetTypeFilter,
+  assetVisibility,
+  webhook,
 };
+
+'All methods must be destructured and exported' satisfies string & typeof rest;
@@ -4,7 +4,7 @@
    "declaration": true,
    "emitDeclarationOnly": true,
    "esModuleInterop": true, // Enables compatibility with Babel-style module imports
-    "lib": ["es2020"], // Specify a list of library files to be included in the compilation
+    "lib": ["es2020", "DOM"], // Specify a list of library files to be included in the compilation
    "module": "nodenext", // Specify module code generation
    "moduleResolution": "nodenext",
    "noEmit": true, // Do not emit outputs (no .js or .d.ts files)
@@ -13,7 +13,7 @@
    "skipLibCheck": true, // Skip type checking of declaration files
    "strict": true, // Enable all strict type-checking options
    "target": "es2020", // Specify ECMAScript target version
-    "types": ["./src/index.d.ts", "./node_modules/@extism/js-pdk"] // Specify a list of type definition files to be included in the compilation
+    "types": ["./dist/index.d.ts", "./node_modules/@extism/js-pdk"] // Specify a list of type definition files to be included in the compilation
  },
  "exclude": [
    "node_modules" // Exclude the node_modules directory
@@ -1,11 +1,12 @@
 import esbuild from 'esbuild';

 esbuild.build({
-  entryPoints: ['src/index.ts'],
+  entryPoints: ['src/index.ts', 'src/cli.ts'],
  outdir: 'dist',
  bundle: true,
  sourcemap: false,
  minify: false,
  format: 'esm',
+  platform: 'node',
  target: ['es2020'],
 });
@@ -21,6 +21,9 @@
  "files": [
    "dist"
  ],
+  "bin": {
+    "plugin-sdk": "./plugin-sdk.mjs"
+  },
  "keywords": [],
  "author": "",
  "license": "GNU Affero General Public License version 3",
@@ -35,5 +38,8 @@
  },
  "peerDependencies": {
    "@extism/js-pdk": "^1.1.1"
+  },
+  "dependencies": {
+    "commander": "^15.0.0"
  }
 }
@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+import "./dist/cli.js";
@@ -0,0 +1,43 @@
+import { Command } from 'commander';
+import { mkdirSync, readFileSync, writeFileSync } from 'node:fs';
+import { dirname } from 'node:path';
+import { availableFunctions } from 'src/host-functions.js';
+
+const program = new Command('plugin-sdk');
+
+program
+  .command('prepareBuild')
+  .description('Generate .d.ts file required for extism')
+  .argument(
+    '[manifest]',
+    "Path to the plugins's manifest file",
+    'manifest.json',
+  )
+  .option('-o --output', 'Output file for generated types', 'dist/index.d.ts')
+  .action((manifest: string, { output }) => {
+    const content = readFileSync(manifest, { encoding: 'utf-8' });
+    const methods = (
+      JSON.parse(content) as { methods: { name: string }[] }
+    ).methods.map(({ name }) => name);
+    mkdirSync(dirname(output), { recursive: true });
+
+    writeFileSync(
+      output,
+      `
+declare module 'extism:host' {
+  interface user {
+${availableFunctions.map((functionName) => `    ${functionName}(ptr: PTR): I64;`).join('\n')}
+  }
+}
+
+declare module 'main' {
+${methods.map((method) => `  export function ${method}(): I32;`).join('\n')}
+}
+
+export type Manifest = ${content};
+
+      `,
+    );
+  });
+
+program.parse();
@@ -6,14 +6,11 @@ import {
  type CreateAlbumDto,
 } from '@immich/sdk';

-// keep in sync with plugin-core/src/index.d.ts';
 declare module 'extism:host' {
-  interface user {
-    searchAlbums(ptr: PTR): I64;
-    createAlbum(ptr: PTR): I64;
-    addAssetsToAlbum(ptr: PTR): I64;
-    addAssetsToAlbums(ptr: PTR): I64;
-  }
+  interface user extends Record<
+    (typeof availableFunctions)[number],
+    (ptr: PTR) => I64
+  > {}
 }

 type AlbumsToAssets = {
@@ -33,6 +30,24 @@ type HostFunctionResult<T> =

 type QueryParams<T extends (...args: any) => any> = Parameters<T>[0];
 type AlbumSearchDto = QueryParams<typeof getAllAlbums>;
+type HttpRequestOptions = {
+  method?: string;
+  headers?: Record<string, string>;
+  body?: string;
+};
+type HttpResponse = {
+  ok: string;
+  status: number;
+  body: string;
+};
+
+export const availableFunctions = [
+  'searchAlbums',
+  'createAlbum',
+  'addAssetsToAlbum',
+  'addAssetsToAlbums',
+  'httpRequest',
+] as const;

 export const hostFunctions = (authToken: string) => {
  const host = Host.getFunctions();
@@ -75,5 +90,11 @@ export const hostFunctions = (authToken: string) => {
      ),
    addAssetsToAlbums: ({ assetIds, albumIds }: AlbumsToAssets) =>
      call('addAssetsToAlbums', authToken, [{ albumIds, assetIds }]),
-  };
+    httpRequest: (url: string, options?: HttpRequestOptions) =>
+      call<[string, HttpRequestOptions | undefined], HttpResponse>(
+        'httpRequest',
+        authToken,
+        [url, options],
+      ),
+  } satisfies Record<(typeof availableFunctions)[number], unknown>;
 };
@@ -1,4 +1,3 @@
-import type { WorkflowType } from '@immich/sdk';
 import { hostFunctions } from 'src/host-functions.js';
 import type {
  WorkflowEventPayload,
@@ -53,52 +52,56 @@ type ConfigValue<
      'required' extends keyof T ? T['required'] : undefined
    >['properties'];

-export const getWrapper =
-  <T extends Record<string, any>>() =>
-  <
-    K extends T['methods'][number]['name'],
-    L extends WorkflowType = (T['methods'][number] & {
-      name: K;
-    })['types'][number],
-    TConfig = ConfigValue<(T['methods'][number] & { name: K })['schema']>,
-  >(
-    fn: (
-      payload: WorkflowEventPayload<L, TConfig> & {
-        functions: ReturnType<typeof hostFunctions>;
-      },
-    ) => WorkflowResponse<L> | undefined,
-  ) => {
-    const input = Host.inputString();
+export const wrapper = <T extends Record<string, any>>(methods: {
+  [K in T['methods'][number] as K['name']]: (
+    payload: WorkflowEventPayload<
+      K['types'][number],
+      ConfigValue<K['schema']>
+    > & {
+      functions: ReturnType<typeof hostFunctions>;
+    },
+  ) => WorkflowResponse<K['types'][number]> | undefined;
+}) => {
+  const result: { [K in keyof typeof methods]: () => void } = {} as never;
+  for (const name of Object.keys(methods) as (keyof typeof methods)[]) {
+    result[name] = () => {
+      const input = Host.inputString();

-    try {
-      const payload = JSON.parse(input) as WorkflowEventPayload<K, TConfig>;
-      const event = {
-        ...payload,
-        functions: hostFunctions(payload.workflow.authToken),
-      };
+      try {
+        const payload = JSON.parse(input) as WorkflowEventPayload<
+          typeof name,
+          (T['methods'][number]['name'] & { name: typeof name })['schema']
+        >;
+        const event = {
+          ...payload,
+          functions: hostFunctions(payload.workflow.authToken),
+        };

-      const eventConfigBefore = JSON.stringify(event.config);
+        const eventConfigBefore = JSON.stringify(event.config);

-      console.debug(
-        `Inputs: trigger=${event.trigger}, event=${event.type}, config=${eventConfigBefore}`,
-      );
+        console.debug(
+          `Inputs: trigger=${event.trigger}, event=${String(event.type)}, config=${eventConfigBefore}`,
+        );

-      const response = fn(event) ?? {};
+        const response = methods[name](event) ?? {};

-      // if config changed, notify host
-      const eventConfigAfter = JSON.stringify(event.config);
-      if (!response.config && eventConfigBefore !== eventConfigAfter) {
-        response.config = event.config as WorkflowStepConfig;
+        // if config changed, notify host
+        const eventConfigAfter = JSON.stringify(event.config);
+        if (!response.config && eventConfigBefore !== eventConfigAfter) {
+          response.config = event.config as WorkflowStepConfig;
+        }
+
+        console.debug(
+          `Outputs: workflow=${JSON.stringify(response.workflow)}, changes=${JSON.stringify(response.changes)}, data=${JSON.stringify(response.data)}, config=${JSON.stringify(response.config)}`,
+        );
+
+        const output = JSON.stringify(response);
+        Host.outputString(output);
+      } catch (error: Error | any) {
+        console.error(`Unhandled plugin exception: ${error.message || error}`);
+        throw error;
      }
-
-      console.debug(
-        `Outputs: workflow=${JSON.stringify(response.workflow)}, changes=${JSON.stringify(response.changes)}, data=${JSON.stringify(response.data)}, config=${JSON.stringify(response.config)}`,
-      );
-
-      const output = JSON.stringify(response);
-      Host.outputString(output);
-    } catch (error: Error | any) {
-      console.error(`Unhandled plugin exception: ${error.message || error}`);
-      throw error;
-    }
-  };
+    };
+  }
+  return result;
+};
@@ -336,6 +336,10 @@ importers:
        version: 6.0.3

  packages/plugin-sdk:
+    dependencies:
+      commander:
+        specifier: ^15.0.0
+        version: 15.0.0
    devDependencies:
      '@extism/js-pdk':
        specifier: ^1.1.1
@@ -155,7 +155,7 @@ export const endpointTags: Record<ApiTag, string> = {
  [ApiTag.Download]: 'Endpoints for downloading assets or collections of assets.',
  [ApiTag.Duplicates]: 'Endpoints for managing and identifying duplicate assets.',
  [ApiTag.Faces]:
-    'A face is a detected human face within an asset, which can be associated with a person. Faces are normally detected via machine learning, but can also be created via manually.',
+    'A face is a detected human face within an asset, which can be associated with a person. Faces are normally detected via machine learning, but can also be created manually.',
  [ApiTag.Integrity]: 'Endpoints for viewing and managing integrity reports.',
  [ApiTag.Jobs]:
    'Queues and background jobs are used for processing tasks asynchronously. Queues can be paused and resumed as needed.',
@@ -368,6 +368,7 @@ export const columns = {
    'plugin_method.types',
    'plugin_method.schema',
    'plugin_method.hostFunctions',
+    'plugin_method.allowedHosts',
    'plugin_method.uiHints',
  ],
  syncAsset: [
@@ -18,6 +18,11 @@ const PluginManifestMethodSchema = z
    description: z.string().min(1).describe('Method description'),
    types: z.array(WorkflowTypeSchema).min(1).describe('Workflow type'),
    hostFunctions: z.boolean().optional().default(false).describe('Method uses host functions'),
+    allowedHosts: z
+      .array(z.string())
+      .optional()
+      .default([])
+      .describe('Hostnames the method can access (use * for wildcards)'),
    schema: PluginManifestMethodSchemaSchema.describe('Schema'),
    uiHints: z.array(z.string()).optional().describe('Ui hints, for example "filter"'),
  })
@@ -48,6 +48,7 @@ select
          "plugin_method"."types",
          "plugin_method"."schema",
          "plugin_method"."hostFunctions",
+          "plugin_method"."allowedHosts",
          "plugin_method"."uiHints",
          "plugin"."name" as "pluginName"
        from
@@ -84,6 +85,7 @@ select
          "plugin_method"."types",
          "plugin_method"."schema",
          "plugin_method"."hostFunctions",
+          "plugin_method"."allowedHosts",
          "plugin_method"."uiHints",
          "plugin"."name" as "pluginName"
        from
@@ -120,6 +122,7 @@ select
          "plugin_method"."types",
          "plugin_method"."schema",
          "plugin_method"."hostFunctions",
+          "plugin_method"."allowedHosts",
          "plugin_method"."uiHints",
          "plugin"."name" as "pluginName"
        from
@@ -156,6 +159,7 @@ select
          "plugin_method"."types",
          "plugin_method"."schema",
          "plugin_method"."hostFunctions",
+          "plugin_method"."allowedHosts",
          "plugin_method"."uiHints",
          "plugin"."name" as "pluginName"
        from
@@ -190,6 +194,7 @@ select
  "plugin_method"."types",
  "plugin_method"."schema",
  "plugin_method"."hostFunctions",
+  "plugin_method"."allowedHosts",
  "plugin_method"."uiHints"
 from
  "plugin_method"
@@ -80,7 +80,8 @@ select
          "plugin_method"."pluginId" as "pluginId",
          "plugin_method"."name" as "methodName",
          "plugin_method"."types" as "types",
-          "plugin_method"."hostFunctions"
+          "plugin_method"."hostFunctions",
+          "plugin_method"."allowedHosts"
        from
          "workflow_step"
          inner join "plugin_method" on "plugin_method"."id" = "workflow_step"."pluginMethodId"
@@ -190,6 +190,7 @@ export class PluginRepository {
                  description: ref('excluded.description'),
                  types: ref('excluded.types'),
                  hostFunctions: ref('excluded.hostFunctions'),
+                  allowedHosts: ref('excluded.allowedHosts'),
                  uiHints: ref('excluded.uiHints'),
                  schema: ref('excluded.schema'),
                })),
@@ -240,7 +241,7 @@ export class PluginRepository {
    }
  }

-  async callMethod<T>({ pluginKey, methodName }: PluginMethod, input: unknown) {
+  async callMethod<T>({ pluginKey, methodName }: PluginMethod, input: unknown, context?: unknown) {
    const item = this.pluginMap.get(pluginKey);
    if (!item) {
      throw new Error(`No loaded plugin found for ${pluginKey}`);
@@ -251,7 +252,7 @@ export class PluginRepository {
    try {
      const plugin = await pool.acquire();
      try {
-        const result = await plugin.call(methodName, JSON.stringify(input));
+        const result = await plugin.call(methodName, JSON.stringify(input), context);
        return (result ? result.json() : result) as T;
      } finally {
        await pool.release(plugin);
@@ -79,6 +79,7 @@ export class WorkflowRepository {
              'plugin_method.name as methodName',
              'plugin_method.types as types',
              'plugin_method.hostFunctions',
+              'plugin_method.allowedHosts',
            ]),
        ).as('steps'),
      ])
@@ -0,0 +1,9 @@
+import { Kysely, sql } from 'kysely';
+
+export async function up(db: Kysely<any>): Promise<void> {
+  await sql`ALTER TABLE "plugin_method" ADD "allowedHosts" character varying[] NOT NULL DEFAULT '{}';`.execute(db);
+}
+
+export async function down(db: Kysely<any>): Promise<void> {
+  await sql`ALTER TABLE "plugin_method" DROP COLUMN "allowedHosts";`.execute(db);
+}
@@ -27,6 +27,9 @@ export class PluginMethodTable {
  @Column({ type: 'boolean', default: false })
  hostFunctions!: Generated<boolean>;

+  @Column({ type: 'character varying', default: [], array: true })
+  allowedHosts!: Generated<string[]>;
+
  @Column({ type: 'jsonb', nullable: true })
  schema!: JsonSchemaDto | null;

@@ -42,6 +42,10 @@ type ExecuteOptions<T extends WorkflowType> = {

 type AssetTrigger = { userId: string; assetId: string; trigger: WorkflowTrigger };

+type HostContext = {
+  allowedHosts: string[];
+};
+
 export class WorkflowExecutionService extends BaseService {
  private jwtSecret!: string;

@@ -66,20 +70,48 @@ export class WorkflowExecutionService extends BaseService {

    const albumService = BaseService.create(AlbumService, this);

-    const searchAlbums = this.wrap<[dto: GetAlbumsDto]>((authDto, args) => albumService.getAll(authDto, ...args));
-    const createAlbum = this.wrap<[dto: CreateAlbumDto]>((authDto, args) => albumService.create(authDto, ...args));
-    const addAssetsToAlbum = this.wrap<[id: string, dto: BulkIdsDto]>((authDto, args) =>
+    const searchAlbums = this.wrap<[dto: GetAlbumsDto]>((authDto, ctx, args) => albumService.getAll(authDto, ...args));
+    const createAlbum = this.wrap<[dto: CreateAlbumDto]>((authDto, ctx, args) => albumService.create(authDto, ...args));
+    const addAssetsToAlbum = this.wrap<[id: string, dto: BulkIdsDto]>((authDto, ctx, args) =>
      albumService.addAssets(authDto, ...args),
    );
-    const addAssetsToAlbums = this.wrap<[dto: AlbumsAddAssetsDto]>((authDto, args) =>
+    const addAssetsToAlbums = this.wrap<[dto: AlbumsAddAssetsDto]>((authDto, ctx, args) =>
      albumService.addAssetsToAlbums(authDto, ...args),
    );
+    const httpRequest = this.wrap<
+      [
+        url: string,
+        options?: {
+          method?: string;
+          headers?: Record<string, string>;
+          body?: string;
+        },
+      ]
+    >(async (authDto, context, args) => {
+      const hostname = new URL(args[0]).hostname;
+
+      for (const pattern of context.allowedHosts) {
+        const regex = new RegExp(pattern.replaceAll('.', String.raw`\.`).replaceAll('*', '.*'));
+        if (regex.test(hostname)) {
+          const res = await fetch(...args);
+
+          return {
+            ok: res.ok,
+            status: res.status,
+            body: await res.text(),
+          };
+        }
+      }
+
+      throw new Error('Hostname did not match any listed in methods[].allowedHosts in the plugin manifest');
+    });

    const functions = {
      searchAlbums,
      createAlbum,
      addAssetsToAlbum,
      addAssetsToAlbums,
+      httpRequest,
    };

    const stubs: typeof functions = {
@@ -87,6 +119,7 @@ export class WorkflowExecutionService extends BaseService {
      createAlbum: dummy,
      addAssetsToAlbum: dummy,
      addAssetsToAlbums: dummy,
+      httpRequest: dummy,
    };

    const plugins = await this.pluginRepository.getForLoad();
@@ -121,7 +154,7 @@ export class WorkflowExecutionService extends BaseService {
    return id + (hostFunctions ? '/worker' : '');
  }

-  private wrap<T>(fn: (authDto: AuthDto, args: T) => Promise<unknown>) {
+  private wrap<T>(fn: (authDto: AuthDto, context: HostContext, args: T) => Promise<unknown>) {
    return async (plugin: CurrentPlugin, offset: bigint) => {
      try {
        const handle = plugin.read(offset);
@@ -136,8 +169,9 @@ export class WorkflowExecutionService extends BaseService {
          throw new Error('authToken is required');
        }

+        const context = plugin.hostContext<HostContext>();
        const authDto = this.validate(authToken);
-        const response = await fn(authDto, args);
+        const response = await fn(authDto, context, args);

        return plugin.store(JSON.stringify({ success: true, response }));
      } catch (error: Error | any) {
@@ -381,6 +415,10 @@ export class WorkflowExecutionService extends BaseService {
          data,
        };

+        const context: HostContext = {
+          allowedHosts: step.allowedHosts,
+        };
+
        if (step.methodName.startsWith('noop')) {
          continue;
        }
@@ -391,6 +429,7 @@ export class WorkflowExecutionService extends BaseService {
            methodName: step.methodName,
          },
          payload,
+          context,
        );
        if (result?.changes) {
          await write(
@@ -427,4 +427,32 @@ describe('core plugin', () => {
      await expect(ctx.get(AssetRepository).getById(asset.id)).resolves.toMatchObject({ isFavorite: true });
    });
  });
+
+  describe('webhook', () => {
+    it('should trigger a webhook on asset upload', async () => {
+      const { user } = await ctx.newUser();
+      const { asset } = await ctx.newAsset({ ownerId: user.id });
+
+      const fetchMock = vi.fn(() => Promise.resolve({ ok: true, status: 200, text: () => Promise.resolve('') }));
+      vi.stubGlobal('fetch', fetchMock);
+
+      const workflow = await createWorkflow({
+        ownerId: user.id,
+        trigger: WorkflowTrigger.AssetCreate,
+        steps: [
+          {
+            method: 'immich-plugin-core#webhook',
+            config: { url: 'http://localhost', method: 'POST' },
+          },
+        ],
+      });
+
+      await expect(ctx.sut.handleAssetTrigger({ workflowId: workflow.id, assetId: asset.id })).resolves.toBeUndefined();
+      expect(fetchMock).toHaveBeenCalled();
+    });
+
+    afterEach(() => {
+      vi.unstubAllGlobals();
+    });
+  });
 });
Author	SHA1	Message	Date
Santo Shakil	29949bebe4	fix(mobile): only toggle backup from the switch, not the whole row (#29236 ) tapping anywhere on the enable backup row flipped backup on or off, so it was easy to toggle by accident. now only the switch does it.	2026-06-26 20:00:08 +05:30
Daniel Dietzler	d85e599ad9	feat: ultimate plugin type safety (#29340 )	2026-06-26 16:27:19 +02:00
jameskimmel	b16cc496b2	docs: MS smtp guide (#29289 ) Signed-off-by: jameskimmel <17176225+jameskimmel@users.noreply.github.com>	2026-06-26 16:16:38 +02:00
Ben Beckford	953ef5c047	feat: webhook workflow action (#29258 ) Co-authored-by: Daniel Dietzler <mail@ddietzler.dev>	2026-06-26 16:08:45 +02:00
jullang	a876d4a9f1	fix: small typo in openapi-spec (#29308 ) Co-authored-by: Daniel Dietzler <mail@ddietzler.dev>	2026-06-26 10:28:52 +00:00
Daniel Dietzler	688241a462	feat: plugin-sdk safety all around (#29323 )	2026-06-25 18:23:55 -04:00