async hash extracted video

2025-12-07 21:30:59 -08:00 · 2025-02-28 10:48:53 +03:00
2810 changed files with 127806 additions and 256044 deletions
--- a/.devcontainer/.gitignore
+++ b/.devcontainer/.gitignore
@@ -0,0 +1,2 @@
 .env
 library
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -0,0 +1,16 @@
 ARG BASEIMAGE=mcr.microsoft.com/devcontainers/typescript-node:22@sha256:9791f4aa527774bc370c6bd2f6705ce5a686f1e6f204badd8dfaacce28c631ae
 FROM ${BASEIMAGE}
 # Flutter SDK
 # https://flutter.dev/docs/development/tools/sdk/releases?tab=linux
 ENV FLUTTER_CHANNEL="stable"
 ENV FLUTTER_VERSION="3.24.5"
 ENV FLUTTER_HOME=/flutter
 ENV PATH=${PATH}:${FLUTTER_HOME}/bin
 # Flutter SDK
 RUN mkdir -p ${FLUTTER_HOME} \
  && curl -C - --output flutter.tar.xz https://storage.googleapis.com/flutter_infra_release/releases/${FLUTTER_CHANNEL}/linux/flutter_linux_${FLUTTER_VERSION}-${FLUTTER_CHANNEL}.tar.xz \
  && tar -xf flutter.tar.xz --strip-components=1 -C ${FLUTTER_HOME} \
  && rm flutter.tar.xz \
  && chown -R 1000:1000 ${FLUTTER_HOME}
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,67 +1,26 @@
 {
-  "name": "Immich - Backend, Frontend and ML",
+  "name": "Immich",
-  "service": "immich-server",
+  "service": "immich-devcontainer",
  "runServices": [
    "immich-server",
    "redis",
    "database",
    "immich-machine-learning"
  ],
  "dockerComposeFile": [
-    "../docker/docker-compose.dev.yml",
+    "docker-compose.yml",
-    "./server/container-compose-overrides.yml"
+    "../docker/docker-compose.dev.yml"
  ],
  "customizations": {
    "vscode": {
      "extensions": [
        "Dart-Code.dart-code",
        "Dart-Code.flutter",
        "dbaeumer.vscode-eslint",
        "dcmdev.dcm-vscode-extension",
        "esbenp.prettier-vscode",
-        "svelte.svelte-vscode",
+        "svelte.svelte-vscode"
        "ms-vscode-remote.remote-containers",
        "foxundermoon.shell-format",
        "timonwong.shellcheck",
        "rvest.vs-code-prettier-eslint",
        "bluebrown.yamlfmt",
        "vkrishna04.cspell-sync",
        "vitest.explorer",
        "ms-playwright.playwright",
        "ms-azuretools.vscode-docker"
      ]
    }
  },
-  "forwardPorts": [3000, 9231, 9230, 2283],
+  "forwardPorts": [],
-  "portsAttributes": {
+  "initializeCommand": "bash .devcontainer/scripts/initializeCommand.sh",
-    "3000": {
+  "onCreateCommand": "bash .devcontainer/scripts/onCreateCommand.sh",
      "label": "Immich - Frontend HTTP",
      "description": "The frontend of the Immich project",
      "onAutoForward": "openBrowserOnce"
    },
    "2283": {
      "label": "Immich - API Server - HTTP",
      "description": "The API server of the Immich project"
    },
    "9231": {
      "label": "Immich - API Server - DEBUG",
      "description": "The API server of the Immich project"
    },
    "9230": {
      "label": "Immich - Workers - DEBUG",
      "description": "The workers of the Immich project"
    }
  },
  "overrideCommand": true,
-  "workspaceFolder": "/workspaces/immich",
+  "workspaceFolder": "/immich",
-  "remoteUser": "node",
+  "remoteUser": "node"
  "userEnvProbe": "loginInteractiveShell",
  "remoteEnv": {
    // The location where your uploaded files are stored
    "UPLOAD_LOCATION": "${localEnv:UPLOAD_LOCATION:./library}",
    //  Connection secret for postgres. You should change it to a random password
    //  Please use only the characters `A-Za-z0-9`, without special characters or spaces
    "DB_PASSWORD": "${localEnv:DB_PASSWORD:postgres}",
    //  The database username
    "DB_USERNAME": "${localEnv:DB_USERNAME:postgres}",
    //  The database name
    "DB_DATABASE_NAME": "${localEnv:DB_DATABASE_NAME:immich}"
  }
 }
--- a/.devcontainer/docker-compose.yml
+++ b/.devcontainer/docker-compose.yml
@@ -0,0 +1,8 @@
 services:
  immich-devcontainer:
    build:
      dockerfile: Dockerfile
    extra_hosts:
      - 'host.docker.internal:host-gateway'
    volumes:
      - ..:/immich:cached
--- a/.devcontainer/mobile/container-compose-overrides.yml
+++ b/.devcontainer/mobile/container-compose-overrides.yml
@@ -1,34 +0,0 @@
 services:
  immich-server:
    build:
      target: dev-container-mobile
    environment:
      - IMMICH_SERVER_URL=http://127.0.0.1:2283/
    volumes: !override # bind mount host to /workspaces/immich
      - ..:/workspaces/immich
      - cli_node_modules:/workspaces/immich/cli/node_modules
      - e2e_node_modules:/workspaces/immich/e2e/node_modules
      - open_api_node_modules:/workspaces/immich/open-api/typescript-sdk/node_modules
      - server_node_modules:/workspaces/immich/server/node_modules
      - web_node_modules:/workspaces/immich/web/node_modules
      - ${UPLOAD_LOCATION}/photos:/data
      - ${UPLOAD_LOCATION}/photos/upload:/data/upload
      - /etc/localtime:/etc/localtime:ro
  database:
    volumes:
      - ${UPLOAD_LOCATION}/postgres:/var/lib/postgresql/data
 volumes:
  # Node modules for each service to avoid conflicts and ensure consistent dependencies
  cli_node_modules:
  e2e_node_modules:
  open_api_node_modules:
  server_node_modules:
  web_node_modules:
  # UPLOAD_LOCATION must be set to a absolute path or vol-upload
  vol-upload:
  # DB_DATA_LOCATION must be set to a absolute path or vol-database
  vol-database:
--- a/.devcontainer/mobile/devcontainer.json
+++ b/.devcontainer/mobile/devcontainer.json
@@ -1,52 +0,0 @@
 {
  "name": "Immich - Mobile",
  "service": "immich-server",
  "runServices": [
    "immich-server",
    "redis",
    "database",
    "immich-machine-learning"
  ],
  "dockerComposeFile": [
    "../../docker/docker-compose.dev.yml",
    "./container-compose-overrides.yml"
  ],
  "customizations": {
    "vscode": {
      "extensions": [
        "Dart-Code.dart-code",
        "Dart-Code.flutter",
        "dcmdev.dcm-vscode-extension",
        "esbenp.prettier-vscode",
        "dbaeumer.vscode-eslint",
        "esbenp.prettier-vscode",
        "svelte.svelte-vscode",
        "ms-vscode-remote.remote-containers",
        "foxundermoon.shell-format",
        "timonwong.shellcheck",
        "rvest.vs-code-prettier-eslint",
        "bluebrown.yamlfmt",
        "vkrishna04.cspell-sync",
        "vitest.explorer",
        "ms-playwright.playwright",
        "ms-azuretools.vscode-docker"
      ]
    }
  },
  "forwardPorts": [],
  "overrideCommand": true,
  "workspaceFolder": "/workspaces/immich",
  "remoteUser": "node",
  "userEnvProbe": "loginInteractiveShell",
  "remoteEnv": {
    // The location where your uploaded files are stored
    "UPLOAD_LOCATION": "${localEnv:UPLOAD_LOCATION:./Library}",
    //  Connection secret for postgres. You should change it to a random password
    //  Please use only the characters `A-Za-z0-9`, without special characters or spaces
    "DB_PASSWORD": "${localEnv:DB_PASSWORD:postgres}",
    //  The database username
    "DB_USERNAME": "${localEnv:DB_USERNAME:postgres}",
    //  The database name
    "DB_DATABASE_NAME": "${localEnv:DB_DATABASE_NAME:immich}"
  }
 }
--- a/.devcontainer/scripts/initializeCommand.sh
+++ b/.devcontainer/scripts/initializeCommand.sh
@@ -0,0 +1,6 @@
 #!/bin/bash
 # If .env file does not exist, create it by copying example.env from the docker folder
 if [ ! -f ".devcontainer/.env" ]; then
    cp docker/example.env .devcontainer/.env
 fi
--- a/.devcontainer/scripts/onCreateCommand.sh
+++ b/.devcontainer/scripts/onCreateCommand.sh
@@ -0,0 +1,25 @@
 #!/bin/bash
 # Enable multiarch for arm64 if necessary
 if [ "$(dpkg --print-architecture)" = "arm64" ]; then
    sudo dpkg --add-architecture amd64 && \
    sudo apt-get update && \
    sudo apt-get install -y --no-install-recommends \
        qemu-user-static \
        libc6:amd64 \
        libstdc++6:amd64 \
        libgcc1:amd64
 fi
 # Install DCM
 wget -qO- https://dcm.dev/pgp-key.public | sudo gpg --dearmor -o /usr/share/keyrings/dcm.gpg
 sudo echo 'deb [signed-by=/usr/share/keyrings/dcm.gpg arch=amd64] https://dcm.dev/debian stable main' | sudo tee /etc/apt/sources.list.d/dart_stable.list
 sudo apt-get update
 sudo apt-get install dcm
 dart --disable-analytics
 # Install immich
 cd /immich || exit
 make install-all
--- a/.devcontainer/server/container-common.sh
+++ b/.devcontainer/server/container-common.sh
@@ -1,80 +0,0 @@
 #!/bin/bash
 export IMMICH_PORT="${DEV_SERVER_PORT:-2283}"
 export DEV_PORT="${DEV_PORT:-3000}"
 # search for immich directory inside workspace.
 # /workspaces/immich is the bind mount, but other directories can be mounted if runing
 # Devcontainer: Clone [repository|pull request] in container volumne
 WORKSPACES_DIR="/workspaces"
 IMMICH_DIR="$WORKSPACES_DIR/immich"
 IMMICH_DEVCONTAINER_LOG="$HOME/immich-devcontainer.log"
 log() {
    # Display command on console, log with timestamp to file
    echo "$*"
    echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*" >>"$IMMICH_DEVCONTAINER_LOG"
 }
 run_cmd() {
    # Ensure log directory exists
    mkdir -p "$(dirname "$IMMICH_DEVCONTAINER_LOG")"
    log "$@"
    # Execute command: display normally on console, log with timestamps to file
    "$@" 2>&1 | tee >(while IFS= read -r line; do
        echo "[$(date '+%Y-%m-%d %H:%M:%S')] $line" >>"$IMMICH_DEVCONTAINER_LOG"
    done)
    # Preserve exit status
    return "${PIPESTATUS[0]}"
 }
 # Find directories excluding /workspaces/immich
 mapfile -t other_dirs < <(find "$WORKSPACES_DIR" -mindepth 1 -maxdepth 1 -type d ! -path "$IMMICH_DIR" ! -name ".*")
 if [ ${#other_dirs[@]} -gt 1 ]; then
    log "Error: More than one directory found in $WORKSPACES_DIR other than $IMMICH_DIR."
    exit 1
 elif [ ${#other_dirs[@]} -eq 1 ]; then
    export IMMICH_WORKSPACE="${other_dirs[0]}"
 else
    export IMMICH_WORKSPACE="$IMMICH_DIR"
 fi
 log "Found immich workspace in $IMMICH_WORKSPACE"
 log ""
 fix_permissions() {
    log "Fixing permissions for ${IMMICH_WORKSPACE}"
    run_cmd sudo find "${IMMICH_WORKSPACE}/server/upload" -not -path "${IMMICH_WORKSPACE}/server/upload/postgres/*" -not -path "${IMMICH_WORKSPACE}/server/upload/postgres" -exec chown node {} +
    # Change ownership for directories that exist
    for dir in "${IMMICH_WORKSPACE}/.vscode" \
        "${IMMICH_WORKSPACE}/cli/node_modules" \
        "${IMMICH_WORKSPACE}/e2e/node_modules" \
        "${IMMICH_WORKSPACE}/open-api/typescript-sdk/node_modules" \
        "${IMMICH_WORKSPACE}/server/node_modules" \
        "${IMMICH_WORKSPACE}/server/dist" \
        "${IMMICH_WORKSPACE}/web/node_modules" \
        "${IMMICH_WORKSPACE}/web/dist"; do
        if [ -d "$dir" ]; then
            run_cmd sudo chown node -R "$dir"
        fi
    done
    log ""
 }
 install_dependencies() {
    log "Installing dependencies"
    (
        cd "${IMMICH_WORKSPACE}" || exit 1
        export CI=1 FROZEN=1 OFFLINE=1
        run_cmd make setup-web-dev setup-server-dev
    )
    log ""
 }
--- a/.devcontainer/server/container-compose-overrides.yml
+++ b/.devcontainer/server/container-compose-overrides.yml
@@ -1,49 +0,0 @@
 services:
  immich-server:
    build:
      target: dev-container-server
    env_file: !reset []
    hostname: immich-dev
    environment:
      - IMMICH_SERVER_URL=http://127.0.0.1:2283/
    volumes: !override
      - ..:/workspaces/immich
      - cli_node_modules:/workspaces/immich/cli/node_modules
      - e2e_node_modules:/workspaces/immich/e2e/node_modules
      - open_api_node_modules:/workspaces/immich/open-api/typescript-sdk/node_modules
      - server_node_modules:/workspaces/immich/server/node_modules
      - web_node_modules:/workspaces/immich/web/node_modules
      - ${UPLOAD_LOCATION:-upload1-devcontainer-volume}${UPLOAD_LOCATION:+/photos}:/data
      - ${UPLOAD_LOCATION:-upload2-devcontainer-volume}${UPLOAD_LOCATION:+/photos/upload}:/data/upload
      - /etc/localtime:/etc/localtime:ro
  immich-web:
    env_file: !reset []
  immich-machine-learning:
    env_file: !reset []
  database:
    env_file: !reset []
    environment: !override
      POSTGRES_PASSWORD: ${DB_PASSWORD-postgres}
      POSTGRES_USER: ${DB_USERNAME-postgres}
      POSTGRES_DB: ${DB_DATABASE_NAME-immich}
      POSTGRES_INITDB_ARGS: '--data-checksums'
      POSTGRES_HOST_AUTH_METHOD: md5
    volumes:
      - ${UPLOAD_LOCATION:-postgres-devcontainer-volume}${UPLOAD_LOCATION:+/postgres}:/var/lib/postgresql/data
  redis:
    env_file: !reset []
 volumes:
  # Node modules for each service to avoid conflicts and ensure consistent dependencies
  cli_node_modules:
  e2e_node_modules:
  open_api_node_modules:
  server_node_modules:
  web_node_modules:
  upload1-devcontainer-volume:
  upload2-devcontainer-volume:
  postgres-devcontainer-volume:
--- a/.devcontainer/server/container-start-backend.sh
+++ b/.devcontainer/server/container-start-backend.sh
@@ -1,17 +0,0 @@
 #!/bin/bash
 # shellcheck source=common.sh
 # shellcheck disable=SC1091
 source /immich-devcontainer/container-common.sh
 log "Starting Nest API Server"
 log ""
 cd "${IMMICH_WORKSPACE}/server" || (
    log "Immich workspace not found"
    exit 1
 )
 while true; do
    run_cmd node ./node_modules/.bin/nest start --debug "0.0.0.0:9230" --watch
    log "Nest API Server crashed with exit code $?.  Respawning in 3s ..."
    sleep 3
 done
--- a/.devcontainer/server/container-start-frontend.sh
+++ b/.devcontainer/server/container-start-frontend.sh
@@ -1,22 +0,0 @@
 #!/bin/bash
 # shellcheck source=common.sh
 # shellcheck disable=SC1091
 source /immich-devcontainer/container-common.sh
 log "Starting Immich Web Frontend"
 log ""
 cd "${IMMICH_WORKSPACE}/web" || (
    log "Immich Workspace not found"
    exit 1
 )
 until curl --output /dev/null --silent --head --fail "http://127.0.0.1:${IMMICH_PORT}/api/server/config"; do
    log "Waiting for api server..."
    sleep 1
 done
 while true; do
    run_cmd node ./node_modules/.bin/vite dev --host 0.0.0.0 --port "${DEV_PORT}"
    log "Web crashed with exit code $?.  Respawning in 3s ..."
    sleep 3
 done
--- a/.devcontainer/server/container-start.sh
+++ b/.devcontainer/server/container-start.sh
@@ -1,20 +0,0 @@
 #!/bin/bash
 # shellcheck source=common.sh
 # shellcheck disable=SC1091
 source /immich-devcontainer/container-common.sh
 log "Setting up Immich dev container..."
 fix_permissions
 log "Installing npm dependencies (node_modules)..."
 install_dependencies
 log "Setup complete, please wait while backend and frontend services automatically start"
 log
 log "If necessary, the services may be manually started using"
 log
 log "$ /immich-devcontainer/container-start-backend.sh"
 log "$ /immich-devcontainer/container-start-frontend.sh"
 log
 log "From different terminal windows, as these scripts automatically restart the server"
 log "on error, and will continuously run in a loop"
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,41 +1,33 @@
 .vscode/
 .github/
 .git/
 .env*
 *.log
 *.tmp
 *.temp
 **/Dockerfile
 **/node_modules/
 **/.pnpm-store/
 **/dist/
 **/coverage/
 **/build/
 design/
 docker/
 !docker/scripts
 docs/
 !docs/package.json
 !docs/package-lock.json
 e2e/
 !e2e/package.json
 !e2e/package-lock.json
 fastlane/
 machine-learning/
 misc/
 mobile/
-open-api/typescript-sdk/build/
+cli/coverage/
-!open-api/typescript-sdk/package.json
+cli/dist/
-!open-api/typescript-sdk/package-lock.json
+cli/node_modules/
 open-api/typescript-sdk/build/
 open-api/typescript-sdk/node_modules/
 server/coverage/
 server/node_modules/
 server/upload/
 server/src/queries
 server/dist/
 server/www/
 web/node_modules/
 web/coverage/
 web/.svelte-kit
 web/build/
 web/.env
--- a/.gitattributes
+++ b/.gitattributes
@@ -6,18 +6,6 @@ mobile/openapi/**/*.dart linguist-generated=true
 mobile/lib/**/*.g.dart -diff -merge
 mobile/lib/**/*.g.dart linguist-generated=true
 mobile/lib/**/*.drift.dart -diff -merge
 mobile/lib/**/*.drift.dart linguist-generated=true
 mobile/drift_schemas/main/drift_schema_*.json -diff -merge
 mobile/drift_schemas/main/drift_schema_*.json linguist-generated=true
 mobile/lib/infrastructure/repositories/db.repository.steps.dart -diff -merge
 mobile/lib/infrastructure/repositories/db.repository.steps.dart linguist-generated=true
 mobile/test/drift/main/generated/** -diff -merge
 mobile/test/drift/main/generated/** linguist-generated=true
 open-api/typescript-sdk/fetch-client.ts -diff -merge
 open-api/typescript-sdk/fetch-client.ts linguist-generated=true
--- a/.github/.nvmrc
+++ b/.github/.nvmrc
@@ -1 +0,0 @@
 22.17.1
--- a/.github/.prettierignore
+++ b/.github/.prettierignore
@@ -1,4 +0,0 @@
 # Ignore files for PNPM, NPM and YARN
 pnpm-lock.yaml
 package-lock.json
 yarn.lock
--- a/.github/DISCUSSION_TEMPLATE/feature-request.yaml
+++ b/.github/DISCUSSION_TEMPLATE/feature-request.yaml
@@ -1,5 +1,5 @@
-title: '[Feature] feature-name-goes-here'
+title: "[Feature] feature-name-goes-here"
-labels: ['feature']
+labels: ["feature"]
 body:
  - type: markdown
@@ -11,9 +11,10 @@ body:
  - type: checkboxes
    attributes:
-      label: I have searched the existing feature requests, both open and closed, to make sure this is not a duplicate request.
+      label: I have searched the existing feature requests to make sure this is not a duplicate request.
      options:
-        - label: 'Yes'
+        - label: "Yes"
          required: true
  - type: textarea
    id: feature
--- a/.github/ISSUE_TEMPLATE/bug_report.yaml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yaml
@@ -1,12 +1,6 @@
 name: Report an issue with Immich
 description: Report an issue with Immich
 body:
  - type: checkboxes
    attributes:
      label: I have searched the existing issues, both open and closed, to make sure this is not a duplicate report.
      options:
        - label: 'Yes'
  - type: markdown
    attributes:
      value: |
@@ -83,7 +77,7 @@ body:
    id: repro
    attributes:
      label: Reproduction steps
-      description: 'How do you trigger this bug? Please walk us through it step by step.'
+      description: "How do you trigger this bug? Please walk us through it step by step."
      value: |
        1.
        2.
@@ -96,13 +90,12 @@ body:
    id: logs
    attributes:
      label: Relevant log output
-      description:
+      description: Please copy and paste any relevant logs below. (code formatting is
        Please copy and paste any relevant logs below. (code formatting is
        enabled, no need for backticks)
      render: shell
    validations:
      required: false
-
+      
  - type: textarea
    attributes:
      label: Additional information
--- a/.github/package-lock.json
+++ b/.github/package-lock.json
@@ -1,28 +0,0 @@
 {
  "name": ".github",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "devDependencies": {
        "prettier": "^3.5.3"
      }
    },
    "node_modules/prettier": {
      "version": "3.6.2",
      "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.6.2.tgz",
      "integrity": "sha512-I7AIg5boAr5R0FFtJ6rCfD+LFsWHp81dolrFD8S79U9tb8Az2nGrJncnMSnys+bpQJfRUzqs9hnA81OAA3hCuQ==",
      "dev": true,
      "license": "MIT",
      "bin": {
        "prettier": "bin/prettier.cjs"
      },
      "engines": {
        "node": ">=14"
      },
      "funding": {
        "url": "https://github.com/prettier/prettier?sponsor=1"
      }
    }
  }
 }
--- a/.github/package.json
+++ b/.github/package.json
@@ -1,9 +0,0 @@
 {
  "scripts": {
    "format": "prettier --check .",
    "format:fix": "prettier --write ."
  },
  "devDependencies": {
    "prettier": "^3.5.3"
  }
 }
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -32,5 +32,5 @@ The `/api/something` endpoint is now `/api/something-else`
 - [ ] I have confirmed that any new dependencies are strictly necessary.
 - [ ] I have written tests for new code (if applicable)
 - [ ] I have followed naming conventions/patterns in the surrounding code
- [ ] All code in `src/services/` uses repositories implementations for database calls, filesystem operations, etc.
+- [ ] All code in `src/services` uses repositories implementations for database calls, filesystem operations, etc.
- [ ] All code in `src/repositories/` is pretty basic/simple and does not have any immich specific logic (that belongs in `src/services/`)
+- [ ] All code in `src/repositories/` is pretty basic/simple and does not have any immich specific logic (that belongs in `src/services`)
--- a/.github/release.yml
+++ b/.github/release.yml
@@ -1,33 +1,33 @@
-changelog:
+changelog:
-  categories:
+  categories:
-    - title: 🚨 Breaking Changes
+    - title: 🚨 Breaking Changes
-      labels:
+      labels:
-        - changelog:breaking-change
+        - changelog:breaking-change
-
+
-    - title: 🫥 Deprecated Changes
+    - title: 🫥 Deprecated Changes
-      labels:
+      labels:
-        - changelog:deprecated
+        - changelog:deprecated
-
+
-    - title: 🔒 Security
+    - title: 🔒 Security
-      labels:
+      labels:
-        - changelog:security
+        - changelog:security
-
+
-    - title: 🚀 Features
+    - title: 🚀 Features
-      labels:
+      labels:
-        - changelog:feature
+        - changelog:feature
-
+
-    - title: 🌟 Enhancements
+    - title: 🌟 Enhancements
-      labels:
+      labels:
-        - changelog:enhancement
+        - changelog:enhancement
-
+
-    - title: 🐛 Bug fixes
+    - title: 🐛 Bug fixes
-      labels:
+      labels:
-        - changelog:bugfix
+        - changelog:bugfix
-
+
-    - title: 📚 Documentation
+    - title: 📚 Documentation
-      labels:
+      labels:
-        - changelog:documentation
+        - changelog:documentation
-
+
-    - title: 🌐 Translations
+    - title: 🌐 Translations
-      labels:
+      labels:
-        - changelog:translation
+        - changelog:translation
--- a/.github/workflows/build-mobile.yml
+++ b/.github/workflows/build-mobile.yml
@@ -7,15 +7,6 @@ on:
      ref:
        required: false
        type: string
    secrets:
      KEY_JKS:
        required: true
      ALIAS:
        required: true
      ANDROID_KEY_PASSWORD:
        required: true
      ANDROID_STORE_PASSWORD:
        required: true
  pull_request:
  push:
    branches: [main]
@@ -24,23 +15,16 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 permissions: {}
 jobs:
  pre-job:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    outputs:
      should_run: ${{ steps.found_paths.outputs.mobile == 'true' || steps.should_force.outputs.should_force == 'true' }}
    steps:
      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - id: found_paths
-        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+        uses: dorny/paths-filter@v3
        with:
          filters: |
            mobile:
@@ -54,95 +38,58 @@ jobs:
  build-sign-android:
    name: Build and sign Android
    needs: pre-job
    permissions:
      contents: read
    # Skip when PR from a fork
    if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' && needs.pre-job.outputs.should_run == 'true' }}
-    runs-on: mich
+    runs-on: macos-14
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Determine ref
        id: get-ref
        run: |
          input_ref="${{ inputs.ref }}"
          github_ref="${{ github.sha }}"
          ref="${input_ref:-$github_ref}"
          echo "ref=$ref" >> $GITHUB_OUTPUT
      - uses: actions/checkout@v4
        with:
-          ref: ${{ inputs.ref || github.sha }}
+          ref: ${{ steps.get-ref.outputs.ref }}
          persist-credentials: false
-      - name: Create the Keystore
+      - uses: actions/setup-java@v4
        env:
          KEY_JKS: ${{ secrets.KEY_JKS }}
        working-directory: ./mobile
        run: printf "%s" $KEY_JKS | base64 -d > android/key.jks
      - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
        with:
          distribution: 'zulu'
          java-version: '17'
-
+          cache: 'gradle'
      - name: Restore Gradle Cache
        id: cache-gradle-restore
        uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4
        with:
          path: |
            ~/.gradle/caches
            ~/.gradle/wrapper
            ~/.android/sdk
            mobile/android/.gradle
            mobile/.dart_tool
          key: build-mobile-gradle-${{ runner.os }}-main
      - name: Setup Flutter SDK
-        uses: subosito/flutter-action@fd55f4c5af5b953cc57a2be44cb082c8f6635e8e # v2.21.0
+        uses: subosito/flutter-action@v2
        with:
          channel: 'stable'
          flutter-version-file: ./mobile/pubspec.yaml
          cache: true
-      - name: Setup Android SDK
+      - name: Create the Keystore
-        uses: android-actions/setup-android@9fc6c4e9069bf8d3d10b2204b1fb8f6ef7065407 # v3.2.2
+        env:
-        with:
+          KEY_JKS: ${{ secrets.KEY_JKS }}
-          packages: ''
+        working-directory: ./mobile
        run: echo $KEY_JKS | base64 -d > android/key.jks
      - name: Get Packages
        working-directory: ./mobile
        run: flutter pub get
      - name: Generate translation file
        run: make translation
        working-directory: ./mobile
      - name: Generate platform APIs
        run: make pigeon
        working-directory: ./mobile
      - name: Build Android App Bundle
        working-directory: ./mobile
        env:
          ALIAS: ${{ secrets.ALIAS }}
          ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }}
          ANDROID_STORE_PASSWORD: ${{ secrets.ANDROID_STORE_PASSWORD }}
          IS_MAIN: ${{ github.ref == 'refs/heads/main' }}
        run: |
-          if [[ $IS_MAIN == 'true' ]]; then
+          flutter build apk --release
-            flutter build apk --release
+          flutter build apk --release --split-per-abi --target-platform android-arm,android-arm64,android-x64
            flutter build apk --release --split-per-abi --target-platform android-arm,android-arm64,android-x64
          else
            flutter build apk --debug --split-per-abi --target-platform android-arm64
          fi
      - name: Publish Android Artifact
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: release-apk-signed
          path: mobile/build/app/outputs/flutter-apk/*.apk
      - name: Save Gradle Cache
        id: cache-gradle-save
        uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # v4
        if: github.ref == 'refs/heads/main'
        with:
          path: |
            ~/.gradle/caches
            ~/.gradle/wrapper
            ~/.android/sdk
            mobile/android/.gradle
            mobile/.dart_tool
          key: ${{ steps.cache-gradle-restore.outputs.cache-primary-key }}
--- a/.github/workflows/cache-cleanup.yml
+++ b/.github/workflows/cache-cleanup.yml
@@ -8,38 +8,31 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 permissions: {}
 jobs:
  cleanup:
    name: Cleanup
    runs-on: ubuntu-latest
    permissions:
      contents: read
      actions: write
    steps:
      - name: Check out code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Cleanup
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          REF: ${{ github.ref }}
        run: |
          gh extension install actions/gh-actions-cache
          REPO=${{ github.repository }}
          BRANCH=${{ github.ref }}
          echo "Fetching list of cache keys"
-          cacheKeysForPR=$(gh actions-cache list -R $REPO -B ${REF} -L 100 | cut -f 1 )
+          cacheKeysForPR=$(gh actions-cache list -R $REPO -B $BRANCH -L 100 | cut -f 1 )
          ## Setting this to not fail the workflow while deleting cache keys.
          set +e
          echo "Deleting caches..."
          for cacheKey in $cacheKeysForPR
          do
-              gh actions-cache delete $cacheKey -R "$REPO" -B "${REF}" --confirm
+              gh actions-cache delete $cacheKey -R $REPO -B $BRANCH --confirm
          done
          echo "Done"
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/cli.yml
+++ b/.github/workflows/cli.yml
@@ -6,6 +6,7 @@ on:
      - 'cli/**'
      - '.github/workflows/cli.yml'
  pull_request:
    branches: [main]
    paths:
      - 'cli/**'
      - '.github/workflows/cli.yml'
@@ -16,31 +17,24 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
-permissions: {}
+permissions:
  packages: write
 jobs:
  publish:
    name: CLI Publish
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./cli
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        with:
          persist-credentials: false
      # Setup .npmrc file to publish to npm
-      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+      - uses: actions/setup-node@v4
        with:
          node-version-file: './cli/.nvmrc'
          registry-url: 'https://registry.npmjs.org'
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
      - name: Prepare SDK
        run: npm ci --prefix ../open-api/typescript-sdk/
      - name: Build SDK
@@ -55,25 +49,20 @@ jobs:
  docker:
    name: Docker
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    needs: publish
    steps:
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Set up QEMU
-        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+        uses: docker/setup-qemu-action@v3.4.0
      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@v3.9.0
      - name: Login to GitHub Container Registry
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        uses: docker/login-action@v3
        if: ${{ !github.event.pull_request.head.repo.fork }}
        with:
          registry: ghcr.io
@@ -88,7 +77,7 @@ jobs:
      - name: Generate docker image tags
        id: metadata
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
+        uses: docker/metadata-action@v5
        with:
          flavor: |
            latest=false
@@ -99,7 +88,7 @@ jobs:
            type=raw,value=latest,enable=${{ github.event_name == 'release' }}
      - name: Build and push image
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        uses: docker/build-push-action@v6.13.0
        with:
          file: cli/Dockerfile
          platforms: linux/amd64,linux/arm64
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -9,14 +9,14 @@
 # the `language` matrix defined below to confirm you have the correct set of
 # supported CodeQL languages.
 #
-name: 'CodeQL'
+name: "CodeQL"
 on:
  push:
-    branches: ['main']
+    branches: [ "main" ]
  pull_request:
    # The branches below must be a subset of the branches above
-    branches: ['main']
+    branches: [ "main" ]
  schedule:
    - cron: '20 13 * * 1'
@@ -24,8 +24,6 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 permissions: {}
 jobs:
  analyze:
    name: Analyze
@@ -38,44 +36,43 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        language: ['javascript', 'python']
+        language: [ 'javascript', 'python' ]
        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
    steps:
-      - name: Checkout repository
+    - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@v4
        with:
          persist-credentials: false
-      # Initializes the CodeQL tools for scanning.
+    # Initializes the CodeQL tools for scanning.
-      - name: Initialize CodeQL
+    - name: Initialize CodeQL
-        uses: github/codeql-action/init@4e828ff8d448a8a6e532957b1811f387a63867e8 # v3.29.4
+      uses: github/codeql-action/init@v3
-        with:
+      with:
-          languages: ${{ matrix.language }}
+        languages: ${{ matrix.language }}
-          # If you wish to specify custom queries, you can do so here or in a config file.
+        # If you wish to specify custom queries, you can do so here or in a config file.
-          # By default, queries listed here will override any specified in a config file.
+        # By default, queries listed here will override any specified in a config file.
-          # Prefix the list here with "+" to use these queries and those in the config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
-          # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-          # queries: security-extended,security-and-quality
+        # queries: security-extended,security-and-quality
      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
      # If this step fails, then you should remove it and run the build manually (see below)
      - name: Autobuild
        uses: github/codeql-action/autobuild@4e828ff8d448a8a6e532957b1811f387a63867e8 # v3.29.4
-      # ℹ️ Command-line programs to run using the OS shell.
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+    # If this step fails, then you should remove it and run the build manually (see below)
    - name: Autobuild
      uses: github/codeql-action/autobuild@v3
-      #   If the Autobuild fails above, remove it and uncomment the following three lines.
+    # ℹ️ Command-line programs to run using the OS shell.
-      #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
-      # - run: |
+    #   If the Autobuild fails above, remove it and uncomment the following three lines.
-      #   echo "Run, Build Application using script"
+    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
      #   ./location_of_script_within_repo/buildscript.sh
-      - name: Perform CodeQL Analysis
+    # - run: |
-        uses: github/codeql-action/analyze@4e828ff8d448a8a6e532957b1811f387a63867e8 # v3.29.4
+    #   echo "Run, Build Application using script"
-        with:
+    #   ./location_of_script_within_repo/buildscript.sh
-          category: '/language:${{matrix.language}}'
+
    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v3
      with:
        category: "/language:${{matrix.language}}"
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -5,6 +5,7 @@ on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
  release:
    types: [published]
@@ -12,23 +13,20 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
-permissions: {}
+permissions:
  packages: write
 jobs:
  pre-job:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    outputs:
      should_run_server: ${{ steps.found_paths.outputs.server == 'true' || steps.should_force.outputs.should_force == 'true' }}
      should_run_ml: ${{ steps.found_paths.outputs.machine-learning == 'true' || steps.should_force.outputs.should_force == 'true' }}
    steps:
      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - id: found_paths
-        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+        uses: dorny/paths-filter@v3
        with:
          filters: |
            server:
@@ -40,8 +38,6 @@ jobs:
              - 'machine-learning/**'
            workflow:
              - '.github/workflows/docker.yml'
              - '.github/workflows/multi-runner-build.yml'
              - '.github/actions/image-build'
      - name: Check if we should force jobs to run
        id: should_force
@@ -50,144 +46,411 @@ jobs:
  retag_ml:
    name: Re-Tag ML
    needs: pre-job
    permissions:
      contents: read
      packages: write
    if: ${{ needs.pre-job.outputs.should_run_ml == 'false' && !github.event.pull_request.head.repo.fork }}
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        suffix: ['', '-cuda', '-rocm', '-openvino', '-armnn', '-rknn']
+        suffix: ["", "-cuda", "-openvino", "-armnn"]
    steps:
-      - name: Login to GitHub Container Registry
+        - name: Login to GitHub Container Registry
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+          uses: docker/login-action@v3
-        with:
+          with:
-          registry: ghcr.io
+            registry: ghcr.io
-          username: ${{ github.repository_owner }}
+            username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+            password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Re-tag image
+        - name: Re-tag image
-        env:
+          run: |
-          REGISTRY_NAME: 'ghcr.io'
+              REGISTRY_NAME="ghcr.io"
-          REPOSITORY: ${{ github.repository_owner }}/immich-machine-learning
+              REPOSITORY=${{ github.repository_owner }}/immich-machine-learning
-          TAG_OLD: main${{ matrix.suffix }}
+              TAG_OLD=main${{ matrix.suffix }}
-          TAG_PR: ${{ github.event.number == 0 && github.ref_name || format('pr-{0}', github.event.number) }}${{ matrix.suffix }}
+              TAG_PR=${{ github.event.number == 0 && github.ref_name ||  format('pr-{0}', github.event.number)  }}${{ matrix.suffix }}
-          TAG_COMMIT: commit-${{ github.event_name != 'pull_request' && github.sha || github.event.pull_request.head.sha }}${{ matrix.suffix }}
+              TAG_COMMIT=commit-${{ github.event_name != 'pull_request' && github.sha || github.event.pull_request.head.sha }}${{ matrix.suffix }}
-        run: |
+              docker buildx imagetools create -t $REGISTRY_NAME/$REPOSITORY:$TAG_PR $REGISTRY_NAME/$REPOSITORY:$TAG_OLD
-          docker buildx imagetools create -t "${REGISTRY_NAME}/${REPOSITORY}:${TAG_PR}" "${REGISTRY_NAME}/${REPOSITORY}:${TAG_OLD}"
+              docker buildx imagetools create -t $REGISTRY_NAME/$REPOSITORY:$TAG_COMMIT $REGISTRY_NAME/$REPOSITORY:$TAG_OLD
          docker buildx imagetools create -t "${REGISTRY_NAME}/${REPOSITORY}:${TAG_COMMIT}" "${REGISTRY_NAME}/${REPOSITORY}:${TAG_OLD}"
  retag_server:
    name: Re-Tag Server
    needs: pre-job
    permissions:
      contents: read
      packages: write
    if: ${{ needs.pre-job.outputs.should_run_server == 'false' && !github.event.pull_request.head.repo.fork }}
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        suffix: ['']
+        suffix: [""]
    steps:
      - name: Login to GitHub Container Registry
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Re-tag image
        env:
          REGISTRY_NAME: 'ghcr.io'
          REPOSITORY: ${{ github.repository_owner }}/immich-server
          TAG_OLD: main${{ matrix.suffix }}
          TAG_PR: ${{ github.event.number == 0 && github.ref_name || format('pr-{0}', github.event.number) }}${{ matrix.suffix }}
          TAG_COMMIT: commit-${{ github.event_name != 'pull_request' && github.sha || github.event.pull_request.head.sha }}${{ matrix.suffix }}
        run: |
-          docker buildx imagetools create -t "${REGISTRY_NAME}/${REPOSITORY}:${TAG_PR}" "${REGISTRY_NAME}/${REPOSITORY}:${TAG_OLD}"
+          REGISTRY_NAME="ghcr.io"
-          docker buildx imagetools create -t "${REGISTRY_NAME}/${REPOSITORY}:${TAG_COMMIT}" "${REGISTRY_NAME}/${REPOSITORY}:${TAG_OLD}"
+          REPOSITORY=${{ github.repository_owner }}/immich-server
          TAG_OLD=main${{ matrix.suffix }}
          TAG_PR=${{ github.event.number == 0 && github.ref_name ||  format('pr-{0}', github.event.number)  }}${{ matrix.suffix }}
          TAG_COMMIT=commit-${{ github.event_name != 'pull_request' && github.sha || github.event.pull_request.head.sha }}${{ matrix.suffix }}
          docker buildx imagetools create -t $REGISTRY_NAME/$REPOSITORY:$TAG_PR $REGISTRY_NAME/$REPOSITORY:$TAG_OLD
          docker buildx imagetools create -t $REGISTRY_NAME/$REPOSITORY:$TAG_COMMIT $REGISTRY_NAME/$REPOSITORY:$TAG_OLD
-  machine-learning:
+  build_and_push_ml:
    name: Build and Push ML
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_ml == 'true' }}
    runs-on: ${{ matrix.runner }}
    env:
      image: immich-machine-learning
      context: machine-learning
      file: machine-learning/Dockerfile
      GHCR_REPO: ghcr.io/${{ github.repository_owner }}/immich-machine-learning
    strategy:
      # Prevent a failure in one image from stopping the other builds
      fail-fast: false
      matrix:
        include:
          - platform: linux/amd64
            runner: ubuntu-latest
            device: cpu
          - platform: linux/arm64
            runner: ubuntu-24.04-arm
            device: cpu
          - platform: linux/amd64
            runner: ubuntu-latest
            device: cuda
            suffix: -cuda
          - platform: linux/amd64
            runner: ubuntu-latest
            device: openvino
            suffix: -openvino
          - platform: linux/arm64
            runner: ubuntu-24.04-arm
            device: armnn
            suffix: -armnn
    steps:
      - name: Prepare
        run: |
          platform=${{ matrix.platform }}
          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
      - name: Checkout
        uses: actions/checkout@v4
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3.9.0
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        if: ${{ !github.event.pull_request.head.repo.fork }}
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Generate cache key suffix
        run: |
          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
            echo "CACHE_KEY_SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV
          else
            echo "CACHE_KEY_SUFFIX=$(echo ${{ github.ref_name }} | sed 's/[^a-zA-Z0-9]/-/g')" >> $GITHUB_ENV
          fi
      - name: Generate cache target
        id: cache-target
        run: |
          if [[ "${{ github.event.pull_request.head.repo.fork }}" == "true" ]]; then
            # Essentially just ignore the cache output (forks can't write to registry cache)
            echo "cache-to=type=local,dest=/tmp/discard,ignore-error=true" >> $GITHUB_OUTPUT
          else
            echo "cache-to=type=registry,ref=${{ env.GHCR_REPO }}-build-cache:${{ env.PLATFORM_PAIR }}-${{ matrix.device }}-${{ env.CACHE_KEY_SUFFIX }},mode=max,compression=zstd" >> $GITHUB_OUTPUT
          fi
      - name: Build and push image
        id: build
        uses: docker/build-push-action@v6.13.0
        with:
          context: ${{ env.context }}
          file: ${{ env.file }}
          platforms: ${{ matrix.platforms }}
          labels: ${{ steps.metadata.outputs.labels }}
          cache-to: ${{ steps.cache-target.outputs.cache-to }}
          cache-from: |
            type=registry,ref=${{ env.GHCR_REPO }}-build-cache:${{ env.PLATFORM_PAIR }}-${{ matrix.device }}-${{ env.CACHE_KEY_SUFFIX }}
            type=registry,ref=${{ env.GHCR_REPO }}-build-cache:${{ env.PLATFORM_PAIR }}-${{ matrix.device }}-main
          outputs: type=image,"name=${{ env.GHCR_REPO }}",push-by-digest=true,name-canonical=true,push=${{ !github.event.pull_request.head.repo.fork }}
          build-args: |
            DEVICE=${{ matrix.device }}
            BUILD_ID=${{ github.run_id }}
            BUILD_IMAGE=${{ github.event_name == 'release' && github.ref_name || steps.metadata.outputs.tags }}
            BUILD_SOURCE_REF=${{ github.ref_name }}
            BUILD_SOURCE_COMMIT=${{ github.sha }}
      - name: Export digest
        run: |
          mkdir -p ${{ runner.temp }}/digests
          digest="${{ steps.build.outputs.digest }}"
          touch "${{ runner.temp }}/digests/${digest#sha256:}"
      - name: Upload digest
        uses: actions/upload-artifact@v4
        with:
          name: ml-digests-${{ matrix.device }}-${{ env.PLATFORM_PAIR }}
          path: ${{ runner.temp }}/digests/*
          if-no-files-found: error
          retention-days: 1
  merge_ml:
    name: Merge & Push ML
    runs-on: ubuntu-latest
    if: ${{ needs.pre-job.outputs.should_run_ml == 'true' && !github.event.pull_request.head.repo.fork }}
    env:
      GHCR_REPO: ghcr.io/${{ github.repository_owner }}/immich-machine-learning
      DOCKER_REPO: altran1502/immich-machine-learning
    strategy:
      matrix:
        include:
          - device: cpu
          - device: cuda
            suffix: -cuda
          - device: openvino
            suffix: -openvino
          - device: armnn
            suffix: -armnn
    needs:
      - build_and_push_ml
    steps:
      - name: Download digests
        uses: actions/download-artifact@v4
        with:
          path: ${{ runner.temp }}/digests
          pattern: ml-digests-${{ matrix.device }}-*
          merge-multiple: true
      - name: Login to Docker Hub
        if: ${{ github.event_name == 'release' }}
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Login to GHCR
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Generate docker image tags
        id: meta
        uses: docker/metadata-action@v5
        env:
          DOCKER_METADATA_PR_HEAD_SHA: "true"
        with:
          flavor: |
            # Disable latest tag
            latest=false
          images: |
            name=${{ env.GHCR_REPO }}
            name=${{ env.DOCKER_REPO }},enable=${{ github.event_name == 'release' }}
          tags: |
            # Tag with branch name
            type=ref,event=branch,suffix=${{ matrix.suffix }}
            # Tag with pr-number
            type=ref,event=pr,suffix=${{ matrix.suffix }}
            # Tag with long commit sha hash
            type=sha,format=long,prefix=commit-,suffix=${{ matrix.suffix }}
            # Tag with git tag on release
            type=ref,event=tag,suffix=${{ matrix.suffix }}
            type=raw,value=release,enable=${{ github.event_name == 'release' }},suffix=${{ matrix.suffix }}
      - name: Create manifest list and push
        working-directory: ${{ runner.temp }}/digests
        run: |
          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
            $(printf '${{ env.GHCR_REPO }}@sha256:%s ' *)
  build_and_push_server:
    name: Build and Push Server
    runs-on: ${{ matrix.runner }}
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
    env:
      image: immich-server
      context: .
      file: server/Dockerfile
      GHCR_REPO: ghcr.io/${{ github.repository_owner }}/immich-server
    strategy:
      fail-fast: false
      matrix:
        include:
-          - device: cpu
+          - platform: linux/amd64
-            tag-suffix: ''
+            runner: ubuntu-latest
-          - device: cuda
+          - platform: linux/arm64
-            tag-suffix: '-cuda'
+            runner: ubuntu-24.04-arm
-            platforms: linux/amd64
+    steps:
-          - device: openvino
+      - name: Prepare
-            tag-suffix: '-openvino'
+        run: |
-            platforms: linux/amd64
+          platform=${{ matrix.platform }}
-          - device: armnn
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
            tag-suffix: '-armnn'
            platforms: linux/arm64
          - device: rknn
            tag-suffix: '-rknn'
            platforms: linux/arm64
          - device: rocm
            tag-suffix: '-rocm'
            platforms: linux/amd64
            runner-mapping: '{"linux/amd64": "mich"}'
    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@129aeda75a450666ce96e8bc8126652e717917a7 # multi-runner-build-workflow-0.1.1
    permissions:
      contents: read
      actions: read
      packages: write
    secrets:
      DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
    with:
      image: immich-machine-learning
      context: machine-learning
      dockerfile: machine-learning/Dockerfile
      platforms: ${{ matrix.platforms }}
      runner-mapping: ${{ matrix.runner-mapping }}
      tag-suffix: ${{ matrix.tag-suffix }}
      dockerhub-push: ${{ github.event_name == 'release' }}
      build-args: |
        DEVICE=${{ matrix.device }}
-  server:
+      - name: Checkout
-    name: Build and Push Server
+        uses: actions/checkout@v4
-    needs: pre-job
+
-    if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
+      - name: Set up Docker Buildx
-    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@129aeda75a450666ce96e8bc8126652e717917a7 # multi-runner-build-workflow-0.1.1
+        uses: docker/setup-buildx-action@v3
-    permissions:
+
-      contents: read
+      - name: Login to GitHub Container Registry
-      actions: read
+        uses: docker/login-action@v3
-      packages: write
+        if: ${{ !github.event.pull_request.head.repo.fork }}
-    secrets:
+        with:
-      DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+          registry: ghcr.io
-      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
+          username: ${{ github.repository_owner }}
-    with:
+          password: ${{ secrets.GITHUB_TOKEN }}
-      image: immich-server
+
-      context: .
+      - name: Generate cache key suffix
-      dockerfile: server/Dockerfile
+        run: |
-      dockerhub-push: ${{ github.event_name == 'release' }}
+          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
-      build-args: |
+            echo "CACHE_KEY_SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV
-        DEVICE=cpu
+          else
            echo "CACHE_KEY_SUFFIX=$(echo ${{ github.ref_name }} | sed 's/[^a-zA-Z0-9]/-/g')" >> $GITHUB_ENV
          fi
      - name: Generate cache target
        id: cache-target
        run: |
          if [[ "${{ github.event.pull_request.head.repo.fork }}" == "true" ]]; then
            # Essentially just ignore the cache output (forks can't write to registry cache)
            echo "cache-to=type=local,dest=/tmp/discard,ignore-error=true" >> $GITHUB_OUTPUT
          else
            echo "cache-to=type=registry,ref=${{ env.GHCR_REPO }}-build-cache:${{ env.PLATFORM_PAIR }}-${{ matrix.device }}-${{ env.CACHE_KEY_SUFFIX }},mode=max,compression=zstd" >> $GITHUB_OUTPUT
          fi
      - name: Build and push image
        id: build
        uses: docker/build-push-action@v6.13.0
        with:
          context: ${{ env.context }}
          file: ${{ env.file }}
          platforms: ${{ matrix.platform }}
          labels: ${{ steps.metadata.outputs.labels }}
          cache-to: ${{ steps.cache-target.outputs.cache-to }}
          cache-from: |
            type=registry,ref=${{ env.GHCR_REPO }}-build-cache:${{ env.PLATFORM_PAIR }}-${{ env.CACHE_KEY_SUFFIX }}
            type=registry,ref=${{ env.GHCR_REPO }}-build-cache:${{ env.PLATFORM_PAIR }}-main
          outputs: type=image,"name=${{ env.GHCR_REPO }}",push-by-digest=true,name-canonical=true,push=${{ !github.event.pull_request.head.repo.fork }}
          build-args: |
            DEVICE=cpu
            BUILD_ID=${{ github.run_id }}
            BUILD_IMAGE=${{ github.event_name == 'release' && github.ref_name || steps.metadata.outputs.tags }}
            BUILD_SOURCE_REF=${{ github.ref_name }}
            BUILD_SOURCE_COMMIT=${{ github.sha }}
      - name: Export digest
        run: |
          mkdir -p ${{ runner.temp }}/digests
          digest="${{ steps.build.outputs.digest }}"
          touch "${{ runner.temp }}/digests/${digest#sha256:}"
      - name: Upload digest
        uses: actions/upload-artifact@v4
        with:
          name: server-digests-${{ env.PLATFORM_PAIR }}
          path: ${{ runner.temp }}/digests/*
          if-no-files-found: error
          retention-days: 1
  merge_server:
    name: Merge & Push Server
    runs-on: ubuntu-latest
    if: ${{ needs.pre-job.outputs.should_run_server == 'true' && !github.event.pull_request.head.repo.fork }}
    env:
      GHCR_REPO: ghcr.io/${{ github.repository_owner }}/immich-server
      DOCKER_REPO: altran1502/immich-server
    needs:
      - build_and_push_server
    steps:
      - name: Download digests
        uses: actions/download-artifact@v4
        with:
          path: ${{ runner.temp }}/digests
          pattern: server-digests-*
          merge-multiple: true
      - name: Login to Docker Hub
        if: ${{ github.event_name == 'release' }}
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Login to GHCR
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Generate docker image tags
        id: meta
        uses: docker/metadata-action@v5
        env:
          DOCKER_METADATA_PR_HEAD_SHA: "true"
        with:
          flavor: |
            # Disable latest tag
            latest=false
          images: |
            name=${{ env.GHCR_REPO }}
            name=${{ env.DOCKER_REPO }},enable=${{ github.event_name == 'release' }}
          tags: |
            # Tag with branch name
            type=ref,event=branch,suffix=${{ matrix.suffix }}
            # Tag with pr-number
            type=ref,event=pr,suffix=${{ matrix.suffix }}
            # Tag with long commit sha hash
            type=sha,format=long,prefix=commit-,suffix=${{ matrix.suffix }}
            # Tag with git tag on release
            type=ref,event=tag,suffix=${{ matrix.suffix }}
            type=raw,value=release,enable=${{ github.event_name == 'release' }},suffix=${{ matrix.suffix }}
      - name: Create manifest list and push
        working-directory: ${{ runner.temp }}/digests
        run: |
          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
            $(printf '${{ env.GHCR_REPO }}@sha256:%s ' *)
  success-check-server:
    name: Docker Build & Push Server Success
-    needs: [server, retag_server]
+    needs: [merge_server, retag_server]
    permissions: {}
    runs-on: ubuntu-latest
    if: always()
    steps:
-      - uses: immich-app/devtools/actions/success-check@68f10eb389bb02a3cf9d1156111964c549eb421b # 0.0.4
+      - name: Any jobs failed?
-        with:
+        if: ${{ contains(needs.*.result, 'failure') }}
-          needs: ${{ toJSON(needs) }}
+        run: exit 1
      - name: All jobs passed or skipped
        if: ${{ !(contains(needs.*.result, 'failure')) }}
        run: echo "All jobs passed or skipped" && echo "${{ toJSON(needs.*.result) }}"
  success-check-ml:
    name: Docker Build & Push ML Success
-    needs: [machine-learning, retag_ml]
+    needs: [merge_ml, retag_ml]
    permissions: {}
    runs-on: ubuntu-latest
    if: always()
    steps:
-      - uses: immich-app/devtools/actions/success-check@68f10eb389bb02a3cf9d1156111964c549eb421b # 0.0.4
+      - name: Any jobs failed?
-        with:
+        if: ${{ contains(needs.*.result, 'failure') }}
-          needs: ${{ toJSON(needs) }}
+        run: exit 1
      - name: All jobs passed or skipped
        if: ${{ !(contains(needs.*.result, 'failure')) }}
        run: echo "All jobs passed or skipped" && echo "${{ toJSON(needs.*.result) }}"
--- a/.github/workflows/docs-build.yml
+++ b/.github/workflows/docs-build.yml
@@ -3,6 +3,7 @@ on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
  release:
    types: [published]
@@ -10,30 +11,22 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 permissions: {}
 jobs:
  pre-job:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    outputs:
-      should_run: ${{ steps.found_paths.outputs.docs == 'true' || steps.found_paths.outputs.open-api == 'true' ||  steps.should_force.outputs.should_force == 'true' }}
+      should_run: ${{ steps.found_paths.outputs.docs == 'true' ||  steps.should_force.outputs.should_force == 'true' }}
    steps:
      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - id: found_paths
-        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+        uses: dorny/paths-filter@v3
        with:
          filters: |
            docs:
              - 'docs/**'
            workflow:
              - '.github/workflows/docs-build.yml'
            open-api:
              - 'open-api/immich-openapi-specs.json'
      - name: Check if we should force jobs to run
        id: should_force
        run: echo "should_force=${{ steps.found_paths.outputs.workflow == 'true' || github.event_name == 'release' || github.ref_name == 'main' }}" >> "$GITHUB_OUTPUT"
@@ -41,8 +34,6 @@ jobs:
  build:
    name: Docs Build
    needs: pre-job
    permissions:
      contents: read
    if: ${{ needs.pre-job.outputs.should_run == 'true' }}
    runs-on: ubuntu-latest
    defaults:
@@ -51,16 +42,12 @@ jobs:
    steps:
      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@v4
        with:
          node-version-file: './docs/.nvmrc'
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
      - name: Run npm install
        run: npm ci
@@ -72,9 +59,8 @@ jobs:
        run: npm run build
      - name: Upload build output
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: docs-build-output
          path: docs/build/
          include-hidden-files: true
          retention-days: 1
--- a/.github/workflows/docs-deploy.yml
+++ b/.github/workflows/docs-deploy.yml
@@ -1,7 +1,7 @@
 name: Docs deploy
 on:
-  workflow_run: # zizmor: ignore[dangerous-triggers] no attacker inputs are used here
+  workflow_run:
-    workflows: ['Docs build']
+    workflows: ["Docs build"]
    types:
      - completed
@@ -9,9 +9,6 @@ jobs:
  checks:
    name: Docs Deploy Checks
    runs-on: ubuntu-latest
    permissions:
      actions: read
      pull-requests: read
    outputs:
      parameters: ${{ steps.parameters.outputs.result }}
      artifact: ${{ steps.get-artifact.outputs.result }}
@@ -20,7 +17,7 @@ jobs:
        run: echo 'The triggering workflow did not succeed' && exit 1
      - name: Get artifact
        id: get-artifact
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@v7
        with:
          script: |
            let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
@@ -38,9 +35,7 @@ jobs:
            return { found: true, id: matchArtifact.id };
      - name: Determine deploy parameters
        id: parameters
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@v7
        env:
          HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
        with:
          script: |
            const eventType = context.payload.workflow_run.event;
@@ -62,8 +57,7 @@ jobs:
            } else if (eventType == "pull_request") {
              let pull_number = context.payload.workflow_run.pull_requests[0]?.number;
              if(!pull_number) {
-                const {HEAD_SHA} = process.env;
+                const response = await github.rest.search.issuesAndPullRequests({q: 'repo:${{ github.repository }} is:pr sha:${{ github.event.workflow_run.head_sha }}',per_page: 1,})
                const response = await github.rest.search.issuesAndPullRequests({q: `repo:${{ github.repository }} is:pr sha:${HEAD_SHA}`,per_page: 1,})
                const items = response.data.items
                if (items.length < 1) {
                  throw new Error("No pull request found for the commit")
@@ -101,36 +95,30 @@ jobs:
    name: Docs Deploy
    runs-on: ubuntu-latest
    needs: checks
    permissions:
      contents: read
      actions: read
      pull-requests: write
    if: ${{ fromJson(needs.checks.outputs.artifact).found && fromJson(needs.checks.outputs.parameters).shouldDeploy }}
    steps:
      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Load parameters
        id: parameters
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@v7
        env:
          PARAM_JSON: ${{ needs.checks.outputs.parameters }}
        with:
          script: |
-            const parameters = JSON.parse(process.env.PARAM_JSON);
+            const json = `${{ needs.checks.outputs.parameters }}`;
            const parameters = JSON.parse(json);
            core.setOutput("event", parameters.event);
            core.setOutput("name", parameters.name);
            core.setOutput("shouldDeploy", parameters.shouldDeploy);
      - run: |
          echo "Starting docs deployment for ${{ steps.parameters.outputs.event }} ${{ steps.parameters.outputs.name }}"
      - name: Download artifact
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@v7
        env:
          ARTIFACT_JSON: ${{ needs.checks.outputs.artifact }}
        with:
          script: |
-            let artifact = JSON.parse(process.env.ARTIFACT_JSON);
+            let artifact = ${{ needs.checks.outputs.artifact }};
            let download = await github.rest.actions.downloadArtifact({
               owner: context.repo.owner,
               repo: context.repo.repo,
@@ -150,12 +138,12 @@ jobs:
          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
          TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
-        uses: gruntwork-io/terragrunt-action@aee21a7df999be8b471c2a8564c6cd853cb674e1 # v2.1.8
+        uses: gruntwork-io/terragrunt-action@v2
        with:
-          tg_version: '0.58.12'
+          tg_version: "0.58.12"
-          tofu_version: '1.7.1'
+          tofu_version: "1.7.1"
-          tg_dir: 'deployment/modules/cloudflare/docs'
+          tg_dir: "deployment/modules/cloudflare/docs"
-          tg_command: 'apply'
+          tg_command: "apply"
      - name: Deploy Docs Subdomain Output
        id: docs-output
@@ -165,30 +153,27 @@ jobs:
          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
          TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
-        uses: gruntwork-io/terragrunt-action@aee21a7df999be8b471c2a8564c6cd853cb674e1 # v2.1.8
+        uses: gruntwork-io/terragrunt-action@v2
        with:
-          tg_version: '0.58.12'
+          tg_version: "0.58.12"
-          tofu_version: '1.7.1'
+          tofu_version: "1.7.1"
-          tg_dir: 'deployment/modules/cloudflare/docs'
+          tg_dir: "deployment/modules/cloudflare/docs"
-          tg_command: 'output -json'
+          tg_command: "output -json"
      - name: Output Cleaning
        id: clean
        env:
          TG_OUTPUT: ${{ steps.docs-output.outputs.tg_action_output }}
        run: |
-          CLEANED=$(echo "$TG_OUTPUT" | sed 's|%0A|\n|g ; s|%3C|<|g' | jq -c .)
+          TG_OUT=$(echo '${{ steps.docs-output.outputs.tg_action_output }}' | sed 's|%0A|\n|g ; s|%3C|<|g' | jq -c .)
-          echo "output=$CLEANED" >> $GITHUB_OUTPUT
+          echo "output=$TG_OUT" >> $GITHUB_OUTPUT
      - name: Publish to Cloudflare Pages
-        # TODO: Action is deprecated
+        uses: cloudflare/pages-action@v1
        uses: cloudflare/pages-action@f0a1cd58cd66095dee69bfa18fa5efd1dde93bca # v1.5.0
        with:
          apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN_PAGES_UPLOAD }}
          accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
          projectName: ${{ fromJson(steps.clean.outputs.output).pages_project_name.value }}
-          workingDirectory: 'docs'
+          workingDirectory: "docs"
-          directory: 'build'
+          directory: "build"
          branch: ${{ steps.parameters.outputs.name }}
          wranglerVersion: '3'
@@ -199,7 +184,7 @@ jobs:
          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
          TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
-        uses: gruntwork-io/terragrunt-action@aee21a7df999be8b471c2a8564c6cd853cb674e1 # v2.1.8
+        uses: gruntwork-io/terragrunt-action@v2
        with:
          tg_version: '0.58.12'
          tofu_version: '1.7.1'
@@ -207,7 +192,7 @@ jobs:
          tg_command: 'apply'
      - name: Comment
-        uses: actions-cool/maintain-one-comment@4b2dbf086015f892dcb5e8c1106f5fccd6c1476b # v3.2.0
+        uses: actions-cool/maintain-one-comment@v3
        if: ${{ steps.parameters.outputs.event == 'pr' }}
        with:
          number: ${{ fromJson(needs.checks.outputs.parameters).pr_number }}
--- a/.github/workflows/docs-destroy.yml
+++ b/.github/workflows/docs-destroy.yml
@@ -1,39 +1,32 @@
 name: Docs destroy
 on:
-  pull_request_target: # zizmor: ignore[dangerous-triggers] no attacker inputs are used here
+  pull_request_target:
    types: [closed]
 permissions: {}
 jobs:
  deploy:
    name: Docs Destroy
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write
    steps:
      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Destroy Docs Subdomain
        env:
-          TF_VAR_prefix_name: 'pr-${{ github.event.number }}'
+          TF_VAR_prefix_name: "pr-${{ github.event.number }}"
-          TF_VAR_prefix_event_type: 'pr'
+          TF_VAR_prefix_event_type: "pr"
          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
          TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
-        uses: gruntwork-io/terragrunt-action@aee21a7df999be8b471c2a8564c6cd853cb674e1 # v2.1.8
+        uses: gruntwork-io/terragrunt-action@v2
        with:
-          tg_version: '0.58.12'
+          tg_version: "0.58.12"
-          tofu_version: '1.7.1'
+          tofu_version: "1.7.1"
-          tg_dir: 'deployment/modules/cloudflare/docs'
+          tg_dir: "deployment/modules/cloudflare/docs"
-          tg_command: 'destroy -refresh=false'
+          tg_command: "destroy -refresh=false"
      - name: Comment
-        uses: actions-cool/maintain-one-comment@4b2dbf086015f892dcb5e8c1106f5fccd6c1476b # v3.2.0
+        uses: actions-cool/maintain-one-comment@v3
        with:
          number: ${{ github.event.number }}
          delete: true
--- a/.github/workflows/fix-format.yml
+++ b/.github/workflows/fix-format.yml
@@ -4,48 +4,42 @@ on:
  pull_request:
    types: [labeled]
 permissions: {}
 jobs:
  fix-formatting:
    runs-on: ubuntu-latest
    if: ${{ github.event.label.name == 'fix:formatting' }}
    permissions:
      contents: write
      pull-requests: write
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
+        uses: actions/create-github-app-token@v1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - name: 'Checkout'
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          ref: ${{ github.event.pull_request.head.ref }}
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: true
      - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@v4
        with:
          node-version-file: './server/.nvmrc'
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
      - name: Fix formatting
        run: make install-all && make format-all
      - name: Commit and push
-        uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4
+        uses: EndBug/add-and-commit@v9
        with:
          default_author: github_actions
          message: 'chore: fix formatting'
      - name: Remove label
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@v7
        if: always()
        with:
          script: |
@@ -55,3 +49,4 @@ jobs:
              repo: context.repo.repo,
              name: 'fix:formatting'
            })
--- a/.github/workflows/org-checks.yml
+++ b/.github/workflows/org-checks.yml
@@ -1,13 +0,0 @@
 name: Org Checks
 on:
  pull_request_review:
  pull_request:
 jobs:
  check-approvals:
    name: Check for Team/Admin Review
    uses: immich-app/devtools/.github/workflows/required-approval.yml@main
    permissions:
      pull-requests: read
      contents: read
--- a/.github/workflows/pr-label-validation.yml
+++ b/.github/workflows/pr-label-validation.yml
@@ -1,11 +1,9 @@
 name: PR Label Validation
 on:
-  pull_request_target: # zizmor: ignore[dangerous-triggers] no attacker inputs are used here
+  pull_request_target:
    types: [opened, labeled, unlabeled, synchronize]
 permissions: {}
 jobs:
  validate-release-label:
    runs-on: ubuntu-latest
@@ -14,11 +12,11 @@ jobs:
      pull-requests: write
    steps:
      - name: Require PR to have a changelog label
-        uses: mheap/github-action-required-labels@8afbe8ae6ab7647d0c9f0cfa7c2f939650d22509 # v5.5.1
+        uses: mheap/github-action-required-labels@v5
        with:
          mode: exactly
          count: 1
          use_regex: true
-          labels: 'changelog:.*'
+          labels: "changelog:.*"
          add_comment: true
-          message: 'Label error. Requires {{errorString}} {{count}} of: {{ provided }}. Found: {{ applied }}. A maintainer will add the required label.'
+          message: "Label error. Requires {{errorString}} {{count}} of: {{ provided }}. Found: {{ applied }}. A maintainer will add the required label."
--- a/.github/workflows/pr-labeler.yml
+++ b/.github/workflows/pr-labeler.yml
@@ -1,8 +1,6 @@
-name: 'Pull Request Labeler'
+name: "Pull Request Labeler"
 on:
-  - pull_request_target # zizmor: ignore[dangerous-triggers] no attacker inputs are used here
+- pull_request_target
 permissions: {}
 jobs:
  labeler:
@@ -11,4 +9,4 @@ jobs:
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
+    - uses: actions/labeler@v5
--- a/.github/workflows/pr-require-conventional-commit.yml
+++ b/.github/workflows/pr-require-conventional-commit.yml
@@ -4,16 +4,12 @@ on:
  pull_request:
    types: [opened, synchronize, reopened, edited]
 permissions: {}
 jobs:
  validate-pr-title:
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
    steps:
      - name: PR Conventional Commit Validation
-        uses: ytanikin/PRConventionalCommits@b628c5a234cc32513014b7bfdd1e47b532124d98 # 1.3.0
+        uses:  ytanikin/PRConventionalCommits@1.3.0
        with:
          task_types: '["feat","fix","docs","test","ci","refactor","perf","chore","revert"]'
          add_label: 'false'
--- a/.github/workflows/prepare-release.yml
+++ b/.github/workflows/prepare-release.yml
@@ -21,40 +21,35 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}-root
  cancel-in-progress: true
 permissions: {}
 jobs:
  bump_version:
    runs-on: ubuntu-latest
    outputs:
      ref: ${{ steps.push-tag.outputs.commit_long_sha }}
-    permissions: {} # No job-level permissions are needed because it uses the app-token
+
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
+        uses: actions/create-github-app-token@v1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: true
-      - name: Install uv
+      - name: Install Poetry
-        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2
+        run: pipx install poetry
      - name: Bump version
-        env:
+        run: misc/release/pump-version.sh -s "${{ inputs.serverBump }}" -m "${{ inputs.mobileBump }}"
          SERVER_BUMP: ${{ inputs.serverBump }}
          MOBILE_BUMP: ${{ inputs.mobileBump }}
        run: misc/release/pump-version.sh -s "${SERVER_BUMP}" -m "${MOBILE_BUMP}"
      - name: Commit and tag
        id: push-tag
-        uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4
+        uses: EndBug/add-and-commit@v9
        with:
          default_author: github_actions
          message: 'chore: version ${{ env.IMMICH_VERSION }}'
@@ -64,47 +59,37 @@ jobs:
  build_mobile:
    uses: ./.github/workflows/build-mobile.yml
    needs: bump_version
-    permissions:
+    secrets: inherit
      contents: read
    secrets:
      KEY_JKS: ${{ secrets.KEY_JKS }}
      ALIAS: ${{ secrets.ALIAS }}
      ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }}
      ANDROID_STORE_PASSWORD: ${{ secrets.ANDROID_STORE_PASSWORD }}
    with:
      ref: ${{ needs.bump_version.outputs.ref }}
  prepare_release:
    runs-on: ubuntu-latest
    needs: build_mobile
-    permissions:
+
      actions: read # To download the app artifact
      # No content permissions are needed because it uses the app-token
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
+        uses: actions/create-github-app-token@v1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
+      
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: false
      - name: Download APK
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        uses: actions/download-artifact@v4
        with:
          name: release-apk-signed
      - name: Create draft release
-        uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # v2.3.2
+        uses: softprops/action-gh-release@v2
        with:
          draft: true
          tag_name: ${{ env.IMMICH_VERSION }}
          token: ${{ steps.generate-token.outputs.token }}
          generate_release_notes: true
          body_path: misc/release/notes.tmpl
          files: |
--- a/.github/workflows/preview-label.yaml
+++ b/.github/workflows/preview-label.yaml
@@ -2,9 +2,7 @@ name: Preview label
 on:
  pull_request:
-    types: [labeled, closed]
+    types: [labeled]
 permissions: {}
 jobs:
  comment-status:
@@ -13,10 +11,10 @@ jobs:
    permissions:
      pull-requests: write
    steps:
-      - uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
+      - uses: mshick/add-pr-comment@v2
        with:
-          message-id: 'preview-status'
+          message-id: "preview-status"
-          message: 'Deploying preview environment to https://pr-${{ github.event.pull_request.number }}.preview.internal.immich.cloud/'
+          message: "Deploying preview environment to https://pr-${{ github.event.pull_request.number }}.preview.internal.immich.cloud/"
  remove-label:
    runs-on: ubuntu-latest
@@ -24,7 +22,7 @@ jobs:
    permissions:
      pull-requests: write
    steps:
-      - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+      - uses: actions/github-script@v7
        with:
          script: |
            github.rest.issues.removeLabel({
--- a/.github/workflows/sdk.yml
+++ b/.github/workflows/sdk.yml
@@ -4,29 +4,23 @@ on:
  release:
    types: [published]
-permissions: {}
+permissions:
  packages: write
 jobs:
  publish:
    name: Publish `@immich/sdk`
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./open-api/typescript-sdk
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        with:
          persist-credentials: false
      # Setup .npmrc file to publish to npm
-      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+      - uses: actions/setup-node@v4
        with:
          node-version-file: './open-api/typescript-sdk/.nvmrc'
          registry-url: 'https://registry.npmjs.org'
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
      - name: Install deps
        run: npm ci
      - name: Build
--- a/.github/workflows/static_analysis.yml
+++ b/.github/workflows/static_analysis.yml
@@ -9,22 +9,16 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 permissions: {}
 jobs:
  pre-job:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    outputs:
      should_run: ${{ steps.found_paths.outputs.mobile == 'true' || steps.should_force.outputs.should_force == 'true' }}
    steps:
      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - id: found_paths
-        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+        uses: dorny/paths-filter@v3
        with:
          filters: |
            mobile:
@@ -39,97 +33,36 @@ jobs:
    name: Run Dart Code Analysis
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run == 'true' }}
    runs-on: ubuntu-latest
-    permissions:
+
      contents: read
    defaults:
      run:
        working-directory: ./mobile
    steps:
      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Setup Flutter SDK
-        uses: subosito/flutter-action@fd55f4c5af5b953cc57a2be44cb082c8f6635e8e # v2.21.0
+        uses: subosito/flutter-action@v2
        with:
          channel: 'stable'
          flutter-version-file: ./mobile/pubspec.yaml
      - name: Install dependencies
        run: dart pub get
-
+        working-directory: ./mobile
      - name: Install DCM
        uses: CQLabs/setup-dcm@8697ae0790c0852e964a6ef1d768d62a6675481a # v2.0.1
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          version: auto
          working-directory: ./mobile
      - name: Generate translation file
        run: make translation
      - name: Run Build Runner
        run: make build
      - name: Generate platform API
        run: make pigeon
      - name: Find file changes
        uses: tj-actions/verify-changed-files@a1c6acee9df209257a246f2cc6ae8cb6581c1edf # v20.0.4
        id: verify-changed-files
        with:
          files: |
            mobile/**/*.g.dart
            mobile/**/*.gr.dart
            mobile/**/*.drift.dart
      - name: Verify files have not changed
        if: steps.verify-changed-files.outputs.files_changed == 'true'
        env:
          CHANGED_FILES: ${{ steps.verify-changed-files.outputs.changed_files }}
        run: |
          echo "ERROR: Generated files not up to date! Run 'make build' and 'make pigeon' inside the mobile directory"
          echo "Changed files: ${CHANGED_FILES}"
          exit 1
      - name: Run dart analyze
        run: dart analyze --fatal-infos
        working-directory: ./mobile
      - name: Run dart format
-        run: make format
+        run: dart format lib/ --set-exit-if-changed
        working-directory: ./mobile
      - name: Run dart custom_lint
        run: dart run custom_lint
        working-directory: ./mobile
-      # TODO: Use https://github.com/CQLabs/dcm-action
+      # Enable after riverpod generator migration is completed
-      - name: Run DCM
+      # - name: Run dart custom lint
-        run: dcm analyze lib --fatal-style --fatal-warnings
+      #   run: dart run custom_lint
-
+      #   working-directory: ./mobile
  zizmor:
    name: zizmor
    runs-on: ubuntu-latest
    permissions:
      security-events: write
      contents: read
      actions: read
    steps:
      - name: Checkout repository
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Install the latest version of uv
        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2
      - name: Run zizmor 🌈
        run: uvx zizmor --format=sarif . > results.sarif
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: Upload SARIF file
        uses: github/codeql-action/upload-sarif@4e828ff8d448a8a6e532957b1811f387a63867e8 # v3.29.4
        with:
          sarif_file: results.sarif
          category: zizmor
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -9,15 +9,10 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 permissions: {}
 jobs:
  pre-job:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    outputs:
      should_run_i18n: ${{ steps.found_paths.outputs.i18n == 'true' || steps.should_force.outputs.should_force == 'true' }}
      should_run_web: ${{ steps.found_paths.outputs.web == 'true' || steps.should_force.outputs.should_force == 'true' }}
      should_run_server: ${{ steps.found_paths.outputs.server == 'true' || steps.should_force.outputs.should_force == 'true' }}
      should_run_cli: ${{ steps.found_paths.outputs.cli == 'true' || steps.should_force.outputs.should_force == 'true' }}
@@ -26,19 +21,13 @@ jobs:
      should_run_ml: ${{ steps.found_paths.outputs.machine-learning == 'true' || steps.should_force.outputs.should_force == 'true' }}
      should_run_e2e_web: ${{ steps.found_paths.outputs.e2e == 'true' || steps.found_paths.outputs.web == 'true' || steps.should_force.outputs.should_force == 'true' }}
      should_run_e2e_server_cli: ${{ steps.found_paths.outputs.e2e == 'true' || steps.found_paths.outputs.server == 'true' || steps.found_paths.outputs.cli == 'true' || steps.should_force.outputs.should_force == 'true' }}
      should_run_.github: ${{ steps.found_paths.outputs['.github'] == 'true' || steps.should_force.outputs.should_force == 'true' }} # redundant to have should_force but if someone changes the trigger then this won't have to be changed
    steps:
      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - id: found_paths
-        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+        uses: dorny/paths-filter@v3
        with:
          filters: |
            i18n:
              - 'i18n/**'
            web:
              - 'web/**'
              - 'i18n/**'
@@ -56,8 +45,6 @@ jobs:
              - 'machine-learning/**'
            workflow:
              - '.github/workflows/test.yml'
            .github:
              - '.github/**'
      - name: Check if we should force jobs to run
        id: should_force
@@ -68,24 +55,18 @@ jobs:
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./server
    steps:
      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@v4
        with:
          node-version-file: './server/.nvmrc'
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
      - name: Run npm install
        run: npm ci
@@ -103,7 +84,7 @@ jobs:
        if: ${{ !cancelled() }}
      - name: Run small tests & coverage
-        run: npm test
+        run: npm run test:cov
        if: ${{ !cancelled() }}
  cli-unit-tests:
@@ -111,24 +92,18 @@ jobs:
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_cli == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./cli
    steps:
      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@v4
        with:
          node-version-file: './cli/.nvmrc'
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
      - name: Setup typescript-sdk
        run: npm ci && npm run build
@@ -150,7 +125,7 @@ jobs:
        if: ${{ !cancelled() }}
      - name: Run unit tests & coverage
-        run: npm run test
+        run: npm run test:cov
        if: ${{ !cancelled() }}
  cli-unit-tests-win:
@@ -158,24 +133,18 @@ jobs:
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_cli == 'true' }}
    runs-on: windows-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./cli
    steps:
      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@v4
        with:
          node-version-file: './cli/.nvmrc'
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
      - name: Setup typescript-sdk
        run: npm ci && npm run build
@@ -190,32 +159,26 @@ jobs:
        if: ${{ !cancelled() }}
      - name: Run unit tests & coverage
-        run: npm run test
+        run: npm run test:cov
        if: ${{ !cancelled() }}
-  web-lint:
+  web-unit-tests:
-    name: Lint Web
+    name: Test & Lint Web
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_web == 'true' }}
-    runs-on: mich
+    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./web
    steps:
      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@v4
        with:
          node-version-file: './web/.nvmrc'
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
      - name: Run setup typescript-sdk
        run: npm ci && npm run build
@@ -225,7 +188,7 @@ jobs:
        run: npm ci
      - name: Run linter
-        run: npm run lint:p
+        run: npm run lint
        if: ${{ !cancelled() }}
      - name: Run formatter
@@ -236,110 +199,31 @@ jobs:
        run: npm run check:svelte
        if: ${{ !cancelled() }}
  web-unit-tests:
    name: Test Web
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_web == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./web
    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './web/.nvmrc'
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
      - name: Run setup typescript-sdk
        run: npm ci && npm run build
        working-directory: ./open-api/typescript-sdk
      - name: Run npm install
        run: npm ci
      - name: Run tsc
        run: npm run check:typescript
        if: ${{ !cancelled() }}
      - name: Run unit tests & coverage
-        run: npm run test
+        run: npm run test:cov
        if: ${{ !cancelled() }}
  i18n-tests:
    name: Test i18n
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_i18n == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './web/.nvmrc'
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
      - name: Install dependencies
        run: npm --prefix=web ci
      - name: Format
        run: npm --prefix=web run format:i18n
      - name: Find file changes
        uses: tj-actions/verify-changed-files@a1c6acee9df209257a246f2cc6ae8cb6581c1edf # v20.0.4
        id: verify-changed-files
        with:
          files: |
            i18n/**
      - name: Verify files have not changed
        if: steps.verify-changed-files.outputs.files_changed == 'true'
        env:
          CHANGED_FILES: ${{ steps.verify-changed-files.outputs.changed_files }}
        run: |
          echo "ERROR: i18n files not up to date!"
          echo "Changed files: ${CHANGED_FILES}"
          exit 1
  e2e-tests-lint:
    name: End-to-End Lint
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_e2e == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./e2e
    steps:
      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@v4
        with:
          node-version-file: './e2e/.nvmrc'
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
      - name: Run setup typescript-sdk
        run: npm ci && npm run build
@@ -367,24 +251,18 @@ jobs:
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./server
    steps:
      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@v4
        with:
          node-version-file: './server/.nvmrc'
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
      - name: Run npm install
        run: npm ci
@@ -397,29 +275,21 @@ jobs:
    name: End-to-End Tests (Server & CLI)
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_e2e_server_cli == 'true' }}
-    runs-on: ${{ matrix.runner }}
+    runs-on: mich
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./e2e
    strategy:
      matrix:
        runner: [ubuntu-latest, ubuntu-24.04-arm]
    steps:
      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: 'recursive'
      - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@v4
        with:
          node-version-file: './e2e/.nvmrc'
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
      - name: Run setup typescript-sdk
        run: npm ci && npm run build
@@ -447,29 +317,21 @@ jobs:
    name: End-to-End Tests (Web)
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_e2e_web == 'true' }}
-    runs-on: ${{ matrix.runner }}
+    runs-on: mich
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./e2e
    strategy:
      matrix:
        runner: [ubuntu-latest, ubuntu-24.04-arm]
    steps:
      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: 'recursive'
      - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@v4
        with:
          node-version-file: './e2e/.nvmrc'
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
      - name: Run setup typescript-sdk
        run: npm ci && npm run build
@@ -481,7 +343,7 @@ jobs:
        if: ${{ !cancelled() }}
      - name: Install Playwright Browsers
-        run: npx playwright install chromium --only-shell
+        run: npx playwright install --with-deps chromium
        if: ${{ !cancelled() }}
      - name: Docker build
@@ -492,39 +354,18 @@ jobs:
        run: npx playwright test
        if: ${{ !cancelled() }}
  success-check-e2e:
    name: End-to-End Tests Success
    needs: [e2e-tests-server-cli, e2e-tests-web]
    permissions: {}
    runs-on: ubuntu-latest
    if: always()
    steps:
      - uses: immich-app/devtools/actions/success-check@68f10eb389bb02a3cf9d1156111964c549eb421b # 0.0.4
        with:
          needs: ${{ toJSON(needs) }}
  mobile-unit-tests:
    name: Unit Test Mobile
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_mobile == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Setup Flutter SDK
-        uses: subosito/flutter-action@fd55f4c5af5b953cc57a2be44cb082c8f6635e8e # v2.21.0
+        uses: subosito/flutter-action@v2
        with:
          channel: 'stable'
          flutter-version-file: ./mobile/pubspec.yaml
      - name: Generate translation file
        run: make translation
        working-directory: ./mobile
      - name: Run tests
        working-directory: ./mobile
        run: flutter test -j 1
@@ -534,105 +375,57 @@ jobs:
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_ml == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./machine-learning
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
      - name: Install poetry
        run: pipx install poetry
      - uses: actions/setup-python@v5
        with:
-          persist-credentials: false
+          python-version: 3.11
-
+          cache: 'poetry'
      - name: Install uv
        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2
      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        # TODO: add caching when supported (https://github.com/actions/setup-python/pull/818)
        # with:
        #   python-version: 3.11
        #   cache: 'uv'
      - name: Install dependencies
        run: |
-          uv sync --extra cpu
+          poetry install --with dev --with cpu
      - name: Lint with ruff
        run: |
-          uv run ruff check --output-format=github immich_ml
+          poetry run ruff check --output-format=github app export
      - name: Check black formatting
        run: |
-          uv run black --check immich_ml
+          poetry run black --check app export
      - name: Run mypy type checking
        run: |
-          uv run mypy --strict immich_ml/
+          poetry run mypy --install-types --non-interactive --strict app/
      - name: Run tests and coverage
        run: |
-          uv run pytest --cov=immich_ml --cov-report term-missing
+          poetry run pytest app --cov=app --cov-report term-missing
  github-files-formatting:
    name: .github Files Formatting
    needs: pre-job
    if: ${{ needs.pre-job.outputs['should_run_.github'] == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./.github
    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './.github/.nvmrc'
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
      - name: Run npm install
        run: npm ci
      - name: Run formatter
        run: npm run format
        if: ${{ !cancelled() }}
  shellcheck:
    name: ShellCheck
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Run ShellCheck
-        uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0
+        uses: ludeeus/action-shellcheck@master
        with:
          ignore_paths: >-
            **/open-api/**
-            **/openapi**
+            **/openapi/**
            **/node_modules/**
  generated-api-up-to-date:
    name: OpenAPI Clients
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@v4
        with:
          node-version-file: './server/.nvmrc'
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
      - name: Install server dependencies
        run: npm --prefix=server ci
@@ -644,7 +437,7 @@ jobs:
        run: make open-api
      - name: Find file changes
-        uses: tj-actions/verify-changed-files@a1c6acee9df209257a246f2cc6ae8cb6581c1edf # v20.0.4
+        uses: tj-actions/verify-changed-files@v20
        id: verify-changed-files
        with:
          files: |
@@ -654,21 +447,17 @@ jobs:
      - name: Verify files have not changed
        if: steps.verify-changed-files.outputs.files_changed == 'true'
        env:
          CHANGED_FILES: ${{ steps.verify-changed-files.outputs.changed_files }}
        run: |
          echo "ERROR: Generated files not up to date!"
-          echo "Changed files: ${CHANGED_FILES}"
+          echo "Changed files: ${{ steps.verify-changed-files.outputs.changed_files }}"
          exit 1
-  sql-schema-up-to-date:
+  generated-typeorm-migrations-up-to-date:
-    name: SQL Schema Checks
+    name: TypeORM Checks
    runs-on: ubuntu-latest
    permissions:
      contents: read
    services:
      postgres:
-        image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3@sha256:ec713143dca1a426eba2e03707c319e2ec3cc9d304ef767f777f8e297dee820c
+        image: tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
        env:
          POSTGRES_PASSWORD: postgres
          POSTGRES_USER: postgres
@@ -686,16 +475,12 @@ jobs:
    steps:
      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@v4
        with:
          node-version-file: './server/.nvmrc'
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
      - name: Install server dependencies
        run: npm ci
@@ -704,29 +489,27 @@ jobs:
        run: npm run build
      - name: Run existing migrations
-        run: npm run migrations:run
+        run: npm run typeorm:migrations:run
      - name: Test npm run schema:reset command works
-        run: npm run schema:reset
+        run: npm run typeorm:schema:reset
      - name: Generate new migrations
        continue-on-error: true
-        run: npm run migrations:generate src/TestMigration
+        run: npm run typeorm:migrations:generate ./src/migrations/TestMigration
      - name: Find file changes
-        uses: tj-actions/verify-changed-files@a1c6acee9df209257a246f2cc6ae8cb6581c1edf # v20.0.4
+        uses: tj-actions/verify-changed-files@v20
        id: verify-changed-files
        with:
          files: |
-            server/src
+            server/src/migrations/
      - name: Verify migration files have not changed
        if: steps.verify-changed-files.outputs.files_changed == 'true'
        env:
          CHANGED_FILES: ${{ steps.verify-changed-files.outputs.changed_files }}
        run: |
          echo "ERROR: Generated migration files not up to date!"
-          echo "Changed files: ${CHANGED_FILES}"
+          echo "Changed files: ${{ steps.verify-changed-files.outputs.changed_files }}"
-          cat ./src/*-TestMigration.ts
+          cat ./src/migrations/*-TestMigration.ts
          exit 1
      - name: Run SQL generation
@@ -735,7 +518,7 @@ jobs:
          DB_URL: postgres://postgres:postgres@localhost:5432/immich
      - name: Find file changes
-        uses: tj-actions/verify-changed-files@a1c6acee9df209257a246f2cc6ae8cb6581c1edf # v20.0.4
+        uses: tj-actions/verify-changed-files@v20
        id: verify-changed-sql-files
        with:
          files: |
@@ -743,12 +526,9 @@ jobs:
      - name: Verify SQL files have not changed
        if: steps.verify-changed-sql-files.outputs.files_changed == 'true'
        env:
          CHANGED_FILES: ${{ steps.verify-changed-sql-files.outputs.changed_files }}
        run: |
          echo "ERROR: Generated SQL files not up to date!"
-          echo "Changed files: ${CHANGED_FILES}"
+          echo "Changed files: ${{ steps.verify-changed-sql-files.outputs.changed_files }}"
          git diff
          exit 1
  # mobile-integration-tests:
--- a/.github/workflows/weblate-lock.yml
+++ b/.github/workflows/weblate-lock.yml
@@ -1,57 +0,0 @@
 name: Weblate checks
 on:
  pull_request:
    branches: [main]
 permissions: {}
 jobs:
  pre-job:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    outputs:
      should_run: ${{ steps.found_paths.outputs.i18n == 'true' && github.head_ref != 'chore/translations'}}
    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - id: found_paths
        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        with:
          filters: |
            i18n:
              - 'i18n/!(en)**\.json'
  enforce-lock:
    name: Check Weblate Lock
    needs: [pre-job]
    runs-on: ubuntu-latest
    permissions: {}
    if: ${{ needs.pre-job.outputs.should_run == 'true' }}
    steps:
      - name: Check weblate lock
        run: |
          if [[ "false" = $(curl https://hosted.weblate.org/api/components/immich/immich/lock/ | jq .locked) ]]; then
            exit 1
          fi
      - name: Find Pull Request
        uses: juliangruber/find-pull-request-action@952b3bb1ddb2dcc0aa3479e98bb1c2d1a922f096 # v1.10.0
        id: find-pr
        with:
          branch: chore/translations
      - name: Fail if existing weblate PR
        if: ${{ steps.find-pr.outputs.number }}
        run: exit 1
  success-check-lock:
    name: Weblate Lock Check Success
    needs: [enforce-lock]
    runs-on: ubuntu-latest
    permissions: {}
    if: always()
    steps:
      - uses: immich-app/devtools/actions/success-check@68f10eb389bb02a3cf9d1156111964c549eb421b # 0.0.4
        with:
          needs: ${{ toJSON(needs) }}
--- a/.gitignore
+++ b/.gitignore
@@ -3,7 +3,6 @@
 .DS_Store
 .vscode/*
 !.vscode/launch.json
 !.vscode/extensions.json
 .idea
 docker/upload
@@ -24,4 +23,3 @@ mobile/android/fastlane/report.xml
 mobile/ios/fastlane/report.xml
 vite.config.js.timestamp-*
 .pnpm-store
--- a/.vscode/extensions.json
+++ b/.vscode/extensions.json
@@ -1,10 +0,0 @@
 {
  "recommendations": [
    "esbenp.prettier-vscode",
    "svelte.svelte-vscode",
    "dbaeumer.vscode-eslint",
    "dart-code.flutter",
    "dart-code.dart-code",
    "dcmdev.dcm-vscode-extension"
  ]
 }
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -7,7 +7,7 @@
      "restart": true,
      "port": 9231,
      "name": "Immich API Server",
-      "remoteRoot": "/usr/src/app/server",
+      "remoteRoot": "/usr/src/app",
      "localRoot": "${workspaceFolder}/server"
    },
    {
@@ -16,7 +16,7 @@
      "restart": true,
      "port": 9230,
      "name": "Immich Workers",
-      "remoteRoot": "/usr/src/app/server",
+      "remoteRoot": "/usr/src/app",
      "localRoot": "${workspaceFolder}/server"
    }
  ]
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -1,63 +1,44 @@
 {
  "editor.formatOnSave": true,
  "[javascript]": {
    "editor.defaultFormatter": "esbenp.prettier-vscode",
    "editor.tabSize": 2,
    "editor.formatOnSave": true
  },
  "[typescript]": {
    "editor.defaultFormatter": "esbenp.prettier-vscode",
    "editor.tabSize": 2,
    "editor.formatOnSave": true
  },
  "[css]": {
    "editor.defaultFormatter": "esbenp.prettier-vscode",
-    "editor.formatOnSave": true,
+    "editor.tabSize": 2,
    "editor.formatOnSave": true
  },
  "[svelte]": {
    "editor.defaultFormatter": "svelte.svelte-vscode",
    "editor.tabSize": 2
  },
  "svelte.enable-ts-plugin": true,
  "eslint.validate": [
    "javascript",
    "svelte"
  ],
  "typescript.preferences.importModuleSpecifier": "non-relative",
  "[dart]": {
    "editor.defaultFormatter": "Dart-Code.dart-code",
    "editor.formatOnSave": true,
    "editor.selectionHighlight": false,
    "editor.suggest.snippetsPreventQuickSuggestions": false,
    "editor.suggestSelection": "first",
    "editor.tabCompletion": "onlySnippets",
-    "editor.wordBasedSuggestions": "off"
+    "editor.wordBasedSuggestions": "off",
    "editor.defaultFormatter": "Dart-Code.dart-code"
  },
-  "[javascript]": {
+  "cSpell.words": [
-    "editor.codeActionsOnSave": {
+    "immich"
-      "source.organizeImports": "explicit",
+  ],
      "source.removeUnusedImports": "explicit"
    },
    "editor.defaultFormatter": "esbenp.prettier-vscode",
    "editor.formatOnSave": true,
    "editor.tabSize": 2
  },
  "[json]": {
    "editor.defaultFormatter": "esbenp.prettier-vscode",
    "editor.formatOnSave": true,
    "editor.tabSize": 2
  },
  "[jsonc]": {
    "editor.defaultFormatter": "esbenp.prettier-vscode",
    "editor.formatOnSave": true,
    "editor.tabSize": 2
  },
  "[svelte]": {
    "editor.codeActionsOnSave": {
      "source.organizeImports": "explicit",
      "source.removeUnusedImports": "explicit"
    },
    "editor.defaultFormatter": "svelte.svelte-vscode",
    "editor.formatOnSave": true,
    "editor.tabSize": 2
  },
  "[typescript]": {
    "editor.codeActionsOnSave": {
      "source.organizeImports": "explicit",
      "source.removeUnusedImports": "explicit"
    },
    "editor.defaultFormatter": "esbenp.prettier-vscode",
    "editor.formatOnSave": true,
    "editor.tabSize": 2
  },
  "cSpell.words": ["immich"],
  "editor.formatOnSave": true,
  "eslint.validate": ["javascript", "svelte"],
  "explorer.fileNesting.enabled": true,
  "explorer.fileNesting.patterns": {
    "*.dart": "${capture}.g.dart,${capture}.gr.dart,${capture}.drift.dart",
    "*.ts": "${capture}.spec.ts,${capture}.mock.ts"
-  },
+  }
-  "svelte.enable-ts-plugin": true,
+}
  "typescript.preferences.importModuleSpecifier": "non-relative"
 }
--- a/.vscode/tasks.json
+++ b/.vscode/tasks.json
@@ -1,72 +0,0 @@
 {
  "version": "2.0.0",
  "tasks": [
    {
      "label": "Fix Permissions, Install Dependencies",
      "type": "shell",
      "command": "[ -f /immich-devcontainer/container-start.sh ] && /immich-devcontainer/container-start.sh || exit 0",
      "presentation": {
        "echo": true,
        "reveal": "always",
        "focus": false,
        "panel": "dedicated",
        "showReuseMessage": true,
        "clear": false,
        "group": "Devcontainer tasks",
        "close": true
      },
      "runOptions": {
        "runOn": "default"
      },
      "problemMatcher": []
    },
    {
      "label": "Immich API Server (Nest)",
      "dependsOn": ["Fix Permissions, Install Dependencies"],
      "type": "shell",
      "command": "[ -f /immich-devcontainer/container-start-backend.sh ] && /immich-devcontainer/container-start-backend.sh || exit 0",
      "presentation": {
        "echo": true,
        "reveal": "always",
        "focus": false,
        "panel": "dedicated",
        "showReuseMessage": true,
        "clear": false,
        "group": "Devcontainer tasks",
        "close": true
      },
      "runOptions": {
        "runOn": "default"
      },
      "problemMatcher": []
    },
    {
      "label": "Immich Web Server (Vite)",
      "dependsOn": ["Fix Permissions, Install Dependencies"],
      "type": "shell",
      "command": "[ -f /immich-devcontainer/container-start-frontend.sh ] && /immich-devcontainer/container-start-frontend.sh || exit 0",
      "presentation": {
        "echo": true,
        "reveal": "always",
        "focus": false,
        "panel": "dedicated",
        "showReuseMessage": true,
        "clear": false,
        "group": "Devcontainer tasks",
        "close": true
      },
      "runOptions": {
        "runOn": "default"
      },
      "problemMatcher": []
    },
    {
      "label": "Immich Server and Web",
      "dependsOn": ["Immich Web Server (Vite)", "Immich API Server (Nest)"],
      "runOptions": {
        "runOn": "folderOpen"
      },
      "problemMatcher": []
    }
  ]
 }
--- a/43
+++ b/43
@@ -1,33 +1,24 @@
 dev:
-	@trap 'make dev-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.dev.yml up --remove-orphans
+	docker compose -f ./docker/docker-compose.dev.yml up --remove-orphans || make dev-down
 dev-down:
 	docker compose -f ./docker/docker-compose.dev.yml down --remove-orphans
 dev-update:
-	@trap 'make dev-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.dev.yml up --build -V --remove-orphans
+	docker compose -f ./docker/docker-compose.dev.yml up --build -V --remove-orphans
 dev-scale:
-	@trap 'make dev-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.dev.yml up --build -V  --scale immich-server=3 --remove-orphans
+	docker compose -f ./docker/docker-compose.dev.yml up --build -V  --scale immich-server=3 --remove-orphans
 .PHONY: e2e
 e2e:
-	@trap 'make e2e-down' EXIT; COMPOSE_BAKE=true docker compose -f ./e2e/docker-compose.yml up --build -V --remove-orphans
+	docker compose -f ./e2e/docker-compose.yml up --build -V --remove-orphans
 e2e-update:
 	@trap 'make e2e-down' EXIT; COMPOSE_BAKE=true docker compose -f ./e2e/docker-compose.yml up --build -V --remove-orphans
 e2e-down:
 	docker compose -f ./e2e/docker-compose.yml down --remove-orphans
 prod:
-	@trap 'make prod-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.prod.yml up --build -V --remove-orphans
+	docker compose -f ./docker/docker-compose.prod.yml up --build -V --remove-orphans
 prod-down:
 	docker compose -f ./docker/docker-compose.prod.yml down --remove-orphans
 prod-scale:
-	@trap 'make prod-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.prod.yml up --build -V --scale immich-server=3 --scale immich-microservices=3 --remove-orphans
+	docker compose -f ./docker/docker-compose.prod.yml up --build -V --scale immich-server=3 --scale immich-microservices=3 --remove-orphans
 .PHONY: open-api
 open-api:
@@ -48,14 +39,12 @@ attach-server:
 renovate:
  LOG_LEVEL=debug npx renovate --platform=local --repository-cache=reset
-MODULES = e2e server web cli sdk docs .github
+MODULES = e2e server web cli sdk docs
 audit-%:
 	npm --prefix $(subst sdk,open-api/typescript-sdk,$*) audit fix
 install-%:
 	npm --prefix $(subst sdk,open-api/typescript-sdk,$*) i
 ci-%:
 	npm --prefix $(subst sdk,open-api/typescript-sdk,$*) ci
 build-cli: build-sdk
 build-web: build-sdk
 build-%: install-%
@@ -88,23 +77,19 @@ test-medium:
 test-medium-dev:
 	docker exec -it immich_server /bin/sh -c "npm run test:medium"
-build-all: $(foreach M,$(filter-out e2e .github,$(MODULES)),build-$M) ;
+build-all: $(foreach M,$(filter-out e2e,$(MODULES)),build-$M) ;
 install-all: $(foreach M,$(MODULES),install-$M) ;
-ci-all: $(foreach M,$(filter-out .github,$(MODULES)),ci-$M) ;
+check-all: $(foreach M,$(filter-out sdk cli docs,$(MODULES)),check-$M) ;
-check-all: $(foreach M,$(filter-out sdk cli docs .github,$(MODULES)),check-$M) ;
+lint-all: $(foreach M,$(filter-out sdk docs,$(MODULES)),lint-$M) ;
 lint-all: $(foreach M,$(filter-out sdk docs .github,$(MODULES)),lint-$M) ;
 format-all: $(foreach M,$(filter-out sdk,$(MODULES)),format-$M) ;
 audit-all:  $(foreach M,$(MODULES),audit-$M) ;
 hygiene-all: lint-all format-all check-all sql audit-all;
-test-all: $(foreach M,$(filter-out sdk docs .github,$(MODULES)),test-$M) ;
+test-all: $(foreach M,$(filter-out sdk docs,$(MODULES)),test-$M) ;
 clean:
-	find . -name "node_modules" -type d -prune -exec rm -rf {} +
+	find . -name "node_modules" -type d -prune -exec rm -rf '{}' +
 	find . -name "dist" -type d -prune -exec rm -rf '{}' +
 	find . -name "build" -type d -prune -exec rm -rf '{}' +
 	find . -name "svelte-kit" -type d -prune -exec rm -rf '{}' +
-	command -v docker >/dev/null 2>&1 && docker compose -f ./docker/docker-compose.dev.yml rm -v -f || true
+	docker compose -f ./docker/docker-compose.dev.yml rm -v -f || true
-	command -v docker >/dev/null 2>&1 && docker compose -f ./e2e/docker-compose.yml rm -v -f || true
+	docker compose -f ./e2e/docker-compose.yml rm -v -f || true
 setup-server-dev: install-server
 setup-web-dev: install-sdk build-sdk install-web
--- a/README.md
+++ b/README.md
@@ -1,11 +1,11 @@
 <p align="center"> 
-  <br/>
+  <br/>  
  <a href="https://opensource.org/license/agpl-v3"><img src="https://img.shields.io/badge/License-AGPL_v3-blue.svg?color=3F51B5&style=for-the-badge&label=License&logoColor=000000&labelColor=ececec" alt="License: AGPLv3"></a>
  <a href="https://discord.immich.app">
    <img src="https://img.shields.io/discord/979116623879368755.svg?label=Discord&logo=Discord&style=for-the-badge&logoColor=000000&labelColor=ececec" alt="Discord"/>
  </a>
-  <br/>
+  <br/>  
-  <br/>
+  <br/>   
 </p>
 <p align="center">
@@ -61,7 +61,9 @@
 ## Demo
-Access the demo [here](https://demo.immich.app). For the mobile app, you can use `https://demo.immich.app` for the `Server Endpoint URL`.
+Access the demo [here](https://demo.immich.app). The demo is running on a Free-tier Oracle VM in Amsterdam with a 2.4Ghz quad-core ARM64 CPU and 24GB RAM.
 For the mobile app, you can use `https://demo.immich.app/api` for the `Server Endpoint URL`
 ### Login credentials
@@ -102,7 +104,7 @@ Access the demo [here](https://demo.immich.app). For the mobile app, you can use
 | Read-only gallery                            | Yes    | Yes |
 | Stacked Photos                               | Yes    | Yes |
 | Tags                                         | No     | Yes |
-| Folder View                                  | Yes    | Yes |
+| Folder View                                  | No     | Yes |
 ## Translations
--- a/cli/.nvmrc
+++ b/cli/.nvmrc
@@ -1 +1 @@
-22.17.1
+22.14.0
--- a/cli/Dockerfile
+++ b/cli/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:22.16.0-alpine3.20@sha256:2289fb1fba0f4633b08ec47b94a89c7e20b829fc5679f9b7b298eaa2f1ed8b7e AS core
+FROM node:22.13.1-alpine3.20@sha256:c52e20859a92b3eccbd3a36c5e1a90adc20617d8d421d65e8a622e87b5dac963 AS core
 WORKDIR /usr/src/open-api/typescript-sdk
 COPY open-api/typescript-sdk/package*.json open-api/typescript-sdk/tsconfig*.json ./
--- a/cli/bin/immich
+++ b/cli/bin/immich
@@ -1,2 +0,0 @@
 #!/usr/bin/env node
 import '../dist/index.js';
--- a/cli/eslint.config.mjs
+++ b/cli/eslint.config.mjs
@@ -1,29 +1,39 @@
 import { FlatCompat } from '@eslint/eslintrc';
 import js from '@eslint/js';
-import eslintPluginPrettierRecommended from 'eslint-plugin-prettier/recommended';
+import typescriptEslint from '@typescript-eslint/eslint-plugin';
-import eslintPluginUnicorn from 'eslint-plugin-unicorn';
+import tsParser from '@typescript-eslint/parser';
 import globals from 'globals';
 import path from 'node:path';
 import { fileURLToPath } from 'node:url';
 import typescriptEslint from 'typescript-eslint';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 const compat = new FlatCompat({
  baseDirectory: __dirname,
  recommendedConfig: js.configs.recommended,
  allConfig: js.configs.all,
 });
-export default typescriptEslint.config([
+export default [
  eslintPluginUnicorn.configs.recommended,
  eslintPluginPrettierRecommended,
  js.configs.recommended,
  typescriptEslint.configs.recommended,
  {
    ignores: ['eslint.config.mjs', 'dist'],
  },
  ...compat.extends(
    'plugin:@typescript-eslint/recommended',
    'plugin:prettier/recommended',
    'plugin:unicorn/recommended',
  ),
  {
    plugins: {
      '@typescript-eslint': typescriptEslint,
    },
    languageOptions: {
      globals: {
        ...globals.node,
      },
-      parser: typescriptEslint.parser,
+      parser: tsParser,
      ecmaVersion: 5,
      sourceType: 'module',
@@ -48,4 +58,4 @@ export default typescriptEslint.config([
      'object-shorthand': ['error', 'always'],
    },
  },
-]);
+];
--- a/cli/package-lock.json
+++ b/cli/package-lock.json
--- a/cli/package.json
+++ b/cli/package.json
@@ -1,11 +1,11 @@
 {
  "name": "@immich/cli",
-  "version": "2.2.76",
+  "version": "2.2.51",
  "description": "Command Line Interface (CLI) for Immich",
  "type": "module",
  "exports": "./dist/index.js",
  "bin": {
-    "immich": "./bin/immich"
+    "immich": "dist/index.js"
  },
  "license": "GNU Affero General Public License version 3",
  "keywords": [
@@ -19,24 +19,24 @@
    "@types/byte-size": "^8.1.0",
    "@types/cli-progress": "^3.11.0",
    "@types/lodash-es": "^4.17.12",
    "@types/micromatch": "^4.0.9",
    "@types/mock-fs": "^4.13.1",
-    "@types/node": "^22.16.5",
+    "@types/node": "^22.13.4",
    "@typescript-eslint/eslint-plugin": "^8.15.0",
    "@typescript-eslint/parser": "^8.15.0",
    "@vitest/coverage-v8": "^3.0.0",
    "byte-size": "^9.0.0",
    "cli-progress": "^3.12.0",
    "commander": "^12.0.0",
    "eslint": "^9.14.0",
-    "eslint-config-prettier": "^10.1.8",
+    "eslint-config-prettier": "^10.0.0",
    "eslint-plugin-prettier": "^5.1.3",
-    "eslint-plugin-unicorn": "^59.0.0",
+    "eslint-plugin-unicorn": "^56.0.1",
-    "globals": "^16.0.0",
+    "globals": "^15.9.0",
    "mock-fs": "^5.2.0",
    "prettier": "^3.2.5",
    "prettier-plugin-organize-imports": "^4.0.0",
    "typescript": "^5.3.3",
-    "typescript-eslint": "^8.28.0",
+    "vite": "^6.0.0",
    "vite": "^7.0.0",
    "vite-tsconfig-paths": "^5.0.0",
    "vitest": "^3.0.0",
    "vitest-fetch-mock": "^0.4.0",
@@ -62,13 +62,11 @@
    "node": ">=20.0.0"
  },
  "dependencies": {
    "chokidar": "^4.0.3",
    "fast-glob": "^3.3.2",
    "fastq": "^1.17.1",
-    "lodash-es": "^4.17.21",
+    "lodash-es": "^4.17.21"
    "micromatch": "^4.0.8"
  },
  "volta": {
-    "node": "22.17.1"
+    "node": "22.14.0"
  }
 }
--- a/cli/src/commands/asset.spec.ts
+++ b/cli/src/commands/asset.spec.ts
@@ -1,13 +1,12 @@
 import * as fs from 'node:fs';
 import * as os from 'node:os';
 import * as path from 'node:path';
-import { setTimeout as sleep } from 'node:timers/promises';
+import { describe, expect, it, vi } from 'vitest';
 import { describe, expect, it, MockedFunction, vi } from 'vitest';
-import { Action, checkBulkUpload, defaults, getSupportedMediaTypes, Reason } from '@immich/sdk';
+import { Action, checkBulkUpload, defaults, Reason } from '@immich/sdk';
 import createFetchMock from 'vitest-fetch-mock';
-import { checkForDuplicates, getAlbumName, startWatch, uploadFiles, UploadOptionsDto } from 'src/commands/asset';
+import { checkForDuplicates, getAlbumName, uploadFiles, UploadOptionsDto } from './asset';
 vi.mock('@immich/sdk');
@@ -200,112 +199,3 @@ describe('checkForDuplicates', () => {
    });
  });
 });
 describe('startWatch', () => {
  let testFolder: string;
  let checkBulkUploadMocked: MockedFunction<typeof checkBulkUpload>;
  beforeEach(async () => {
    vi.restoreAllMocks();
    vi.mocked(getSupportedMediaTypes).mockResolvedValue({
      image: ['.jpg'],
      sidecar: ['.xmp'],
      video: ['.mp4'],
    });
    testFolder = await fs.promises.mkdtemp(path.join(os.tmpdir(), 'test-startWatch-'));
    checkBulkUploadMocked = vi.mocked(checkBulkUpload);
    checkBulkUploadMocked.mockResolvedValue({
      results: [],
    });
  });
  it('should start watching a directory and upload new files', async () => {
    const testFilePath = path.join(testFolder, 'test.jpg');
    await startWatch([testFolder], { concurrency: 1 }, { batchSize: 1, debounceTimeMs: 10 });
    await sleep(100); // to debounce the watcher from considering the test file as a existing file
    await fs.promises.writeFile(testFilePath, 'testjpg');
    await vi.waitUntil(() => checkBulkUploadMocked.mock.calls.length > 0, 3000);
    expect(checkBulkUpload).toHaveBeenCalledWith({
      assetBulkUploadCheckDto: {
        assets: [
          expect.objectContaining({
            id: testFilePath,
          }),
        ],
      },
    });
  });
  it('should filter out unsupported files', async () => {
    const testFilePath = path.join(testFolder, 'test.jpg');
    const unsupportedFilePath = path.join(testFolder, 'test.txt');
    await startWatch([testFolder], { concurrency: 1 }, { batchSize: 1, debounceTimeMs: 10 });
    await sleep(100); // to debounce the watcher from considering the test file as a existing file
    await fs.promises.writeFile(testFilePath, 'testjpg');
    await fs.promises.writeFile(unsupportedFilePath, 'testtxt');
    await vi.waitUntil(() => checkBulkUploadMocked.mock.calls.length > 0, 3000);
    expect(checkBulkUpload).toHaveBeenCalledWith({
      assetBulkUploadCheckDto: {
        assets: expect.arrayContaining([
          expect.objectContaining({
            id: testFilePath,
          }),
        ]),
      },
    });
    expect(checkBulkUpload).not.toHaveBeenCalledWith({
      assetBulkUploadCheckDto: {
        assets: expect.arrayContaining([
          expect.objectContaining({
            id: unsupportedFilePath,
          }),
        ]),
      },
    });
  });
  it('should filger out ignored patterns', async () => {
    const testFilePath = path.join(testFolder, 'test.jpg');
    const ignoredPattern = 'ignored';
    const ignoredFolder = path.join(testFolder, ignoredPattern);
    await fs.promises.mkdir(ignoredFolder, { recursive: true });
    const ignoredFilePath = path.join(ignoredFolder, 'ignored.jpg');
    await startWatch([testFolder], { concurrency: 1, ignore: ignoredPattern }, { batchSize: 1, debounceTimeMs: 10 });
    await sleep(100); // to debounce the watcher from considering the test file as a existing file
    await fs.promises.writeFile(testFilePath, 'testjpg');
    await fs.promises.writeFile(ignoredFilePath, 'ignoredjpg');
    await vi.waitUntil(() => checkBulkUploadMocked.mock.calls.length > 0, 3000);
    expect(checkBulkUpload).toHaveBeenCalledWith({
      assetBulkUploadCheckDto: {
        assets: expect.arrayContaining([
          expect.objectContaining({
            id: testFilePath,
          }),
        ]),
      },
    });
    expect(checkBulkUpload).not.toHaveBeenCalledWith({
      assetBulkUploadCheckDto: {
        assets: expect.arrayContaining([
          expect.objectContaining({
            id: ignoredFilePath,
          }),
        ]),
      },
    });
  });
  afterEach(async () => {
    await fs.promises.rm(testFolder, { recursive: true, force: true });
  });
 });
--- a/cli/src/commands/asset.ts
+++ b/cli/src/commands/asset.ts
@@ -12,18 +12,13 @@ import {
  getSupportedMediaTypes,
 } from '@immich/sdk';
 import byteSize from 'byte-size';
 import { Matcher, watch as watchFs } from 'chokidar';
 import { MultiBar, Presets, SingleBar } from 'cli-progress';
 import { chunk } from 'lodash-es';
 import micromatch from 'micromatch';
 import { Stats, createReadStream } from 'node:fs';
 import { stat, unlink } from 'node:fs/promises';
 import path, { basename } from 'node:path';
 import { Queue } from 'src/queue';
-import { BaseOptions, Batcher, authenticate, crawl, sha1 } from 'src/utils';
+import { BaseOptions, authenticate, crawl, sha1 } from 'src/utils';
 const UPLOAD_WATCH_BATCH_SIZE = 100;
 const UPLOAD_WATCH_DEBOUNCE_TIME_MS = 10_000;
 const s = (count: number) => (count === 1 ? '' : 's');
@@ -41,9 +36,6 @@ export interface UploadOptionsDto {
  albumName?: string;
  includeHidden?: boolean;
  concurrency: number;
  progress?: boolean;
  watch?: boolean;
  jsonOutput?: boolean;
 }
 class UploadFile extends File {
@@ -63,100 +55,19 @@ class UploadFile extends File {
  }
 }
 const uploadBatch = async (files: string[], options: UploadOptionsDto) => {
  const { newFiles, duplicates } = await checkForDuplicates(files, options);
  const newAssets = await uploadFiles(newFiles, options);
  if (options.jsonOutput) {
    console.log(JSON.stringify({ newFiles, duplicates, newAssets }, undefined, 4));
  }
  await updateAlbums([...newAssets, ...duplicates], options);
  await deleteFiles(
    newAssets.map(({ filepath }) => filepath),
    options,
  );
 };
 export const startWatch = async (
  paths: string[],
  options: UploadOptionsDto,
  {
    batchSize = UPLOAD_WATCH_BATCH_SIZE,
    debounceTimeMs = UPLOAD_WATCH_DEBOUNCE_TIME_MS,
  }: { batchSize?: number; debounceTimeMs?: number } = {},
 ) => {
  const watcherIgnored: Matcher[] = [];
  const { image, video } = await getSupportedMediaTypes();
  const extensions = new Set([...image, ...video]);
  if (options.ignore) {
    watcherIgnored.push((path) => micromatch.contains(path, `**/${options.ignore}`));
  }
  const pathsBatcher = new Batcher<string>({
    batchSize,
    debounceTimeMs,
    onBatch: async (paths: string[]) => {
      const uniquePaths = [...new Set(paths)];
      await uploadBatch(uniquePaths, options);
    },
  });
  const onFile = async (path: string, stats?: Stats) => {
    if (stats?.isDirectory()) {
      return;
    }
    const ext = '.' + path.split('.').pop()?.toLowerCase();
    if (!ext || !extensions.has(ext)) {
      return;
    }
    if (!options.progress) {
      // logging when progress is disabled as it can cause issues with the progress bar rendering
      console.log(`Change detected: ${path}`);
    }
    pathsBatcher.add(path);
  };
  const fsWatcher = watchFs(paths, {
    ignoreInitial: true,
    ignored: watcherIgnored,
    alwaysStat: true,
    awaitWriteFinish: true,
    depth: options.recursive ? undefined : 1,
    persistent: true,
  })
    .on('add', onFile)
    .on('change', onFile)
    .on('error', (error) => console.error(`Watcher error: ${error}`));
  process.on('SIGINT', async () => {
    console.log('Exiting...');
    await fsWatcher.close();
    process.exit();
  });
 };
 export const upload = async (paths: string[], baseOptions: BaseOptions, options: UploadOptionsDto) => {
  await authenticate(baseOptions);
  const scanFiles = await scan(paths, options);
  if (scanFiles.length === 0) {
-    if (options.watch) {
+    console.log('No files found, exiting');
-      console.log('No files found initially.');
+    return;
    } else {
      console.log('No files found, exiting');
      return;
    }
  }
-  if (options.watch) {
+  const { newFiles, duplicates } = await checkForDuplicates(scanFiles, options);
-    console.log('Watching for changes...');
+  const newAssets = await uploadFiles(newFiles, options);
-    await startWatch(paths, options);
+  await updateAlbums([...newAssets, ...duplicates], options);
-    // watcher does not handle the initial scan
+  await deleteFiles(newFiles, options);
    // as the scan() is a more efficient quick start with batched results
  }
  await uploadBatch(scanFiles, options);
 };
 const scan = async (pathsToCrawl: string[], options: UploadOptionsDto) => {
@@ -174,25 +85,19 @@ const scan = async (pathsToCrawl: string[], options: UploadOptionsDto) => {
  return files;
 };
-export const checkForDuplicates = async (files: string[], { concurrency, skipHash, progress }: UploadOptionsDto) => {
+export const checkForDuplicates = async (files: string[], { concurrency, skipHash }: UploadOptionsDto) => {
  if (skipHash) {
    console.log('Skipping hash check, assuming all files are new');
    return { newFiles: files, duplicates: [] };
  }
-  let multiBar: MultiBar | undefined;
+  const multiBar = new MultiBar(
    { format: '{message} | {bar} | {percentage}% | ETA: {eta}s | {value}/{total} assets' },
    Presets.shades_classic,
  );
-  if (progress) {
+  const hashProgressBar = multiBar.create(files.length, 0, { message: 'Hashing files          ' });
-    multiBar = new MultiBar(
+  const checkProgressBar = multiBar.create(files.length, 0, { message: 'Checking for duplicates' });
      { format: '{message} | {bar} | {percentage}% | ETA: {eta}s | {value}/{total} assets' },
      Presets.shades_classic,
    );
  } else {
    console.log(`Received ${files.length} files, hashing...`);
  }
  const hashProgressBar = multiBar?.create(files.length, 0, { message: 'Hashing files          ' });
  const checkProgressBar = multiBar?.create(files.length, 0, { message: 'Checking for duplicates' });
  const newFiles: string[] = [];
  const duplicates: Asset[] = [];
@@ -212,7 +117,7 @@ export const checkForDuplicates = async (files: string[], { concurrency, skipHas
        }
      }
-      checkProgressBar?.increment(assets.length);
+      checkProgressBar.increment(assets.length);
    },
    { concurrency, retry: 3 },
  );
@@ -232,7 +137,7 @@ export const checkForDuplicates = async (files: string[], { concurrency, skipHas
        void checkBulkUploadQueue.push(batch);
      }
-      hashProgressBar?.increment();
+      hashProgressBar.increment();
      return results;
    },
    { concurrency, retry: 3 },
@@ -250,7 +155,7 @@ export const checkForDuplicates = async (files: string[], { concurrency, skipHas
  await checkBulkUploadQueue.drained();
-  multiBar?.stop();
+  multiBar.stop();
  console.log(`Found ${newFiles.length} new files and ${duplicates.length} duplicate${s(duplicates.length)}`);
@@ -266,10 +171,7 @@ export const checkForDuplicates = async (files: string[], { concurrency, skipHas
  return { newFiles, duplicates };
 };
-export const uploadFiles = async (
+export const uploadFiles = async (files: string[], { dryRun, concurrency }: UploadOptionsDto): Promise<Asset[]> => {
  files: string[],
  { dryRun, concurrency, progress }: UploadOptionsDto,
 ): Promise<Asset[]> => {
  if (files.length === 0) {
    console.log('All assets were already uploaded, nothing to do.');
    return [];
@@ -289,20 +191,12 @@ export const uploadFiles = async (
    return files.map((filepath) => ({ id: '', filepath }));
  }
-  let uploadProgress: SingleBar | undefined;
+  const uploadProgress = new SingleBar(
-
+    { format: 'Uploading assets | {bar} | {percentage}% | ETA: {eta_formatted} | {value_formatted}/{total_formatted}' },
-  if (progress) {
+    Presets.shades_classic,
-    uploadProgress = new SingleBar(
+  );
-      {
+  uploadProgress.start(totalSize, 0);
-        format: 'Uploading assets | {bar} | {percentage}% | ETA: {eta_formatted} | {value_formatted}/{total_formatted}',
+  uploadProgress.update({ value_formatted: 0, total_formatted: byteSize(totalSize) });
      },
      Presets.shades_classic,
    );
  } else {
    console.log(`Uploading ${files.length} asset${s(files.length)} (${byteSize(totalSize)})`);
  }
  uploadProgress?.start(totalSize, 0);
  uploadProgress?.update({ value_formatted: 0, total_formatted: byteSize(totalSize) });
  let duplicateCount = 0;
  let duplicateSize = 0;
@@ -328,7 +222,7 @@ export const uploadFiles = async (
        successSize += stats.size ?? 0;
      }
-      uploadProgress?.update(successSize, { value_formatted: byteSize(successSize + duplicateSize) });
+      uploadProgress.update(successSize, { value_formatted: byteSize(successSize + duplicateSize) });
      return response;
    },
@@ -341,7 +235,7 @@ export const uploadFiles = async (
  await queue.drained();
-  uploadProgress?.stop();
+  uploadProgress.stop();
  console.log(`Successfully uploaded ${successCount} new asset${s(successCount)} (${byteSize(successSize)})`);
  if (duplicateCount > 0) {
--- a/cli/src/index.ts
+++ b/cli/src/index.ts
@@ -68,19 +68,7 @@ program
      .env('IMMICH_UPLOAD_CONCURRENCY')
      .default(4),
  )
  .addOption(
    new Option('-j, --json-output', 'Output detailed information in json format')
      .env('IMMICH_JSON_OUTPUT')
      .default(false),
  )
  .addOption(new Option('--delete', 'Delete local assets after upload').env('IMMICH_DELETE_ASSETS'))
  .addOption(new Option('--no-progress', 'Hide progress bars').env('IMMICH_PROGRESS_BAR').default(true))
  .addOption(
    new Option('--watch', 'Watch for changes and upload automatically')
      .env('IMMICH_WATCH_CHANGES')
      .default(false)
      .implies({ progress: false }),
  )
  .argument('[paths...]', 'One or more paths to assets to be uploaded')
  .action((paths, options) => upload(paths, program.opts(), options));
--- a/cli/src/utils.spec.ts
+++ b/cli/src/utils.spec.ts
@@ -1,7 +1,6 @@
 import mockfs from 'mock-fs';
 import { readFileSync } from 'node:fs';
-import { Batcher, CrawlOptions, crawl } from 'src/utils';
+import { CrawlOptions, crawl } from 'src/utils';
 import { Mock } from 'vitest';
 interface Test {
  test: string;
@@ -304,38 +303,3 @@ describe('crawl', () => {
    }
  });
 });
 describe('Batcher', () => {
  let batcher: Batcher;
  let onBatch: Mock;
  beforeEach(() => {
    onBatch = vi.fn();
    batcher = new Batcher({ batchSize: 2, onBatch });
  });
  it('should trigger onBatch() when a batch limit is reached', async () => {
    batcher.add('a');
    batcher.add('b');
    batcher.add('c');
    expect(onBatch).toHaveBeenCalledOnce();
    expect(onBatch).toHaveBeenCalledWith(['a', 'b']);
  });
  it('should trigger onBatch() when flush() is called', async () => {
    batcher.add('a');
    batcher.flush();
    expect(onBatch).toHaveBeenCalledOnce();
    expect(onBatch).toHaveBeenCalledWith(['a']);
  });
  it('should trigger onBatch() when debounce time reached', async () => {
    vi.useFakeTimers();
    batcher = new Batcher({ batchSize: 2, debounceTimeMs: 100, onBatch });
    batcher.add('a');
    expect(onBatch).not.toHaveBeenCalled();
    vi.advanceTimersByTime(200);
    expect(onBatch).toHaveBeenCalledOnce();
    expect(onBatch).toHaveBeenCalledWith(['a']);
    vi.useRealTimers();
  });
 });
--- a/cli/src/utils.ts
+++ b/cli/src/utils.ts
@@ -172,64 +172,3 @@ export const sha1 = (filepath: string) => {
    rs.on('end', () => resolve(hash.digest('hex')));
  });
 };
 /**
 * Batches items and calls onBatch to process them
 * when the batch size is reached or the debounce time has passed.
 */
 export class Batcher<T = unknown> {
  private items: T[] = [];
  private readonly batchSize: number;
  private readonly debounceTimeMs?: number;
  private readonly onBatch: (items: T[]) => void;
  private debounceTimer?: NodeJS.Timeout;
  constructor({
    batchSize,
    debounceTimeMs,
    onBatch,
  }: {
    batchSize: number;
    debounceTimeMs?: number;
    onBatch: (items: T[]) => Promise<void>;
  }) {
    this.batchSize = batchSize;
    this.debounceTimeMs = debounceTimeMs;
    this.onBatch = onBatch;
  }
  private setDebounceTimer() {
    if (this.debounceTimer) {
      clearTimeout(this.debounceTimer);
    }
    if (this.debounceTimeMs) {
      this.debounceTimer = setTimeout(() => this.flush(), this.debounceTimeMs);
    }
  }
  private clearDebounceTimer() {
    if (this.debounceTimer) {
      clearTimeout(this.debounceTimer);
      this.debounceTimer = undefined;
    }
  }
  add(item: T) {
    this.items.push(item);
    this.setDebounceTimer();
    if (this.items.length >= this.batchSize) {
      this.flush();
    }
  }
  flush() {
    this.clearDebounceTimer();
    if (this.items.length === 0) {
      return;
    }
    this.onBatch(this.items);
    this.items = [];
  }
 }
--- a/deployment/modules/cloudflare/docs-release/.terraform.lock.hcl
+++ b/deployment/modules/cloudflare/docs-release/.terraform.lock.hcl
@@ -2,37 +2,37 @@
 # Manual edits may be lost in future updates.
 provider "registry.opentofu.org/cloudflare/cloudflare" {
-  version     = "4.52.1"
+  version     = "4.52.0"
-  constraints = "4.52.1"
+  constraints = "4.52.0"
  hashes = [
-    "h1:2lHvafwGbLdmc9lYkuJFw3nsInaQjRpjX/JfIRKmq/M=",
+    "h1:2BEJyXJtYC4B4nda/WCYUmuJYDaYk88F8t1pwPzr0iQ=",
-    "h1:596JomwjrtUrOSreq9NNCS+rj70+jOV+0pfja5MXiTI=",
+    "h1:4IASk5SESeWKQ7JU0+M7KApuF5mZyklvwMXPBabim3c=",
-    "h1:7mBOA5TVAIt3qAwPXKCtE0RSYeqij9v30mnksuBbpEg=",
+    "h1:5ImZxxALSnWfH/4EXw/wFirSmk5Tr0ACmcysy51AafE=",
-    "h1:ELVgzh4kHKBCYdL+2A8JjWS0E1snLUN3Mmz3Vo6qSfw=",
+    "h1:6TJ3dxLSin4ZKBJLsZDn95H2ZYnGm8S7GGHvvXuuMQU=",
-    "h1:FGGM5yLFf72g3kSXM3LAN64Gf/AkXr5WCmhixgnP+l4=",
+    "h1:IzTUjg9kQ4N3qizP9CjYLeHwjsuGgtxwXvfUQWyOLcA=",
-    "h1:JupkJbQALcIVoMhHImrLeLDsQR1ET7VJLGC7ONxjqGU=",
+    "h1:NTaOQfYINA0YTG/V1/9+SYtgX1it63+cBugj4WK4FWc=",
-    "h1:KsaE4JNq+1uV1nJsuTcYar/8lyY6zKS5UBEpfYg3wvc=",
+    "h1:PXH48LuJn329sCfMXprdMDk51EZaWFyajVvS03qhQLs=",
-    "h1:NHZ5RJIzQDLhie/ykl3uI6UPfNQR9Lu5Ti7JPR6X904=",
+    "h1:Pi5M+GeoMSN2eJ6QnIeXjBf19O+rby/74CfB2ocpv20=",
-    "h1:NfAuMbn6LQPLDtJhbzO1MX9JMIGLMa8K6CpekvtsuX8=",
+    "h1:ShXZ2ZjBvm3thfoPPzPT8+OhyismnydQVkUAfI8X12w=",
-    "h1:e+vNKokamDsp/kJvFr2pRudzwEz2r49iZ/oSggw+1LY=",
+    "h1:WQ9hu0Wge2msBbODfottCSKgu8oKUrw4Opz+fDPVVHk=",
-    "h1:jnb4VdfNZ79I3yj7Q8x+JmOT+FxbfjjRfrF0dL0yCW8=",
+    "h1:Z5yXML2DE0uH9UU+M0ut9JMQAORcwVZz1CxBHzeBmao=",
-    "h1:kmF//O539d7NuHU7qIxDj7Wz4eJmLKFiI5glwQivldU=",
+    "h1:jqI2qKknpleS3JDSplyGYHMu0u9K/tor1ZOjFwDgEMk=",
-    "h1:s6XriaKwOgV4jvKAGPXkrxhhOQxpNU5dceZwi9Z/1k8=",
+    "h1:kgfutDh14Q5nw4eg6qGFamFxIiY8Ae0FPKRBLDOzpcI=",
-    "h1:wt3WBEBAeSGTlC9OlnTlAALxRiK4SQgLy0KgBIS7qzs=",
+    "h1:zCAO7GZmfYhWb+i6TfqlqhMeDyPZWGio2IzEzAh3YTs=",
-    "zh:2fb95e1d3229b9b6c704e1a413c7481c60f139780d9641f657b6eb9b633b90f2",
+    "zh:19be1a91c982b902c42aba47766860dfa5dc151eed1e95fd39ca642229381ef0",
-    "zh:379c7680983383862236e9e6e720c3114195c40526172188e88d0ffcf50dfe2e",
+    "zh:1de451c4d1ecf7efbe67b6dace3426ba810711afdd644b0f1b870364c8ae91f8",
-    "zh:55533beb6cfc02d22ffda8cba8027bc2c841bb172cd637ed0d28323d41395f8f",
+    "zh:352b4a2120173298622e669258744554339d959ac3a95607b117a48ee4a83238",
-    "zh:5abd70760e4eb1f37a1c307cbd2989ea7c9ba0afb93818c67c1d363a31f75703",
+    "zh:3c6f1346d9154afbd2d558fabb4b0150fc8d559aa961254144fe1bc17fe6032f",
-    "zh:699f1c8cd66129176fe659ebf0e6337632a8967a28d2630b6ae5948665c0c2ae",
+    "zh:4c4c92d53fb535b1e0eff26f222bbd627b97d3b4c891ec9c321268676d06152f",
-    "zh:69c15acd73c451e89de6477059cda2f3ec200b48ae4b9ff3646c4d389fd3205e",
+    "zh:53276f68006c9ceb7cdb10a6ccf91a5c1eadd1407a28edb5741e84e88d7e29e8",
-    "zh:6e02b687de21b844f8266dff99e93e7c61fc8eb688f4bbb23803caceb251839e",
+    "zh:7925a97773948171a63d4f65bb81ee92fd6d07a447e36012977313293a5435c9",
-    "zh:7a51d17b87ed87b7bebf2ad9fc7c3a74f16a1b44eee92c779c08eb89258c0496",
+    "zh:7dfb0a4496cfe032437386d0a2cd9229a1956e9c30bd920923c141b0f0440060",
    "zh:88ad84436837b0f55302f22748505972634e87400d6902260fd6b7ba1610f937",
    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
-    "zh:8d46c3d9f4f7ad20ac6ef01daa63f4e30a2d16dcb1bb5c7c7ee3dc6be38e9ca1",
+    "zh:8d4aa79f0a414bb4163d771063c70cd991c8fac6c766e685bac2ee12903c5bd6",
-    "zh:913d64e72a4929dae1d4793e2004f4f9a58b138ea337d9d94fa35cafbf06550a",
+    "zh:a67540c13565616a7e7e51ee9366e88b0dc60046e1d75c72680e150bd02725bb",
-    "zh:c8d93cf86e2e49f6cec665cfe78b82c144cce15a8b2e30f343385fadd1251849",
+    "zh:a936383a4767f5393f38f622e92bf2d0c03fe04b69c284951f27345766c7b31b",
-    "zh:cc4f69397d9bc34a528a5609a024c3a48f54f21616c0008792dd417297add955",
+    "zh:d4887d73c466ff036eecf50ad6404ba38fd82ea4855296b1846d244b0f13c380",
-    "zh:df99cdb8b064aad35ffea77e645cf6541d0b1b2ebc51b6d26c42031de60ab69e",
+    "zh:e9093c8bd5b6cd99c81666e315197791781b8f93afa14fc2e0f732d1bb2a44b7",
    "zh:efd3b3f1ec59a37f635aa1d4efcf178734c2fcf8ddb0d56ea690bec342da8672",
  ]
 }
--- a/deployment/modules/cloudflare/docs-release/config.tf
+++ b/deployment/modules/cloudflare/docs-release/config.tf
@@ -5,7 +5,7 @@ terraform {
  required_providers {
    cloudflare = {
      source = "cloudflare/cloudflare"
-      version = "4.52.1"
+      version = "4.52.0"
    }
  }
 }
--- a/deployment/modules/cloudflare/docs/.terraform.lock.hcl
+++ b/deployment/modules/cloudflare/docs/.terraform.lock.hcl
@@ -2,37 +2,37 @@
 # Manual edits may be lost in future updates.
 provider "registry.opentofu.org/cloudflare/cloudflare" {
-  version     = "4.52.1"
+  version     = "4.52.0"
-  constraints = "4.52.1"
+  constraints = "4.52.0"
  hashes = [
-    "h1:2lHvafwGbLdmc9lYkuJFw3nsInaQjRpjX/JfIRKmq/M=",
+    "h1:2BEJyXJtYC4B4nda/WCYUmuJYDaYk88F8t1pwPzr0iQ=",
-    "h1:596JomwjrtUrOSreq9NNCS+rj70+jOV+0pfja5MXiTI=",
+    "h1:4IASk5SESeWKQ7JU0+M7KApuF5mZyklvwMXPBabim3c=",
-    "h1:7mBOA5TVAIt3qAwPXKCtE0RSYeqij9v30mnksuBbpEg=",
+    "h1:5ImZxxALSnWfH/4EXw/wFirSmk5Tr0ACmcysy51AafE=",
-    "h1:ELVgzh4kHKBCYdL+2A8JjWS0E1snLUN3Mmz3Vo6qSfw=",
+    "h1:6TJ3dxLSin4ZKBJLsZDn95H2ZYnGm8S7GGHvvXuuMQU=",
-    "h1:FGGM5yLFf72g3kSXM3LAN64Gf/AkXr5WCmhixgnP+l4=",
+    "h1:IzTUjg9kQ4N3qizP9CjYLeHwjsuGgtxwXvfUQWyOLcA=",
-    "h1:JupkJbQALcIVoMhHImrLeLDsQR1ET7VJLGC7ONxjqGU=",
+    "h1:NTaOQfYINA0YTG/V1/9+SYtgX1it63+cBugj4WK4FWc=",
-    "h1:KsaE4JNq+1uV1nJsuTcYar/8lyY6zKS5UBEpfYg3wvc=",
+    "h1:PXH48LuJn329sCfMXprdMDk51EZaWFyajVvS03qhQLs=",
-    "h1:NHZ5RJIzQDLhie/ykl3uI6UPfNQR9Lu5Ti7JPR6X904=",
+    "h1:Pi5M+GeoMSN2eJ6QnIeXjBf19O+rby/74CfB2ocpv20=",
-    "h1:NfAuMbn6LQPLDtJhbzO1MX9JMIGLMa8K6CpekvtsuX8=",
+    "h1:ShXZ2ZjBvm3thfoPPzPT8+OhyismnydQVkUAfI8X12w=",
-    "h1:e+vNKokamDsp/kJvFr2pRudzwEz2r49iZ/oSggw+1LY=",
+    "h1:WQ9hu0Wge2msBbODfottCSKgu8oKUrw4Opz+fDPVVHk=",
-    "h1:jnb4VdfNZ79I3yj7Q8x+JmOT+FxbfjjRfrF0dL0yCW8=",
+    "h1:Z5yXML2DE0uH9UU+M0ut9JMQAORcwVZz1CxBHzeBmao=",
-    "h1:kmF//O539d7NuHU7qIxDj7Wz4eJmLKFiI5glwQivldU=",
+    "h1:jqI2qKknpleS3JDSplyGYHMu0u9K/tor1ZOjFwDgEMk=",
-    "h1:s6XriaKwOgV4jvKAGPXkrxhhOQxpNU5dceZwi9Z/1k8=",
+    "h1:kgfutDh14Q5nw4eg6qGFamFxIiY8Ae0FPKRBLDOzpcI=",
-    "h1:wt3WBEBAeSGTlC9OlnTlAALxRiK4SQgLy0KgBIS7qzs=",
+    "h1:zCAO7GZmfYhWb+i6TfqlqhMeDyPZWGio2IzEzAh3YTs=",
-    "zh:2fb95e1d3229b9b6c704e1a413c7481c60f139780d9641f657b6eb9b633b90f2",
+    "zh:19be1a91c982b902c42aba47766860dfa5dc151eed1e95fd39ca642229381ef0",
-    "zh:379c7680983383862236e9e6e720c3114195c40526172188e88d0ffcf50dfe2e",
+    "zh:1de451c4d1ecf7efbe67b6dace3426ba810711afdd644b0f1b870364c8ae91f8",
-    "zh:55533beb6cfc02d22ffda8cba8027bc2c841bb172cd637ed0d28323d41395f8f",
+    "zh:352b4a2120173298622e669258744554339d959ac3a95607b117a48ee4a83238",
-    "zh:5abd70760e4eb1f37a1c307cbd2989ea7c9ba0afb93818c67c1d363a31f75703",
+    "zh:3c6f1346d9154afbd2d558fabb4b0150fc8d559aa961254144fe1bc17fe6032f",
-    "zh:699f1c8cd66129176fe659ebf0e6337632a8967a28d2630b6ae5948665c0c2ae",
+    "zh:4c4c92d53fb535b1e0eff26f222bbd627b97d3b4c891ec9c321268676d06152f",
-    "zh:69c15acd73c451e89de6477059cda2f3ec200b48ae4b9ff3646c4d389fd3205e",
+    "zh:53276f68006c9ceb7cdb10a6ccf91a5c1eadd1407a28edb5741e84e88d7e29e8",
-    "zh:6e02b687de21b844f8266dff99e93e7c61fc8eb688f4bbb23803caceb251839e",
+    "zh:7925a97773948171a63d4f65bb81ee92fd6d07a447e36012977313293a5435c9",
-    "zh:7a51d17b87ed87b7bebf2ad9fc7c3a74f16a1b44eee92c779c08eb89258c0496",
+    "zh:7dfb0a4496cfe032437386d0a2cd9229a1956e9c30bd920923c141b0f0440060",
    "zh:88ad84436837b0f55302f22748505972634e87400d6902260fd6b7ba1610f937",
    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
-    "zh:8d46c3d9f4f7ad20ac6ef01daa63f4e30a2d16dcb1bb5c7c7ee3dc6be38e9ca1",
+    "zh:8d4aa79f0a414bb4163d771063c70cd991c8fac6c766e685bac2ee12903c5bd6",
-    "zh:913d64e72a4929dae1d4793e2004f4f9a58b138ea337d9d94fa35cafbf06550a",
+    "zh:a67540c13565616a7e7e51ee9366e88b0dc60046e1d75c72680e150bd02725bb",
-    "zh:c8d93cf86e2e49f6cec665cfe78b82c144cce15a8b2e30f343385fadd1251849",
+    "zh:a936383a4767f5393f38f622e92bf2d0c03fe04b69c284951f27345766c7b31b",
-    "zh:cc4f69397d9bc34a528a5609a024c3a48f54f21616c0008792dd417297add955",
+    "zh:d4887d73c466ff036eecf50ad6404ba38fd82ea4855296b1846d244b0f13c380",
-    "zh:df99cdb8b064aad35ffea77e645cf6541d0b1b2ebc51b6d26c42031de60ab69e",
+    "zh:e9093c8bd5b6cd99c81666e315197791781b8f93afa14fc2e0f732d1bb2a44b7",
    "zh:efd3b3f1ec59a37f635aa1d4efcf178734c2fcf8ddb0d56ea690bec342da8672",
  ]
 }
--- a/deployment/modules/cloudflare/docs/config.tf
+++ b/deployment/modules/cloudflare/docs/config.tf
@@ -5,7 +5,7 @@ terraform {
  required_providers {
    cloudflare = {
      source = "cloudflare/cloudflare"
-      version = "4.52.1"
+      version = "4.52.0"
    }
  }
 }
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@@ -16,7 +16,7 @@ name: immich-dev
 services:
  immich-server:
    container_name: immich_server
-    command: ['immich-dev']
+    command: ['/usr/src/app/bin/immich-dev']
    image: immich-server-dev:latest
    # extends:
    #   file: hwaccel.transcoding.yml
@@ -25,13 +25,13 @@ services:
      context: ../
      dockerfile: server/Dockerfile
      target: dev
-    restart: unless-stopped
+    restart: always
    volumes:
-      - ../server:/usr/src/app/server
+      - ../server:/usr/src/app
-      - ../open-api:/usr/src/app/open-api
+      - ../open-api:/usr/src/open-api
-      - ${UPLOAD_LOCATION}/photos:/data
+      - ${UPLOAD_LOCATION}/photos:/usr/src/app/upload
-      - ${UPLOAD_LOCATION}/photos/upload:/data/upload
+      - ${UPLOAD_LOCATION}/photos/upload:/usr/src/app/upload/upload
-      - /usr/src/app/server/node_modules
+      - /usr/src/app/node_modules
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - .env
@@ -48,7 +48,7 @@ services:
      IMMICH_THIRD_PARTY_SOURCE_URL: https://github.com/immich-app/immich/
      IMMICH_THIRD_PARTY_BUG_FEATURE_URL: https://github.com/immich-app/immich/issues
      IMMICH_THIRD_PARTY_DOCUMENTATION_URL: https://immich.app/docs
-      IMMICH_THIRD_PARTY_SUPPORT_URL: https://immich.app/docs/community-guides
+      IMMICH_THIRD_PARTY_SUPPORT_URL: https://immich.app/docs/third-party
    ulimits:
      nofile:
        soft: 1048576
@@ -69,20 +69,19 @@ services:
    # Needed for rootless docker setup, see https://github.com/moby/moby/issues/45919
    # user: 0:0
    build:
-      context: ../
+      context: ../web
-      dockerfile: web/Dockerfile
+    command: ['/usr/src/app/bin/immich-web']
    command: ['immich-web']
    env_file:
      - .env
    ports:
      - 3000:3000
      - 24678:24678
    volumes:
-      - ../web:/usr/src/app/web
+      - ../web:/usr/src/app
-      - ../i18n:/usr/src/app/i18n
+      - ../i18n:/usr/src/i18n
-      - ../open-api/:/usr/src/app/open-api/
+      - ../open-api/:/usr/src/open-api/
      # - ../../ui:/usr/ui
-      - /usr/src/app/web/node_modules
+      - /usr/src/app/node_modules
    ulimits:
      nofile:
        soft: 1048576
@@ -96,12 +95,12 @@ services:
    image: immich-machine-learning-dev:latest
    # extends:
    #   file: hwaccel.ml.yml
-    #   service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference
+    #   service: cpu # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference
    build:
      context: ../machine-learning
      dockerfile: Dockerfile
      args:
-        - DEVICE=cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference
+        - DEVICE=cpu # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference
    ports:
      - 3003:3003
    volumes:
@@ -117,13 +116,13 @@ services:
  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:8-bookworm@sha256:facc1d2c3462975c34e10fccb167bfa92b0e0dbd992fc282c29a61c3243afb11
+    image: redis:6.2-alpine@sha256:148bb5411c184abd288d9aaed139c98123eeb8824c5d3fce03cf721db58066d8
    healthcheck:
      test: redis-cli ping || exit 1
  database:
    container_name: immich_postgres
-    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:32324a2f41df5de9efe1af166b7008c3f55646f8d0e00d9550c16c9822366b4a
+    image: tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
    env_file:
      - .env
    environment:
@@ -135,7 +134,25 @@ services:
      - ${UPLOAD_LOCATION}/postgres:/var/lib/postgresql/data
    ports:
      - 5432:5432
-    shm_size: 128mb
+    healthcheck:
      test: >-
        pg_isready --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" || exit 1;
        Chksum="$$(psql --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" --tuples-only --no-align
        --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')";
        echo "checksum failure count is $$Chksum";
        [ "$$Chksum" = '0' ] || exit 1
      interval: 5m
      start_interval: 30s
      start_period: 5m
    command: >-
      postgres
      -c shared_preload_libraries=vectors.so
      -c 'search_path="$$user", public, vectors'
      -c logging_collector=on
      -c max_wal_size=2GB
      -c shared_buffers=512MB
      -c wal_compression=on
  # set IMMICH_TELEMETRY_INCLUDE=all in .env to enable metrics
  # immich-prometheus:
  #   container_name: immich_prometheus
--- a/docker/docker-compose.prod.yml
+++ b/docker/docker-compose.prod.yml
@@ -20,7 +20,7 @@ services:
      context: ../
      dockerfile: server/Dockerfile
    volumes:
-      - ${UPLOAD_LOCATION}/photos:/data
+      - ${UPLOAD_LOCATION}/photos:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - .env
@@ -38,12 +38,12 @@ services:
    image: immich-machine-learning:latest
    # extends:
    #   file: hwaccel.ml.yml
-    #   service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference
+    #   service: cpu # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference
    build:
      context: ../machine-learning
      dockerfile: Dockerfile
      args:
-        - DEVICE=cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference
+        - DEVICE=cpu # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference
    ports:
      - 3003:3003
    volumes:
@@ -56,14 +56,14 @@ services:
  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:8-bookworm@sha256:facc1d2c3462975c34e10fccb167bfa92b0e0dbd992fc282c29a61c3243afb11
+    image: redis:6.2-alpine@sha256:148bb5411c184abd288d9aaed139c98123eeb8824c5d3fce03cf721db58066d8
    healthcheck:
      test: redis-cli ping || exit 1
    restart: always
  database:
    container_name: immich_postgres
-    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:32324a2f41df5de9efe1af166b7008c3f55646f8d0e00d9550c16c9822366b4a
+    image: tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
    env_file:
      - .env
    environment:
@@ -75,7 +75,24 @@ services:
      - ${UPLOAD_LOCATION}/postgres:/var/lib/postgresql/data
    ports:
      - 5432:5432
-    shm_size: 128mb
+    healthcheck:
      test: >-
        pg_isready --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" || exit 1;
        Chksum="$$(psql --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" --tuples-only --no-align
        --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')";
        echo "checksum failure count is $$Chksum";
        [ "$$Chksum" = '0' ] || exit 1
      interval: 5m
      start_interval: 30s
      start_period: 5m
    command: >-
      postgres
      -c shared_preload_libraries=vectors.so
      -c 'search_path="$$user", public, vectors'
      -c logging_collector=on
      -c max_wal_size=2GB
      -c shared_buffers=512MB
      -c wal_compression=on
    restart: always
  # set IMMICH_TELEMETRY_INCLUDE=all in .env to enable metrics
@@ -83,7 +100,7 @@ services:
    container_name: immich_prometheus
    ports:
      - 9090:9090
-    image: prom/prometheus@sha256:63805ebb8d2b3920190daf1cb14a60871b16fd38bed42b857a3182bc621f4996
+    image: prom/prometheus@sha256:5888c188cf09e3f7eebc97369c3b2ce713e844cdbd88ccf36f5047c958aea120
    volumes:
      - ./prometheus.yml:/etc/prometheus/prometheus.yml
      - prometheus-data:/prometheus
@@ -95,7 +112,7 @@ services:
    command: ['./run.sh', '-disable-reporting']
    ports:
      - 3000:3000
-    image: grafana/grafana:12.0.2-ubuntu@sha256:0512d81cdeaaff0e370a9aa66027b465d1f1f04379c3a9c801a905fabbdbc7a5
+    image: grafana/grafana:11.5.1-ubuntu@sha256:9a4ab78cec1a2ec7d1ca5dfd5aacec6412706a1bc9e971fc7184e2f6696a63f5
    volumes:
      - grafana-data:/var/lib/grafana
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -18,7 +18,7 @@ services:
    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
    volumes:
      # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
-      - ${UPLOAD_LOCATION}:/data
+      - ${UPLOAD_LOCATION}:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - .env
@@ -33,12 +33,12 @@ services:
  immich-machine-learning:
    container_name: immich_machine_learning
-    # For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag.
+    # For hardware acceleration, add one of -[armnn, cuda, openvino] to the image tag.
    # Example tag: ${IMMICH_VERSION:-release}-cuda
    image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
    # extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration
    #   file: hwaccel.ml.yml
-    #   service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable
+    #   service: cpu # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference - use the `-wsl` version for WSL2 where applicable
    volumes:
      - model-cache:/cache
    env_file:
@@ -49,25 +49,40 @@ services:
  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:8-bookworm@sha256:facc1d2c3462975c34e10fccb167bfa92b0e0dbd992fc282c29a61c3243afb11
+    image: docker.io/redis:6.2-alpine@sha256:148bb5411c184abd288d9aaed139c98123eeb8824c5d3fce03cf721db58066d8
    healthcheck:
      test: redis-cli ping || exit 1
    restart: always
  database:
    container_name: immich_postgres
-    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:32324a2f41df5de9efe1af166b7008c3f55646f8d0e00d9550c16c9822366b4a
+    image: docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
    environment:
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_USER: ${DB_USERNAME}
      POSTGRES_DB: ${DB_DATABASE_NAME}
      POSTGRES_INITDB_ARGS: '--data-checksums'
      # Uncomment the DB_STORAGE_TYPE: 'HDD' var if your database isn't stored on SSDs
      # DB_STORAGE_TYPE: 'HDD'
    volumes:
      # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
      - ${DB_DATA_LOCATION}:/var/lib/postgresql/data
-    shm_size: 128mb
+    healthcheck:
      test: >-
        pg_isready --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" || exit 1;
        Chksum="$$(psql --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" --tuples-only --no-align
        --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')";
        echo "checksum failure count is $$Chksum";
        [ "$$Chksum" = '0' ] || exit 1
      interval: 5m
      start_interval: 30s
      start_period: 5m
    command: >-
      postgres
      -c shared_preload_libraries=vectors.so
      -c 'search_path="$$user", public, vectors'
      -c logging_collector=on
      -c max_wal_size=2GB
      -c shared_buffers=512MB
      -c wal_compression=on
    restart: always
 volumes:
--- a/docker/example.env
+++ b/docker/example.env
@@ -2,8 +2,7 @@
 # The location where your uploaded files are stored
 UPLOAD_LOCATION=./library
-
+# The location where your database files are stored
 # The location where your database files are stored. Network shares are not supported for the database
 DB_DATA_LOCATION=./postgres
 # To set a timezone, uncomment the next line and change Etc/UTC to a TZ identifier from this list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List
--- a/docker/hwaccel.ml.yml
+++ b/docker/hwaccel.ml.yml
@@ -13,13 +13,6 @@ services:
    volumes:
      - /lib/firmware/mali_csffw.bin:/lib/firmware/mali_csffw.bin:ro # Mali firmware for your chipset (not always required depending on the driver)
      - /usr/lib/libmali.so:/usr/lib/libmali.so:ro # Mali driver for your chipset (always required)
  rknn:
    security_opt:
      - systempaths=unconfined
      - apparmor=unconfined
    devices:
      - /dev/dri:/dev/dri
  cpu: {}
@@ -33,13 +26,6 @@ services:
              capabilities:
                - gpu
  rocm:
    group_add:
      - video
    devices:
      - /dev/dri:/dev/dri
      - /dev/kfd:/dev/kfd
  openvino:
    device_cgroup_rules:
      - 'c 189:* rmw'
--- a/docker/scripts/get-cpus.sh
+++ b/docker/scripts/get-cpus.sh
--- a/docs/.nvmrc
+++ b/docs/.nvmrc
@@ -1 +1 @@
-22.17.1
+22.14.0
--- a/docs/docs/FAQ.mdx
+++ b/docs/docs/FAQ.mdx
@@ -117,7 +117,7 @@ See [Backup and Restore](/docs/administration/backup-and-restore.md).
 ### Does Immich support reading existing face tag metadata?
-Yes, it creates new faces and persons from the imported asset metadata. For details see the [feature request #4348](https://github.com/immich-app/immich/discussions/4348) and [PR #6455](https://github.com/immich-app/immich/pull/6455).
+No, it currently does not. There is an [open feature request on GitHub](https://github.com/immich-app/immich/discussions/4348).
 ### Does Immich support the filtering of NSFW images?
@@ -180,7 +180,7 @@ services:
 ...
    volumes:
      # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
-      - ${UPLOAD_LOCATION}:/data
+      - ${UPLOAD_LOCATION}:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
 +     - originals:/usr/src/app/originals
 ...
@@ -262,7 +262,7 @@ No, this is not supported. Only models listed in the [Hugging Face][huggingface]
 ### I want to be able to search in other languages besides English. How can I do that?
-You can change to a multilingual CLIP model. See [here](/docs/features/searching#clip-models) for instructions.
+You can change to a multilingual CLIP model. See [here](/docs/features/searching#clip-model) for instructions.
 ### Does Immich support Facial Recognition for videos?
@@ -490,7 +490,7 @@ You can also scan the Postgres database file structure for errors:
 <details>
 <summary>Scan for file structure errors</summary>
 ```bash
-docker exec -it immich_postgres pg_amcheck --username=<DB_USERNAME> --heapallindexed --parent-check --rootdescend --progress --all --install-missing
+docker exec -it immich_postgres pg_amcheck --username=postgres --heapallindexed --parent-check --rootdescend --progress --all --install-missing
 ```
 A normal result will end something like this and return with an exit code of `0`:
--- a/docs/docs/administration/backup-and-restore.md
+++ b/docs/docs/administration/backup-and-restore.md
@@ -23,32 +23,16 @@ Refer to the official [postgres documentation](https://www.postgresql.org/docs/c
 It is not recommended to directly backup the `DB_DATA_LOCATION` folder. Doing so while the database is running can lead to a corrupted backup that cannot be restored.
 :::
-### Automatic Database Dumps
+### Automatic Database Backups
-:::warning
+For convenience, Immich will automatically create database backups by default. The backups are stored in `UPLOAD_LOCATION/backups`.  
-The automatic database dumps can be used to restore the database in the event of damage to the Postgres database files.
+As mentioned above, you should make your own backup of these together with the asset folders as noted below.  
-There is no monitoring for these dumps and you will not be notified if they are unsuccessful.
+You can adjust the schedule and amount of kept backups in the [admin settings](http://my.immich.app/admin/system-settings?isOpen=backup).  
-:::
+By default, Immich will keep the last 14 backups and create a new backup every day at 2:00 AM.
 :::caution
 The database dumps do **NOT** contain any pictures or videos, only metadata. They are only usable with a copy of the other files in `UPLOAD_LOCATION` as outlined below.
 :::
 For disaster-recovery purposes, Immich will automatically create database dumps. The dumps are stored in `UPLOAD_LOCATION/backups`.
 Please be sure to make your own, independent backup of the database together with the asset folders as noted below.
 You can adjust the schedule and amount of kept database dumps in the [admin settings](http://my.immich.app/admin/system-settings?isOpen=backup).
 By default, Immich will keep the last 14 database dumps and create a new dump every day at 2:00 AM.
 #### Trigger Dump
 You are able to trigger a database dump in the [admin job status page](http://my.immich.app/admin/jobs-status).
 Visit the page, open the "Create job" modal from the top right, select "Create Database Dump" and click "Confirm".
 A job will run and trigger a dump, you can verify this worked correctly by checking the logs or the `backups/` folder.
 This dumps will count towards the last `X` dumps that will be kept based on your settings.
 #### Restoring
-We hope to make restoring simpler in future versions, for now you can find the database dumps in the `UPLOAD_LOCATION/backups` folder on your host.
+We hope to make restoring simpler in future versions, for now you can find the backups in the `UPLOAD_LOCATION/backups` folder on your host.  
 Then please follow the steps in the following section for restoring the database.
 ### Manual Backup and Restore
@@ -57,7 +41,7 @@ Then please follow the steps in the following section for restoring the database
  <TabItem value="Linux system" label="Linux system" default>
 ```bash title='Backup'
-docker exec -t immich_postgres pg_dumpall --clean --if-exists --username=<DB_USERNAME> | gzip > "/path/to/backup/dump.sql.gz"
+docker exec -t immich_postgres pg_dumpall --clean --if-exists --username=postgres | gzip > "/path/to/backup/dump.sql.gz"
 ```
 ```bash title='Restore'
@@ -69,7 +53,7 @@ docker compose create           # Create Docker containers for Immich apps witho
 docker start immich_postgres    # Start Postgres server
 sleep 10                        # Wait for Postgres server to start up
 # Check the database user if you deviated from the default
-gunzip --stdout "/path/to/backup/dump.sql.gz" \
+gunzip < "/path/to/backup/dump.sql.gz" \
 | sed "s/SELECT pg_catalog.set_config('search_path', '', false);/SELECT pg_catalog.set_config('search_path', 'public, pg_catalog', true);/g" \
 | docker exec -i immich_postgres psql --dbname=postgres --username=<DB_USERNAME>  # Restore Backup
 docker compose up -d            # Start remainder of Immich apps
@@ -79,7 +63,7 @@ docker compose up -d            # Start remainder of Immich apps
  <TabItem value="Windows system (PowerShell)" label="Windows system (PowerShell)">
 ```powershell title='Backup'
-[System.IO.File]::WriteAllLines("C:\absolute\path\to\backup\dump.sql", (docker exec -t immich_postgres pg_dumpall --clean --if-exists --username=<DB_USERNAME>))
+[System.IO.File]::WriteAllLines("C:\absolute\path\to\backup\dump.sql", (docker exec -t immich_postgres pg_dumpall --clean --if-exists --username=postgres))
 ```
 ```powershell title='Restore'
@@ -92,8 +76,8 @@ docker compose create                             # Create Docker containers for
 docker start immich_postgres                      # Start Postgres server
 sleep 10                                          # Wait for Postgres server to start up
 docker exec -it immich_postgres bash              # Enter the Docker shell and run the following command
-# Check the database user if you deviated from the default. If your backup ends in `.gz`, replace `cat` with `gunzip --stdout`
+# Check the database user if you deviated from the default. If your backup ends in `.gz`, replace `cat` with `gunzip`
-cat "/dump.sql" | sed "s/SELECT pg_catalog.set_config('search_path', '', false);/SELECT pg_catalog.set_config('search_path', 'public, pg_catalog', true);/g" | psql --dbname=postgres --username=<DB_USERNAME>
+cat < "/dump.sql" | sed "s/SELECT pg_catalog.set_config('search_path', '', false);/SELECT pg_catalog.set_config('search_path', 'public, pg_catalog', true);/g" | psql --dbname=postgres --username=<DB_USERNAME>
 exit                                              # Exit the Docker shell
 docker compose up -d                              # Start remainder of Immich apps
 ```
@@ -150,10 +134,12 @@ for more info read the [release notes](https://github.com/immich-app/immich/rele
  - Preview images (small thumbnails and large previews) for each asset and thumbnails for recognized faces.
  - Stored in `UPLOAD_LOCATION/thumbs/<userID>`.
 - **Encoded Assets:**
  - Videos that have been re-encoded from the original for wider compatibility. The original is not removed.
  - Stored in `UPLOAD_LOCATION/encoded-video/<userID>`.
 - **Postgres**
  - The Immich database containing all the information to allow the system to function properly.  
    **Note:** This folder will only appear to users who have made the changes mentioned in [v1.102.0](https://github.com/immich-app/immich/discussions/8930) (an optional, non-mandatory change) or who started with this version.
  - Stored in `DB_DATA_LOCATION`.
@@ -199,6 +185,7 @@ When you turn off the storage template engine, it will leave the assets in `UPLO
  - Temporarily located in `UPLOAD_LOCATION/upload/<userID>`.
  - Transferred to `UPLOAD_LOCATION/library/<userID>` upon successful upload.
 - **Postgres**
  - The Immich database containing all the information to allow the system to function properly.  
    **Note:** This folder will only appear to users who have made the changes mentioned in [v1.102.0](https://github.com/immich-app/immich/discussions/8930) (an optional, non-mandatory change) or who started with this version.
  - Stored in `DB_DATA_LOCATION`.
@@ -216,10 +203,3 @@ When you turn off the storage template engine, it will leave the assets in `UPLO
 Do not touch the files inside these folders under any circumstances except taking a backup. Changing or removing an asset can cause untracked and missing files.
 You can think of it as App-Which-Must-Not-Be-Named, the only access to viewing, changing and deleting assets is only through the mobile or browser interface.
 :::
 ## Backup ordering
 A backup of Immich should contain both the database and the asset files. When backing these up it's possible for them to get out of sync, potentially resulting in broken assets after you restore.  
 The best way of dealing with this is to stop the immich-server container while you take a backup. If nothing is changing then the backup will always be in sync.
 If stopping the container is not an option, then the recommended order is to back up the database first, and the filesystem second. This way, the worst case scenario is that there are files on the filesystem that the database doesn't know about. If necessary, these can be (re)uploaded manually after a restore. If the backup is done the other way around, with the filesystem first and the database second, it's possible for the restored database to reference files that aren't in the filesystem backup, thus resulting in broken assets.
--- a/docs/docs/administration/img/admin-nightly-tasks.webp
+++ b/docs/docs/administration/img/admin-nightly-tasks.webp
--- a/docs/docs/administration/img/user-quota-size.webp
+++ b/docs/docs/administration/img/user-quota-size.webp
--- a/docs/docs/administration/jobs-workers.md
+++ b/docs/docs/administration/jobs-workers.md
@@ -46,12 +46,6 @@ services:
 When a new asset is uploaded it kicks off a series of jobs, which include metadata extraction, thumbnail generation, machine learning tasks, and storage template migration, if enabled. To view the status of a job navigate to the Administration -> Jobs page.
 Additionally, some jobs run on a schedule, which is every night at midnight. This schedule, with the exception of [External Libraries](/docs/features/libraries) scanning, cannot be changed.
 <img src={require('./img/admin-jobs.webp').default} width="60%" title="Admin jobs" />
 Additionally, some jobs (such as memories generation) run on a schedule, which is every night at midnight by default. To change when they run or enable/disable a job navigate to System Settings -> [Nightly Tasks Settings](https://my.immich.app/admin/system-settings?isOpen=nightly-tasks).
 <img src={require('./img/admin-nightly-tasks.webp').default} width="60%" title="Admin nightly tasks" />
 :::note
 Some jobs ([External Libraries](/docs/features/libraries) scanning, Database Dump) are configured in their own sections in System Settings.
 :::
--- a/docs/docs/administration/oauth.md
+++ b/docs/docs/administration/oauth.md
@@ -20,6 +20,7 @@ Immich supports 3rd party authentication via [OpenID Connect][oidc] (OIDC), an i
 Before enabling OAuth in Immich, a new client application needs to be configured in the 3rd-party authentication server. While the specifics of this setup vary from provider to provider, the general approach should be the same.
 1. Create a new (Client) Application
   1. The **Provider** type should be `OpenID Connect` or `OAuth2`
   2. The **Client type** should be `Confidential`
   3. The **Application** type should be `Web`
@@ -28,6 +29,7 @@ Before enabling OAuth in Immich, a new client application needs to be configured
 2. Configure Redirect URIs/Origins
   The **Sign-in redirect URIs** should include:
   - `app.immich:///oauth-callback` - for logging in with OAuth from the [Mobile App](/docs/features/mobile-app.mdx)
   - `http://DOMAIN:PORT/auth/login` - for logging in with OAuth from the Web Client
   - `http://DOMAIN:PORT/user-settings` - for manually linking OAuth in the Web Client
@@ -35,17 +37,21 @@ Before enabling OAuth in Immich, a new client application needs to be configured
   Redirect URIs should contain all the domains you will be using to access Immich. Some examples include:
   Mobile
   - `app.immich:///oauth-callback` (You **MUST** include this for iOS and Android mobile apps to work properly)
   Localhost
   - `http://localhost:2283/auth/login`
   - `http://localhost:2283/user-settings`
   Local IP
   - `http://192.168.0.200:2283/auth/login`
   - `http://192.168.0.200:2283/user-settings`
   Hostname
   - `https://immich.example.com/auth/login`
   - `https://immich.example.com/user-settings`
@@ -62,9 +68,8 @@ Once you have a new OAuth client application configured, Immich can be configure
 | Scope                                                | string  | openid email profile | Full list of scopes to send with the request (space delimited)                      |
 | Signing Algorithm                                    | string  | RS256                | The algorithm used to sign the id token (examples: RS256, HS256)                    |
 | Storage Label Claim                                  | string  | preferred_username   | Claim mapping for the user's storage label**¹**                                     |
 | Role Claim                                           | string  | immich_role          | Claim mapping for the user's role. (should return "user" or "admin")**¹**           |
 | Storage Quota Claim                                  | string  | immich_quota         | Claim mapping for the user's storage**¹**                                           |
-| Default Storage Quota (GiB)                          | number  | 0                    | Default quota for user without storage quota claim (empty for unlimited quota)      |
+| Default Storage Quota (GiB)                          | number  | 0                    | Default quota for user without storage quota claim (Enter 0 for unlimited quota)    |
 | Button Text                                          | string  | Login with OAuth     | Text for the OAuth button on the web                                                |
 | Auto Register                                        | boolean | true                 | When true, will automatically register a user the first time they sign in           |
 | [Auto Launch](#auto-launch)                          | boolean | false                | When true, will skip the login page and automatically start the OAuth login process |
@@ -88,7 +93,6 @@ The `.well-known/openid-configuration` part of the url is optional and will be a
 ## Auto Launch
 When Auto Launch is enabled, the login page will automatically redirect the user to the OAuth authorization url, to login with OAuth. To access the login screen again, use the browser's back button, or navigate directly to `/auth/login?autoLaunch=0`.
 Auto Launch can also be enabled on a per-request basis by navigating to `/auth/login?authLaunch=1`, this can be useful in situations where Immich is called from e.g. Nextcloud using the _External sites_ app and the _oidc_ app so as to enable users to directly interact with a logged-in instance of Immich.
 ## Mobile Redirect URI
@@ -106,89 +110,6 @@ Immich has a route (`/api/oauth/mobile-redirect`) that is already configured to
 ## Example Configuration
 <details>
 <summary>Authelia Example</summary>
 ### Authelia Example
 Here's an example of OAuth configured for Authelia:
 This assumes there exist an attribute `immichquota` in the user schema, which is used to set the user's storage quota in Immich.
 The configuration concerning the quota is optional.
 ```yaml
 authentication_backend:
  ldap:
    # The LDAP server configuration goes here.
    # See: https://www.authelia.com/c/ldap
    attributes:
      extra:
        immichquota: # The attribute name from LDAP
          name: 'immich_quota'
          multi_valued: false
          value_type: 'integer'
 identity_providers:
  oidc:
    ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
    ## See: https://www.authelia.com/c/oidc
    claims_policies:
      immich_policy:
        custom_claims:
          immich_quota:
            attribute: 'immich_quota'
    scopes:
      immich_scope:
        claims:
          - 'immich_quota'
    clients:
      - client_id: 'immich'
        client_name: 'Immich'
        # https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#how-do-i-generate-a-client-identifier-or-client-secret
        client_secret: $pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng'
        public: false
        require_pkce: false
        redirect_uris:
          - 'https://example.immich.app/auth/login'
          - 'https://example.immich.app/user-settings'
          - 'app.immich:///oauth-callback'
        scopes:
          - 'openid'
          - 'profile'
          - 'email'
          - 'immich_scope'
        claims_policy: 'immich_policy'
        response_types:
          - 'code'
        grant_types:
          - 'authorization_code'
        id_token_signed_response_alg: 'RS256'
        userinfo_signed_response_alg: 'RS256'
        token_endpoint_auth_method: 'client_secret_post'
 ```
 Configuration of OAuth in Immich System Settings
 | Setting                            | Value                                                               |
 | ---------------------------------- | ------------------------------------------------------------------- |
 | Issuer URL                         | `https://example.immich.app/.well-known/openid-configuration`       |
 | Client ID                          | immich                                                              |
 | Client Secret                      | 0v89FXkQOWO\***\*\*\*\*\***\*\*\***\*\*\*\*\***mprbvXD549HH6s1iw... |
 | Token Endpoint Auth Method         | client_secret_post                                                  |
 | Scope                              | openid email profile immich_scope                                   |
 | ID Token Signed Response Algorithm | RS256                                                               |
 | Userinfo Signed Response Algorithm | RS256                                                               |
 | Storage Label Claim                | uid                                                                 |
 | Storage Quota Claim                | immich_quota                                                        |
 | Default Storage Quota (GiB)        | 0 (empty for unlimited quota)                                       |
 | Button Text                        | Sign in with Authelia (optional)                                    |
 | Auto Register                      | Enabled (optional)                                                  |
 | Auto Launch                        | Enabled (optional)                                                  |
 | Mobile Redirect URI Override       | Disable                                                             |
 | Mobile Redirect URI                |                                                                     |
 </details>
 <details>
 <summary>Authentik Example</summary>
@@ -211,7 +132,7 @@ Configuration of OAuth in Immich System Settings
 | Signing Algorithm            | RS256                                                                              |
 | Storage Label Claim          | preferred_username                                                                 |
 | Storage Quota Claim          | immich_quota                                                                       |
-| Default Storage Quota (GiB)  | 0 (empty for unlimited quota)                                                      |
+| Default Storage Quota (GiB)  | 0 (0 for unlimited quota)                                                          |
 | Button Text                  | Sign in with Authentik (optional)                                                  |
 | Auto Register                | Enabled (optional)                                                                 |
 | Auto Launch                  | Enabled (optional)                                                                 |
@@ -242,7 +163,7 @@ Configuration of OAuth in Immich System Settings
 | Signing Algorithm            | RS256                                                                        |
 | Storage Label Claim          | preferred_username                                                           |
 | Storage Quota Claim          | immich_quota                                                                 |
-| Default Storage Quota (GiB)  | 0 (empty for unlimited quota)                                                |
+| Default Storage Quota (GiB)  | 0 (0 for unlimited quota)                                                    |
 | Button Text                  | Sign in with Google (optional)                                               |
 | Auto Register                | Enabled (optional)                                                           |
 | Auto Launch                  | Enabled                                                                      |
--- a/docs/docs/administration/postgres-standalone.md
+++ b/docs/docs/administration/postgres-standalone.md
@@ -10,16 +10,12 @@ Running with a pre-existing Postgres server can unlock powerful administrative f
 ## Prerequisites
-You must install `pgvector` (`>= 0.7.0, < 1.0.0`), as it is a prerequisite for `vchord`.
+You must install pgvecto.rs into your instance of Postgres using their [instructions][vectors-install]. After installation, add `shared_preload_libraries = 'vectors.so'` to your `postgresql.conf`. If you already have some `shared_preload_libraries` set, you can separate each extension with a comma. For example, `shared_preload_libraries = 'pg_stat_statements, vectors.so'`.
 The easiest way to do this on Debian/Ubuntu is by adding the [PostgreSQL Apt repository][pg-apt] and then
 running `apt install postgresql-NN-pgvector`, where `NN` is your Postgres version (e.g., `16`).
 You must install VectorChord into your instance of Postgres using their [instructions][vchord-install]. After installation, add `shared_preload_libraries = 'vchord.so'` to your `postgresql.conf`. If you already have some `shared_preload_libraries` set, you can separate each extension with a comma. For example, `shared_preload_libraries = 'pg_stat_statements, vchord.so'`.
 :::note
-Immich is known to work with Postgres versions `>= 14, < 18`.
+Immich is known to work with Postgres versions 14, 15, and 16. Earlier versions are unsupported. Postgres 17 is nominally compatible, but pgvecto.rs does not have prebuilt images or packages for it as of writing.
-Make sure the installed version of VectorChord is compatible with your version of Immich. The current accepted range for VectorChord is `>= 0.3.0, < 0.5.0`.
+Make sure the installed version of pgvecto.rs is compatible with your version of Immich. The current accepted range for pgvecto.rs is `>= 0.2.0, < 0.4.0`.
 :::
 ## Specifying the connection URL
@@ -57,99 +53,21 @@ CREATE DATABASE <immichdatabasename>;
 \c <immichdatabasename>
 BEGIN;
 ALTER DATABASE <immichdatabasename> OWNER TO <immichdbusername>;
-CREATE EXTENSION vchord CASCADE;
+CREATE EXTENSION vectors;
 CREATE EXTENSION earthdistance CASCADE;
 ALTER DATABASE <immichdatabasename> SET search_path TO "$user", public, vectors;
 ALTER SCHEMA vectors OWNER TO <immichdbusername>;
 COMMIT;
 ```
-### Updating VectorChord
+### Updating pgvecto.rs
-When installing a new version of VectorChord, you will need to manually update the extension and reindex by connecting to the Immich database and running:
+When installing a new version of pgvecto.rs, you will need to manually update the extension by connecting to the Immich database and running `ALTER EXTENSION vectors UPDATE;`.
-```
+### Common errors
 ALTER EXTENSION vchord UPDATE;
 REINDEX INDEX face_index;
 REINDEX INDEX clip_index;
 ```
-## Migrating to VectorChord
+#### Permission denied for view
-VectorChord is the successor extension to pgvecto.rs, allowing for higher performance, lower memory usage and higher quality results for smart search and facial recognition.
+If you get the error `driverError: error: permission denied for view pg_vector_index_stat`, you can fix this by connecting to the Immich database and running `GRANT SELECT ON TABLE pg_vector_index_stat TO <immichdbusername>;`.
-### Migrating from pgvecto.rs
+[vectors-install]: https://docs.vectorchord.ai/getting-started/installation.html
 Support for pgvecto.rs will be dropped in a later release, hence we recommend all users currently using pgvecto.rs to migrate to VectorChord at their convenience. There are two primary approaches to do so.
 The easiest option is to have both extensions installed during the migration:
 <details>
 <summary>Migration steps (automatic)</summary>
 1. Ensure you still have pgvecto.rs installed
 2. Install `pgvector` (`>= 0.7.0, < 1.0.0`). The easiest way to do this is on Debian/Ubuntu by adding the [PostgreSQL Apt repository][pg-apt] and then running `apt install postgresql-NN-pgvector`, where `NN` is your Postgres version (e.g., `16`)
 3. [Install VectorChord][vchord-install]
 4. Add `shared_preload_libraries= 'vchord.so, vectors.so'` to your `postgresql.conf`, making sure to include _both_ `vchord.so` and `vectors.so`. You may include other libraries here as well if needed
 5. Restart the Postgres database
 6. If Immich does not have superuser permissions, run the SQL command `CREATE EXTENSION vchord CASCADE;` using psql or your choice of database client
 7. Start Immich and wait for the logs `Reindexed face_index` and `Reindexed clip_index` to be output
 8. If Immich does not have superuser permissions, run the SQL command `DROP EXTENSION vectors;`
 9. Drop the old schema by running `DROP SCHEMA vectors;`
 10. Remove the `vectors.so` entry from the `shared_preload_libraries` setting
 11. Restart the Postgres database
 12. Uninstall pgvecto.rs (e.g. `apt-get purge vectors-pg14` on Debian-based environments, replacing `pg14` as appropriate). `pgvector` must remain installed as it provides the data types used by `vchord`
 </details>
 If it is not possible to have both VectorChord and pgvecto.rs installed at the same time, you can perform the migration with more manual steps:
 <details>
 <summary>Migration steps (manual)</summary>
 1. While pgvecto.rs is still installed, run the following SQL command using psql or your choice of database client. Take note of the number outputted by this command as you will need it later
 ```sql
 SELECT atttypmod as dimsize
    FROM pg_attribute f
    JOIN pg_class c ON c.oid = f.attrelid
    WHERE c.relkind = 'r'::char
    AND f.attnum > 0
    AND c.relname = 'smart_search'::text
    AND f.attname = 'embedding'::text;
 ```
 2. Remove references to pgvecto.rs using the below SQL commands
 ```sql
 DROP INDEX IF EXISTS clip_index;
 DROP INDEX IF EXISTS face_index;
 ALTER TABLE smart_search ALTER COLUMN embedding SET DATA TYPE real[];
 ALTER TABLE face_search ALTER COLUMN embedding SET DATA TYPE real[];
 ```
 3. [Install VectorChord][vchord-install]
 4. Change the columns back to the appropriate vector types, replacing `<number>` with the number from step 1
 ```sql
 CREATE EXTENSION IF NOT EXISTS vchord CASCADE;
 ALTER TABLE smart_search ALTER COLUMN embedding SET DATA TYPE vector(<number>);
 ALTER TABLE face_search ALTER COLUMN embedding SET DATA TYPE vector(512);
 ```
 5. Start Immich and let it create new indices using VectorChord
 </details>
 ### Migrating from pgvector
 <details>
 <summary>Migration steps</summary>
 1. Ensure you have at least 0.7.0 of pgvector installed. If it is below that, please upgrade it and run the SQL command `ALTER EXTENSION vector UPDATE;` using psql or your choice of database client
 2. Follow the Prerequisites to install VectorChord
 3. If Immich does not have superuser permissions, run the SQL command `CREATE EXTENSION vchord CASCADE;`
 4. Remove the `DB_VECTOR_EXTENSION=pgvector` environmental variable as it will make Immich still use pgvector if set
 5. Start Immich and let it create new indices using VectorChord
 </details>
 Note that VectorChord itself uses pgvector types, so you should not uninstall pgvector after following these steps.
 [vchord-install]: https://docs.vectorchord.ai/vectorchord/getting-started/installation.html
 [pg-apt]: https://www.postgresql.org/download/linux/#generic
--- a/docs/docs/administration/reverse-proxy.md
+++ b/docs/docs/administration/reverse-proxy.md
@@ -22,7 +22,7 @@ server {
    client_max_body_size 50000M;
    # Set headers
-    proxy_set_header Host              $host;
+    proxy_set_header Host              $http_host;
    proxy_set_header X-Real-IP         $remote_addr;
    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
--- a/docs/docs/administration/server-commands.md
+++ b/docs/docs/administration/server-commands.md
@@ -2,17 +2,15 @@
 The `immich-server` docker image comes preinstalled with an administrative CLI (`immich-admin`) that supports the following commands:
-| Command                  | Description                                                   |
+| Command                  | Description                           |
-| ------------------------ | ------------------------------------------------------------- |
+| ------------------------ | ------------------------------------- |
-| `help`                   | Display help                                                  |
+| `help`                   | Display help                          |
-| `reset-admin-password`   | Reset the password for the admin user                         |
+| `reset-admin-password`   | Reset the password for the admin user |
-| `disable-password-login` | Disable password login                                        |
+| `disable-password-login` | Disable password login                |
-| `enable-password-login`  | Enable password login                                         |
+| `enable-password-login`  | Enable password login                 |
-| `enable-oauth-login`     | Enable OAuth login                                            |
+| `enable-oauth-login`     | Enable OAuth login                    |
-| `disable-oauth-login`    | Disable OAuth login                                           |
+| `disable-oauth-login`    | Disable OAuth login                   |
-| `list-users`             | List Immich users                                             |
+| `list-users`             | List Immich users                     |
 | `version`                | Print Immich version                                          |
 | `change-media-location`  | Change database file paths to align with a new media location |
 ## How to run a command
@@ -82,28 +80,3 @@ immich-admin list-users
  }
 ]
 ```
 Print Immich Version
 ```
 immich-admin version
 v1.129.0
 ```
 Change media location
 ```
 immich-admin change-media-location
 ? Enter the previous value of IMMICH_MEDIA_LOCATION: /data
 ? Enter the new value of IMMICH_MEDIA_LOCATION: /my-data
 ...
  Previous value: /data
  Current value:  /my-data
  Changing database paths from "/data/*" to "/my-data/*"
 ? Do you want to proceed? [Y/n] y
 Database file paths updated successfully! 🎉
 ...
 ```
--- a/docs/docs/administration/user-management.mdx
+++ b/docs/docs/administration/user-management.mdx
@@ -31,7 +31,7 @@ Admin can send a welcome email if the Email option is set, you can learn here ho
 Admin can specify the storage quota for the user as the instance's admin; once the limit is reached, the user won't be able to upload to the instance anymore.
-In order to select a storage quota, click on the pencil icon and enter the storage quota in GiB. You can choose an unlimited quota by leaving it empty (default).
+In order to select a storage quota, click on the pencil icon and enter the storage quota in GiB. You can choose an unlimited quota using the value 0 (default).
 :::tip
 The system administrator can see the usage quota percentage of all users in Server Stats page.
--- a/docs/docs/developer/database-migrations.md
+++ b/docs/docs/developer/database-migrations.md
@@ -1,14 +1,14 @@
 # Database Migrations
-After making any changes in the `server/src/schema`, a database migration need to run in order to register the changes in the database. Follow the steps below to create a new migration.
+After making any changes in the `server/src/entities`, a database migration need to run in order to register the changes in the database. Follow the steps below to create a new migration.
 1. Run the command
 ```bash
-npm run migrations:generate <migration-name>
+npm run typeorm:migrations:generate <migration-name>
 ```
 2. Check if the migration file makes sense.
-3. Move the migration file to folder `./server/src/schema/migrations` in your code editor.
+3. Move the migration file to folder `./server/src/migrations` in your code editor.
 The server will automatically detect `*.ts` file changes and restart. Part of the server start-up process includes running any new migrations, so it will be applied immediately.
--- a/docs/docs/developer/devcontainers.md
+++ b/docs/docs/developer/devcontainers.md
@@ -1,480 +0,0 @@
 ---
 title: Devcontainers
 sidebar_position: 3
 ---
 # Development with Dev Containers
 Dev Containers provide a consistent, reproducible development environment using Docker containers. With a single click, you can get started with an Immich development environment on Mac, Linux, Windows, or in the cloud using GitHub Codespaces.
 Get started fast!
 [![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/immich-app/immich/)
 [Learn more about Dev Containers](https://docs.github.com/en/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers)
 ## Prerequisites
 Before getting started, ensure you have:
 - **Docker Desktop** (latest version)
  - [Mac](https://docs.docker.com/desktop/install/mac-install/)
  - [Windows](https://docs.docker.com/desktop/install/windows-install/) (with WSL2 backend recommended)
  - [Linux](https://docs.docker.com/desktop/install/linux-install/)
 - **Visual Studio Code** with the [Dev Containers extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-containers)
 - **Git** for cloning the repository
 - At least **8GB of RAM** (16GB recommended)
 - **20GB of free disk space**
 :::tip Alternative Development Environments
 While this guide focuses on VS Code, you have many options for Dev Container development:
 **Local Editors:**
 - [IntelliJ IDEA](https://www.jetbrains.com/help/idea/connect-to-devcontainer.html) - Full JetBrains IDE support
 - [neovim](https://github.com/jamestthompson3/nvim-remote-containers) - Lightweight terminal-based editor
 - [Emacs](https://github.com/emacs-lsp/lsp-docker) - Extensible text editor
 - [DevContainer CLI](https://github.com/devcontainers/cli) - Command-line interface
 **Cloud-Based Solutions:**
 - [GitHub Codespaces](https://github.com/features/codespaces) - Fully integrated with GitHub, excellent devcontainer.json support
 - [GitPod](https://www.gitpod.io) - SaaS platform with recent Dev Container support (historically used gitpod.yml)
 **Self-Hostable Options:**
 - [Coder](https://coder.com) - Enterprise-focused, requires Terraform knowledge, self-managed
 - [DevPod](https://devpod.sh) - Client-only tool with excellent devcontainer.json support, works with any provider (local, cloud, or on-premise)
  :::
 ## Dev Container Services
 The Dev Container environment consists of the following services:
 | Service          | Container Name            | Description                                               | Ports                                                                   |
 | ---------------- | ------------------------- | --------------------------------------------------------- | ----------------------------------------------------------------------- |
 | Server & Web     | `immich-server`           | Runs both API server and web frontend in development mode | 2283 (API)<br/>3000 (Web)<br/>9230 (Workers Debug)<br/>9231 (API Debug) |
 | Database         | `database`                | PostgreSQL database                                       | 5432                                                                    |
 | Cache            | `redis`                   | Valkey cache server                                       | 6379                                                                    |
 | Machine Learning | `immich-machine-learning` | Immich ML model inference server                          | 3003                                                                    |
 ## Getting Started
 ### Step 1: Clone the Repository
 ```bash
 git clone https://github.com/immich-app/immich.git
 cd immich
 ```
 ### Step 2: Configure Environment Variables
 The immich dev containers read environment variables from your shell environment, not from `.env` files. This allows them to work in cloud environments without pre-configuration.
 :::important Configuration
 When running locally, and if you want to create (or use an existing) DB and/or photo storage folder, you must set the `UPLOAD_LOCATION` variable in your shell environment before launching the Dev Container. This determines where uploaded files are stored and also where the DB stores it data.
 ```bash
 # Set temporarily for current session
 export UPLOAD_LOCATION=/opt/dev_upload_folder
 # Or add to your shell profile for persistence
 # (~/.bashrc, ~/.zshrc, ~/.bash_profile, etc.)
 echo 'export UPLOAD_LOCATION=/opt/dev_upload_folder' >> ~/.bashrc
 source ~/.bashrc
 ```
 :::
 ### Step 3: Launch the Dev Container
 :::tip
 Immich development makes extensive use of specialized [base images](https://github.com/immich-app/base-images) for its docker-compose based development. For this reason, you won't be able to use VSCode's **_Clone Repository in a Container Volume_** command.
 :::
 #### Using VS Code UI:
 1. Open the cloned repository in VS Code
 2. Press `F1` or `Ctrl/Cmd+Shift+P` to open the command palette
 3. Type and select "Dev Containers: Rebuild and Reopen in Container"
 4. Select "Immich - Backend, Frontend and ML" from the list
 5. Wait for the container to build and start (this may take several minutes on first run)
 #### Using VS Code Quick Actions:
 1. Open the repository in VS Code
 2. You should see a popup asking if you want to reopen in a container
 3. Click "Reopen in Container"
 #### Using Command Line:
 ```bash
 # Using the DevContainer CLI
 devcontainer up --workspace-folder .
 ```
 ## Environment Variable Details
 ### How Dev Containers Handle Environment Variables
 Unlike the Immich developer setup based on Docker Compose which uses `.env` files, Immich Dev Containers read environment variables from your shell environment. This is configured in `.devcontainer/devcontainer.json`:
 ```json
 "remoteEnv": {
    "UPLOAD_LOCATION": "${localEnv:UPLOAD_LOCATION:./Library}",
    "DB_PASSWORD": "${localEnv:DB_PASSWORD:postgres}",
    "DB_USERNAME": "${localEnv:DB_USERNAME:postgres}",
    "DB_DATABASE_NAME": "${localEnv:DB_DATABASE_NAME:immich}"
 }
 ```
 The `${localEnv:VARIABLE:default}` syntax reads from your shell environment with optional defaults.
 ### Upload Location Path Resolution
 The `UPLOAD_LOCATION` environment variable controls where files are stored:
 **Default:** `./Library` (relative to the `docker` directory)
 **Resolved to:** `<immich-root>/docker/Library`
 **Bind Mounts Created:**
 ```yaml
 # From .devcontainer/server/container-compose-overrides.yml
 - ${UPLOAD_LOCATION-./Library}/photos:/workspaces/immich/server/upload
 - ${UPLOAD_LOCATION-./Library}/postgres:/var/lib/postgresql/data
 ```
 ### Database Configuration
 These variables have sensible defaults (for development) but can be customized:
 | Variable           | Default    | Description         |
 | ------------------ | ---------- | ------------------- |
 | `DB_PASSWORD`      | `postgres` | PostgreSQL password |
 | `DB_USERNAME`      | `postgres` | PostgreSQL username |
 | `DB_DATABASE_NAME` | `immich`   | Database name       |
 ### Setting Environment Variables
 Add these to your shell profile (`~/.bashrc`, `~/.zshrc`, `~/.bash_profile`, etc.):
 ```bash
 # Required
 export UPLOAD_LOCATION=./Library  # or absolute path
 # Optional (only if using non-default values)
 export DB_PASSWORD=your_password
 export DB_USERNAME=your_username
 export DB_DATABASE_NAME=your_database
 ```
 Remember to reload your shell configuration:
 ```bash
 source ~/.bashrc  # or ~/.zshrc, etc.
 ```
 ## Git Configuration
 ### SSH Keys and Authentication
 To use your SSH keys for GitHub access inside the Dev Container:
 1. **Start SSH Agent** on your host machine:
   ```bash
   eval "$(ssh-agent -s)"
   ssh-add ~/.ssh/id_rsa  # or your key path
   ```
 2. **VS Code automatically forwards your SSH agent** to the container
 For detailed instructions, see the [VS Code guide on sharing Git credentials](https://code.visualstudio.com/remote/advancedcontainers/sharing-git-credentials).
 ### Commit Signing
 To use your SSH key for commit signing, see the [GitHub guide on SSH commit signing](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key#telling-git-about-your-ssh-key).
 ## Development Workflow
 ### Automatic Setup
 When the Dev Container starts, it automatically:
 1. **Runs post-create script** (`container-server-post-create.sh`):
   - Adjusts file permissions for the `node` user
   - Installs dependencies: `npm install` in all packages
   - Builds TypeScript SDK: `npm run build` in `open-api/typescript-sdk`
 2. **Starts development servers** via VS Code tasks:
   - `Immich API Server (Nest)` - API server with hot-reloading on port 2283
   - `Immich Web Server (Vite)` - Web frontend with hot-reloading on port 3000
   - Both servers watch for file changes and recompile automatically
 3. **Configures port forwarding**:
   - Web UI: http://localhost:3000 (opens automatically)
   - API: http://localhost:2283
   - Debug ports: 9230 (workers), 9231 (API)
 :::info
 The Dev Container setup replaces the `make dev` command from the traditional setup. All services start automatically when you open the container.
 :::
 ### Accessing Services
 Once running, you can access:
 | Service  | URL                   | Description                                                                                    |
 | -------- | --------------------- | ---------------------------------------------------------------------------------------------- |
 | Web UI   | http://localhost:3000 | Main web interface                                                                             |
 | API      | http://localhost:2283 | REST API endpoints (Not used directly, web UI will expose this over http://localhost:3000/api) |
 | Database | localhost:5432        | PostgreSQL (username: `postgres`) (Not used directly)                                          |
 ### Connecting Mobile Apps
 To connect the mobile app to your Dev Container:
 1. Find your machine's IP address
 2. In the mobile app, use: `http://YOUR_IP:3000/api`
 3. Ensure your firewall allows connections on port 2283
 ### Making Code Changes
 - **Server code** (`/server`): Changes trigger automatic restart
 - **Web code** (`/web`): Changes trigger hot module replacement
 - **Database migrations**: Run `npm run sync:sql` in the server directory
 - **API changes**: Regenerate TypeScript SDK with `make open-api`
 ## Testing
 ### Running Tests
 The Dev Container supports multiple ways to run tests:
 #### Using Make Commands (Recommended)
 ```bash
 # Run tests for specific components
 make test-server         # Server unit tests
 make test-web           # Web unit tests
 make test-e2e           # End-to-end tests
 make test-cli           # CLI tests
 # Run all tests
 make test-all           # Runs tests for all components
 # Medium tests (integration tests)
 make test-medium-dev    # End-to-end tests
 ```
 #### Using NPM Directly
 ```bash
 # Server tests
 cd /workspaces/immich/server
 npm test                # Run all tests
 npm run test:watch     # Watch mode
 npm run test:cov       # Coverage report
 # Web tests
 cd /workspaces/immich/web
 npm test               # Run all tests
 npm run test:watch     # Watch mode
 # E2E tests
 cd /workspaces/immich/e2e
 npm run test           # Run API tests
 npm run test:web       # Run web UI tests
 ```
 ### Code Quality Commands
 ```bash
 # Linting
 make lint-server        # Lint server code
 make lint-web          # Lint web code
 make lint-all          # Lint all components
 # Formatting
 make format-server      # Format server code
 make format-web        # Format web code
 make format-all        # Format all code
 # Type checking
 make check-server       # Type check server
 make check-web         # Type check web
 make check-all         # Check all components
 # Complete hygiene check
 make hygiene-all       # Runs lint, format, check, SQL sync, and audit
 ```
 ### Additional Make Commands
 ```bash
 # Build commands
 make build-server       # Build server
 make build-web         # Build web app
 make build-all         # Build everything
 # API generation
 make open-api          # Generate OpenAPI specs
 make open-api-typescript # Generate TypeScript SDK
 make open-api-dart     # Generate Dart SDK
 # Database
 make sql               # Sync database schema
 # Dependencies
 make install-server    # Install server dependencies
 make install-web      # Install web dependencies
 make install-all      # Install all dependencies
 ```
 ### Debugging
 The Dev Container is pre-configured for debugging:
 1. **API Server Debugging**:
   - Set breakpoints in VS Code
   - Press `F5` or use "Run and Debug" panel
   - Select "Attach to Server" configuration
   - Debug port: 9231
 2. **Worker Debugging**:
   - Use "Attach to Workers" configuration
   - Debug port: 9230
 3. **Web Debugging**:
   - Use browser DevTools
   - VS Code debugger for Chrome/Edge extensions supported
 ## Troubleshooting
 ### Common Issues
 #### Permission Errors
 **Problem**: `EACCES` or permission denied errors  
 **Solution**:
 - The Dev Container runs as the `node` user (UID 1000)
 - If your host UID differs, you may see permission issues
 - Try rebuilding the container: "Dev Containers: Rebuild Container"
 #### Container Won't Start
 **Problem**: Dev Container fails to start or build  
 **Solution**:
 1. Check Docker is running: `docker ps`
 2. Clean Docker resources: `docker system prune -a`
 3. Check available disk space
 4. Review Docker Desktop resource limits
 #### Port Already in Use
 **Problem**: "Port 3000/2283 is already in use"  
 **Solution**:
 1. Check for conflicting services: `lsof -i :3000` (macOS/Linux)
 2. Stop conflicting services or change port mappings
 3. Restart Docker Desktop
 #### Upload Location Not Set
 **Problem**: Errors about missing UPLOAD_LOCATION  
 **Solution**:
 1. Set the environment variable: `export UPLOAD_LOCATION=./Library`
 2. Add to your shell profile for persistence
 3. Restart your terminal and VS Code
 #### Database Connection Failed
 **Problem**: Cannot connect to PostgreSQL  
 **Solution**:
 1. Ensure all containers are running: `docker ps`
 2. Check logs: "Dev Containers: Show Container Log"
 3. Verify database credentials match environment variables
 ### Getting Help
 If you encounter issues:
 1. Check container logs: View → Output → Select "Dev Containers"
 2. Rebuild without cache: "Dev Containers: Rebuild Container Without Cache"
 3. Review [common Docker issues](https://docs.docker.com/desktop/troubleshoot/)
 4. Ask in [Discord](https://discord.immich.app) `#help-desk-support` channel
 ## Mobile Development
 While the Dev Container focuses on server and web development, you can connect mobile apps for testing:
 ### Connecting iOS/Android Apps
 1. **Ensure API is accessible**:
   ```bash
   # Find your machine's IP
   # macOS
   ipconfig getifaddr en0
   # Linux
   hostname -I
   # Windows (in WSL2)
   ip addr show eth0
   ```
 2. **Configure mobile app**:
   - Server URL: `http://YOUR_IP:2283/api`
   - Ensure firewall allows port 2283
 3. **For full mobile development**, see the [mobile development guide](/docs/developer/setup) which covers:
   - Flutter setup
   - Running on simulators/devices
   - Mobile-specific debugging
 ## Advanced Configuration
 ### Custom VS Code Extensions
 Add extensions to `.devcontainer/devcontainer.json`:
 ```json
 "customizations": {
  "vscode": {
    "extensions": [
      "your.extension-id"
    ]
  }
 }
 ```
 ### Additional Services
 To add services (e.g., Redis Commander), modify:
 1. `/docker/docker-compose.dev.yml` - Add service definition
 2. `/.devcontainer/server/container-compose-overrides.yml` - Add overrides if needed
 ### Resource Limits
 Adjust Docker Desktop resources:
 - **macOS/Windows**: Docker Desktop → Settings → Resources
 - **Linux**: Modify Docker daemon configuration
 Recommended minimums:
 - CPU: 4 cores
 - Memory: 8GB
 - Disk: 20GB
 ## Next Steps
 - Read the [architecture overview](/docs/developer/architecture)
 - Learn about [database migrations](/docs/developer/database-migrations)
 - Explore [API documentation](/docs/api)
 - Join `#immich` on [Discord](https://discord.immich.app)
--- a/docs/docs/developer/pr-checklist.md
+++ b/docs/docs/developer/pr-checklist.md
@@ -38,19 +38,6 @@ Run all server checks with `npm run check:all`
 You can use `npm run __:fix` to potentially correct some issues automatically for `npm run format` and `lint`.
 :::
 ## Mobile Checks
 The following commands must be executed from within the mobile app directory of the codebase.
 - [ ] `make build` (auto-generate files using build_runner)
 - [ ] `make analyze` (static analysis via Dart Analyzer and DCM)
 - [ ] `make format` (formatting via Dart Formatter)
 - [ ] `make test` (unit tests)
 :::info Auto Fix
 You can use `dart fix --apply` and `dcm fix lib` to potentially correct some issues automatically for `make analyze`.
 :::
 ## OpenAPI
 The OpenAPI client libraries need to be regenerated whenever there are changes to the `immich-openapi-specs.json` file. Note that you should not modify this file directly as it is auto-generated. See [OpenAPI](/docs/developer/open-api.md) for more details.
--- a/docs/docs/developer/setup.md
+++ b/docs/docs/developer/setup.md
@@ -63,41 +63,22 @@ If you only want to do web development connected to an existing, remote backend,
 IMMICH_SERVER_URL=https://demo.immich.app/ npm run dev
 ```
 If you're using PowerShell on Windows you may need to set the env var separately like so:
 ```powershell
 $env:IMMICH_SERVER_URL = "https://demo.immich.app/"
 npm run dev
 ```
 #### `@immich/ui`
 To see local changes to `@immich/ui` in Immich, do the following:
 1. Install `@immich/ui` as a sibling to `immich/`, for example `/home/user/immich` and `/home/user/ui`
-2. Build the `@immich/ui` project via `npm run build`
+1. Build the `@immich/ui` project via `npm run build`
-3. Uncomment the corresponding volume in web service of the `docker/docker-compose.dev.yaml` file (`../../ui:/usr/ui`)
+1. Uncomment the corresponding volume in web service of the `docker/docker-compose.dev.yaml` file (`../../ui:/usr/ui`)
-4. Uncomment the corresponding alias in the `web/vite.config.js` file (`'@immich/ui': path.resolve(\_\_dirname, '../../ui')`)
+1. Uncomment the corresponding alias in the `web/vite.config.js` file (`'@immich/ui': path.resolve(\_\_dirname, '../../ui')`)
-5. Uncomment the import statement in `web/src/app.css` file `@import '/usr/ui/dist/theme/default.css';` and comment out `@import '@immich/ui/theme/default.css';`
+1. Start up the stack via `make dev`
-6. Start up the stack via `make dev`
+1. After making changes in `@immich/ui`, rebuild it (`npm run build`)
 7. After making changes in `@immich/ui`, rebuild it (`npm run build`)
 ### Mobile app
-#### Setup
+The mobile app `(/mobile)` will required Flutter toolchain 3.13.x and FVM to be installed on your system.
-1. Setup Flutter toolchain using FVM.
+Please refer to the [Flutter's official documentation](https://flutter.dev/docs/get-started/install) for more information on setting up the toolchain on your machine.
 2. Run `flutter pub get` to install the dependencies.
 3. Run `make translation` to generate the translation file.
 4. Run `fvm flutter run` to start the app.
 #### Translation
 To add a new translation text, enter the key-value pair in the `i18n/en.json` in the root of the immich project. Then, from the `mobile/` directory, run
 ```bash
 make translation
 ```
 The mobile app asks you what backend to connect to. You can utilize the demo backend (https://demo.immich.app/) if you don't need to change server code or upload photos. Alternatively, you can run the server yourself per the instructions above.
@@ -115,72 +96,32 @@ Note: Activating the license is not required.
 ### VSCode
-Install `Flutter`, `DCM`, `Prettier`, `ESLint` and `Svelte` extensions. These extensions are listed in the `extensions.json` file under `.vscode/` and should appear as workspace recommendations.
+Install `Flutter`, `DCM`, `Prettier`, `ESLint` and `Svelte` extensions.
-Here are the settings we use, they should be active as workspace settings (`settings.json`):
+in User `settings.json` (`cmd + shift + p` and search for `Open User Settings JSON`) add the following:
 ```json title="settings.json"
 {
-  "[css]": {
+  "editor.formatOnSave": true,
  "[javascript][typescript][css]": {
    "editor.defaultFormatter": "esbenp.prettier-vscode",
-    "editor.formatOnSave": true,
+    "editor.tabSize": 2,
    "editor.formatOnSave": true
  },
  "[svelte]": {
    "editor.defaultFormatter": "svelte.svelte-vscode",
    "editor.tabSize": 2
  },
  "svelte.enable-ts-plugin": true,
  "eslint.validate": ["javascript", "svelte"],
  "[dart]": {
    "editor.defaultFormatter": "Dart-Code.dart-code",
    "editor.formatOnSave": true,
    "editor.selectionHighlight": false,
    "editor.suggest.snippetsPreventQuickSuggestions": false,
    "editor.suggestSelection": "first",
    "editor.tabCompletion": "onlySnippets",
-    "editor.wordBasedSuggestions": "off"
+    "editor.wordBasedSuggestions": "off",
-  },
+    "editor.defaultFormatter": "Dart-Code.dart-code"
-  "[javascript]": {
+  }
    "editor.codeActionsOnSave": {
      "source.organizeImports": "explicit",
      "source.removeUnusedImports": "explicit"
    },
    "editor.defaultFormatter": "esbenp.prettier-vscode",
    "editor.formatOnSave": true,
    "editor.tabSize": 2
  },
  "[json]": {
    "editor.defaultFormatter": "esbenp.prettier-vscode",
    "editor.formatOnSave": true,
    "editor.tabSize": 2
  },
  "[jsonc]": {
    "editor.defaultFormatter": "esbenp.prettier-vscode",
    "editor.formatOnSave": true,
    "editor.tabSize": 2
  },
  "[svelte]": {
    "editor.codeActionsOnSave": {
      "source.organizeImports": "explicit",
      "source.removeUnusedImports": "explicit"
    },
    "editor.defaultFormatter": "svelte.svelte-vscode",
    "editor.formatOnSave": true,
    "editor.tabSize": 2
  },
  "[typescript]": {
    "editor.codeActionsOnSave": {
      "source.organizeImports": "explicit",
      "source.removeUnusedImports": "explicit"
    },
    "editor.defaultFormatter": "esbenp.prettier-vscode",
    "editor.formatOnSave": true,
    "editor.tabSize": 2
  },
  "cSpell.words": ["immich"],
  "editor.formatOnSave": true,
  "eslint.validate": ["javascript", "svelte"],
  "explorer.fileNesting.enabled": true,
  "explorer.fileNesting.patterns": {
    "*.dart": "${capture}.g.dart,${capture}.gr.dart,${capture}.drift.dart",
    "*.ts": "${capture}.spec.ts,${capture}.mock.ts"
  },
  "svelte.enable-ts-plugin": true,
  "typescript.preferences.importModuleSpecifier": "non-relative"
 }
 ```
--- a/docs/docs/features/casting.md
+++ b/docs/docs/features/casting.md
@@ -1,19 +0,0 @@
 # Chromecast support
 Immich supports the Google's Cast protocol so that photos and videos can be cast to devices such as a Chromecast and a Nest Hub. This feature is considered experimental and has several important limitations listed below. Currently, this feature is only supported by the web client, support on Android and iOS is planned for the future.
 ## Enable Google Cast Support
 Google Cast support is disabled by default. The web UI uses Google-provided scripts and must retreive them from Google servers when the page loads. This is a privacy concern for some and is thus opt-in.
 You can enable Google Cast support through `Account Settings > Features > Cast > Google Cast`
 <img src={require('./img/gcast-enable.webp').default} width="70%" title='Enable Google Cast Support' />
 ## Limitations
 To use casting with Immich, there are a few prerequisites:
 1. Your instance must be accessed via an HTTPS connection in order for the casting menu to show.
 2. Your instance must be publicly accessible via HTTPS and a DNS record for the server must be accessible via Google's DNS servers (`8.8.8.8` and `8.8.4.4`)
 3. Videos must be in a format that is compatible with Google Cast. For more info, check out [Google's documentation](https://developers.google.com/cast/docs/media)
--- a/docs/docs/features/command-line-interface.md
+++ b/docs/docs/features/command-line-interface.md
@@ -42,12 +42,6 @@ docker run -it -v "$(pwd)":/import:ro -e IMMICH_INSTANCE_URL=https://your-immich
 Please modify the `IMMICH_INSTANCE_URL` and `IMMICH_API_KEY` environment variables as suitable. You can also use a Docker env file to store your sensitive API key.
 This `docker run` command will directly run the command `immich` inside the container. You can directly append the desired parameters (see under "usage") to the commandline like this:
 ```bash
 docker run -it -v "$(pwd)":/import:ro -e IMMICH_INSTANCE_URL=https://your-immich-instance/api -e IMMICH_API_KEY=your-api-key ghcr.io/immich-app/immich-cli:latest upload -a -c 5 --recursive directory/
 ```
 ## Usage
 <details>
@@ -90,22 +84,19 @@ Usage: immich upload [paths...] [options]
 Upload assets
 Arguments:
-  paths                       One or more paths to assets to be uploaded
+paths                       One or more paths to assets to be uploaded
 Options:
-  -r, --recursive             Recursive (default: false, env: IMMICH_RECURSIVE)
+-r, --recursive             Recursive (default: false, env: IMMICH_RECURSIVE)
-  -i, --ignore <pattern>      Pattern to ignore (env: IMMICH_IGNORE_PATHS)
+-i, --ignore [paths...]     Paths to ignore (default: [], env: IMMICH_IGNORE_PATHS)
-  -h, --skip-hash             Don't hash files before upload (default: false, env: IMMICH_SKIP_HASH)
+-h, --skip-hash             Don't hash files before upload (default: false, env: IMMICH_SKIP_HASH)
-  -H, --include-hidden        Include hidden folders (default: false, env: IMMICH_INCLUDE_HIDDEN)
+-H, --include-hidden        Include hidden folders (default: false, env: IMMICH_INCLUDE_HIDDEN)
-  -a, --album                 Automatically create albums based on folder name (default: false, env: IMMICH_AUTO_CREATE_ALBUM)
+-a, --album                 Automatically create albums based on folder name (default: false, env: IMMICH_AUTO_CREATE_ALBUM)
-  -A, --album-name <name>     Add all assets to specified album (env: IMMICH_ALBUM_NAME)
+-A, --album-name <name>     Add all assets to specified album (env: IMMICH_ALBUM_NAME)
-  -n, --dry-run               Don't perform any actions, just show what will be done (default: false, env: IMMICH_DRY_RUN)
+-n, --dry-run               Don't perform any actions, just show what will be done (default: false, env: IMMICH_DRY_RUN)
-  -c, --concurrency <number>  Number of assets to upload at the same time (default: 4, env: IMMICH_UPLOAD_CONCURRENCY)
+-c, --concurrency <number>  Number of assets to upload at the same time (default: 4, env: IMMICH_UPLOAD_CONCURRENCY)
-  -j, --json-output           Output detailed information in json format (default: false, env: IMMICH_JSON_OUTPUT)
+--delete                    Delete local assets after upload (env: IMMICH_DELETE_ASSETS)
-  --delete                    Delete local assets after upload (env: IMMICH_DELETE_ASSETS)
+--help                      display help for command
  --no-progress               Hide progress bars (env: IMMICH_PROGRESS_BAR)
  --watch                     Watch for changes and upload automatically (default: false, env: IMMICH_WATCH_CHANGES)
  --help                      display help for command
 ```
 </details>
@@ -121,7 +112,7 @@ You begin by authenticating to your Immich server. For instance:
 immich login http://192.168.1.216:2283/api HFEJ38DNSDUEG
 ```
-This will store your credentials in a `auth.yml` file in the configuration directory which defaults to `~/.config/immich/`. The directory can be set with the `-d` option or the environment variable `IMMICH_CONFIG_DIR`. Please keep the file secure, either by performing the logout command after you are done, or deleting it manually.
+This will store your credentials in a `auth.yml` file in the configuration directory which defaults to `~/.config/`. The directory can be set with the `-d` option or the environment variable `IMMICH_CONFIG_DIR`. Please keep the file secure, either by performing the logout command after you are done, or deleting it manually.
 Once you are authenticated, you can upload assets to your Immich server.
@@ -175,16 +166,6 @@ By default, hidden files are skipped. If you want to include hidden files, use t
 immich upload --include-hidden --recursive directory/
 ```
 You can use the `--json-output` option to get a json printed which includes
 three keys: `newFiles`, `duplicates` and `newAssets`. Due to some logging
 output you will need to strip the first three lines of output to get the json.
 For example to get a list of files that would be uploaded for further
 processing:
 ```bash
 immich upload --dry-run . | tail -n +4 | jq .newFiles[]
 ```
 ### Obtain the API Key
 The API key can be obtained in the user setting panel on the web interface.
--- a/docs/docs/features/facial-recognition.md
+++ b/docs/docs/features/facial-recognition.md
@@ -69,8 +69,6 @@ Navigating to Administration > Settings > Machine Learning Settings > Facial Rec
 :::tip
 It's better to only tweak the parameters here than to set them to something very different unless you're ready to test a variety of options. If you do need to set a parameter to a strict setting, relaxing other settings can be a good option to compensate, and vice versa.
 You can learn how the tune the result in this [Guide](/docs/guides/better-facial-clusters)
 :::
 ### Facial recognition model
--- a/docs/docs/features/folder-view.md
+++ b/docs/docs/features/folder-view.md
@@ -2,7 +2,7 @@
 Folder view provides an additional view besides the timeline that is similar to a file explorer. It allows you to navigate through the folders and files in the library. This feature is handy for a highly curated and customized external library or a nicely configured storage template.
-You can enable this feature under [`Account Settings > Features > Folders`](https://my.immich.app/user-settings?isOpen=feature+folders)
+You can enable this feature under [`Account Settings > Features > Folder View`](https://my.immich.app/user-settings?isOpen=feature+folders)
 ## Enable folder view
--- a/docs/docs/features/hardware-transcoding.md
+++ b/docs/docs/features/hardware-transcoding.md
@@ -121,6 +121,6 @@ Once this is done, you can continue to step 3 of "Basic Setup".
 [hw-file]: https://github.com/immich-app/immich/releases/latest/download/hwaccel.transcoding.yml
 [nvct]: https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/install-guide.html
-[jellyfin-lp]: https://jellyfin.org/docs/general/post-install/transcoding/hardware-acceleration/intel#low-power-encoding
+[jellyfin-lp]: https://jellyfin.org/docs/general/administration/hardware-acceleration/intel/#configure-and-verify-lp-mode-on-linux
-[jellyfin-kernel-bug]: https://jellyfin.org/docs/general/post-install/transcoding/hardware-acceleration/intel#known-issues-and-limitations-on-linux
+[jellyfin-kernel-bug]: https://jellyfin.org/docs/general/administration/hardware-acceleration/intel/#known-issues-and-limitations
 [libmali-rockchip]: https://github.com/tsukumijima/libmali-rockchip/releases
--- a/docs/docs/features/img/gcast-enable.webp
+++ b/docs/docs/features/img/gcast-enable.webp
--- a/docs/docs/features/img/moblie-smart-serach.webp
+++ b/docs/docs/features/img/moblie-smart-serach.webp
--- a/docs/docs/features/libraries.md
+++ b/docs/docs/features/libraries.md
@@ -37,7 +37,7 @@ To validate that Immich can reach your external library, start a shell inside th
 ### Exclusion Patterns
-By default, all files in the import paths will be added to the library. If there are files that should not be added, exclusion patterns can be used to exclude them. Exclusion patterns are glob patterns are matched against the full file path. If a file matches an exclusion pattern, it will not be added to the library. Exclusion patterns can be added in the Scan Settings page for each library.
+By default, all files in the import paths will be added to the library. If there are files that should not be added, exclusion patterns can be used to exclude them. Exclusion patterns are glob patterns are matched against the full file path. If a file matches an exclusion pattern, it will not be added to the library. Exclusion patterns can be added in the Scan Settings page for each library. Under the hood, Immich uses the [glob](https://www.npmjs.com/package/glob) package to match patterns, so please refer to [their documentation](https://github.com/isaacs/node-glob#glob-primer) to see what patterns are supported.
 Some basic examples:
@@ -48,17 +48,13 @@ Some basic examples:
 Special characters such as @ should be escaped, for instance:
- `**/\@eaDir/**` will exclude all files in any directory named `@eaDir`
+- `**/\@eadir/**` will exclude all files in any directory named `@eadir`
 :::info
 Internally, Immich uses the [glob](https://www.npmjs.com/package/glob) package to process exclusion patterns, and sometimes those patterns are translated into [Postgres LIKE patterns](https://www.postgresql.org/docs/current/functions-matching.html). The intention is to support basic folder exclusions but we recommend against advanced usage since those can't reliably be translated to the Postgres syntax. Please refer to the [glob documentation](https://github.com/isaacs/node-glob#glob-primer) for a basic overview on glob patterns.
 :::
 ### Automatic watching (EXPERIMENTAL)
-This feature is considered experimental and for advanced users only. If enabled, it will allow automatic watching of the filesystem which means new assets are automatically imported to Immich without needing to rescan.
+This feature - currently hidden in the config file - is considered experimental and for advanced users only. If enabled, it will allow automatic watching of the filesystem which means new assets are automatically imported to Immich without needing to rescan.
-If your photos are on a network drive, automatic file watching likely won't work. In that case, you will have to rely on a [periodic library refresh](#set-custom-scan-interval) to pull in your changes.
+If your photos are on a network drive, automatic file watching likely won't work. In that case, you will have to rely on a periodic library refresh to pull in your changes.
 #### Troubleshooting
@@ -72,9 +68,7 @@ In rare cases, the library watcher can hang, preventing Immich from starting up.
 ### Nightly job
-There is an automatic scan job that is scheduled to run once a day. Its schedule is configurable, see [Set Custom Scan Interval](#set-custom-scan-interval).
+There is an automatic scan job that is scheduled to run once a day. This job also cleans up any libraries stuck in deletion.
 This job also cleans up any libraries stuck in deletion. It is possible to trigger the cleanup by clicking "Scan all libraries" in the library management page.
 ## Usage
@@ -93,11 +87,11 @@ The `immich-server` container will need access to the gallery. Modify your docke
 ```diff title="docker-compose.yml"
  immich-server:
    volumes:
-      - ${UPLOAD_LOCATION}:/data
+      - ${UPLOAD_LOCATION}:/usr/src/app/upload
 +     - /mnt/nas/christmas-trip:/mnt/media/christmas-trip:ro
 +     - /home/user/old-pics:/mnt/media/old-pics:ro
 +     - /mnt/media/videos:/mnt/media/videos:ro
-+     - /mnt/media/videos2:/mnt/media/videos2 # WARNING: Immich will be able to delete the files in this folder, as it does not end with :ro
+     - /mnt/media/videos2:/mnt/media/videos2 # the files in this folder can be deleted, as it does not end with :ro
 +     - "C:/Users/user_name/Desktop/my media:/mnt/media/my-media:ro" # import path in Windows system.
 ```
@@ -114,15 +108,12 @@ _Remember to run `docker compose up -d` to register the changes. Make sure you c
 These actions must be performed by the Immich administrator.
- Click on your avatar in the upper right corner
+- Click on Administration -> Libraries
- Click on Administration -> External Libraries
+- Click on Create External Library
 - Click on Create an external library…
 - Select which user owns the library, this can not be changed later
 - Enter `/mnt/media/christmas-trip` then click Add
 - Click on Save
 - Click the drop-down menu on the newly created library
 - Click on Scan
 - Click the drop-down menu on the newly created library
 - Click on Rename Library and rename it to "Christmas Trip"
 NOTE: We have to use the `/mnt/media/christmas-trip` path and not the `/mnt/nas/christmas-trip` path since all paths have to be what the Docker containers see.
@@ -161,7 +152,9 @@ Within seconds, the assets from the old-pics and videos folders should show up i
 Folder view provides an additional view besides the timeline that is similar to a file explorer. It allows you to navigate through the folders and files in the library. This feature is handy for a highly curated and customized external library or a nicely configured storage template.
-You can enable this feature under [`Account Settings > Features > Folders`](https://my.immich.app/user-settings?isOpen=feature+folders)
+You can enable this feature under [`Account Settings > Features > Folder View`](https://my.immich.app/user-settings?isOpen=feature+folders)
 The UI is currently only available for the web; mobile will come in a subsequent release.
 <img src={require('./img/folder-view-1.webp').default} width="100%" title='Folder-view' />
@@ -171,7 +164,7 @@ You can enable this feature under [`Account Settings > Features > Folders`](http
 Only an admin can do this.
 :::
-You can define a custom interval for the trigger external library rescan under Administration -> Settings -> External Library.  
+You can define a custom interval for the trigger external library rescan under Administration -> Settings -> Library.  
 You can set the scanning interval using the preset or cron format. For more information you can refer to [Crontab Guru](https://crontab.guru/).
 <img src={require('./img/library-custom-scan-interval.webp').default} width="75%" title='Set custom scan interval for external library' />
--- a/docs/docs/features/ml-hardware-acceleration.md
+++ b/docs/docs/features/ml-hardware-acceleration.md
@@ -11,9 +11,7 @@ You do not need to redo any machine learning jobs after enabling hardware accele
 - ARM NN (Mali)
 - CUDA (NVIDIA GPUs with [compute capability](https://developer.nvidia.com/cuda-gpus) 5.2 or higher)
 - ROCm (AMD GPUs)
 - OpenVINO (Intel GPUs such as Iris Xe and Arc)
 - RKNN (Rockchip)
 ## Limitations
@@ -21,7 +19,6 @@ You do not need to redo any machine learning jobs after enabling hardware accele
 - Only Linux and Windows (through WSL2) servers are supported.
 - ARM NN is only supported on devices with Mali GPUs. Other Arm devices are not supported.
 - Some models may not be compatible with certain backends. CUDA is the most reliable.
 - Search latency isn't improved by ARM NN due to model compatibility issues preventing its use. However, smart search jobs do make use of ARM NN.
 ## Prerequisites
@@ -36,47 +33,30 @@ You do not need to redo any machine learning jobs after enabling hardware accele
  - The `hwaccel.ml.yml` file assumes the path to it is `/usr/lib/libmali.so`, so update accordingly if it is elsewhere
  - The `hwaccel.ml.yml` file assumes an additional file `/lib/firmware/mali_csffw.bin`, so update accordingly if your device's driver does not require this file
 - Optional: Configure your `.env` file, see [environment variables](/docs/install/environment-variables) for ARM NN specific settings
  - In particular, the `MACHINE_LEARNING_ANN_FP16_TURBO` can significantly improve performance at the cost of very slightly lower accuracy
 #### CUDA
 - The GPU must have compute capability 5.2 or greater.
 - The server must have the official NVIDIA driver installed.
- The installed driver must be >= 545 (it must support CUDA 12.3).
+- The installed driver must be >= 535 (it must support CUDA 12.2).
 - On Linux (except for WSL2), you also need to have [NVIDIA Container Toolkit][nvct] installed.
 #### ROCm
 - The GPU must be supported by ROCm. If it isn't officially supported, you can attempt to use the `HSA_OVERRIDE_GFX_VERSION` environmental variable: `HSA_OVERRIDE_GFX_VERSION=<a supported version, e.g. 10.3.0>`. If this doesn't work, you might need to also set `HSA_USE_SVM=0`.
 - The ROCm image is quite large and requires at least 35GiB of free disk space. However, pulling later updates to the service through Docker will generally only amount to a few hundred megabytes as the rest will be cached.
 - This backend is new and may experience some issues. For example, GPU power consumption can be higher than usual after running inference, even if the machine learning service is idle. In this case, it will only go back to normal after being idle for 5 minutes (configurable with the [MACHINE_LEARNING_MODEL_TTL](/docs/install/environment-variables) setting).
 #### OpenVINO
 - Integrated GPUs are more likely to experience issues than discrete GPUs, especially for older processors or servers with low RAM.
 - Ensure the server's kernel version is new enough to use the device for hardware accceleration.
 - Expect higher RAM usage when using OpenVINO compared to CPU processing.
 #### RKNN
 - You must have a supported Rockchip SoC: only RK3566, RK3568, RK3576 and RK3588 are supported at this moment.
 - Make sure you have the appropriate linux kernel driver installed
  - This is usually pre-installed on the device vendor's Linux images
 - RKNPU driver V0.9.8 or later must be available in the host server
  - You may confirm this by running `cat /sys/kernel/debug/rknpu/version` to check the version
 - Optional: Configure your `.env` file, see [environment variables](/docs/install/environment-variables) for RKNN specific settings
  - In particular, setting `MACHINE_LEARNING_RKNN_THREADS` to 2 or 3 can _dramatically_ improve performance for RK3576 and RK3588 compared to the default of 1, at the expense of multiplying the amount of RAM each model uses by that amount.
 ## Setup
 1. If you do not already have it, download the latest [`hwaccel.ml.yml`][hw-file] file and ensure it's in the same folder as the `docker-compose.yml`.
 2. In the `docker-compose.yml` under `immich-machine-learning`, uncomment the `extends` section and change `cpu` to the appropriate backend.
-3. Still in `immich-machine-learning`, add one of -[armnn, cuda, rocm, openvino, rknn] to the `image` section's tag at the end of the line.
+3. Still in `immich-machine-learning`, add one of -[armnn, cuda, openvino] to the `image` section's tag at the end of the line.
 4. Redeploy the `immich-machine-learning` container with these updated settings.
 ### Confirming Device Usage
-You can confirm the device is being recognized and used by checking its utilization. There are many tools to display this, such as `nvtop` for NVIDIA or Intel, `intel_gpu_top` for Intel, and `radeontop` for AMD.
+You can confirm the device is being recognized and used by checking its utilization. There are many tools to display this, such as `nvtop` for NVIDIA or Intel and `intel_gpu_top` for Intel.
 You can also check the logs of the `immich-machine-learning` container. When a Smart Search or Face Detection job begins, or when you search with text in Immich, you should either see a log for `Available ORT providers` containing the relevant provider (e.g. `CUDAExecutionProvider` in the case of CUDA), or a `Loaded ANN model` log entry without errors in the case of ARM NN.
@@ -147,12 +127,3 @@ Note that you should increase job concurrencies to increase overall utilization
 - If you encounter an error when a model is running, try a different model to see if the issue is model-specific.
 - You may want to increase concurrency past the default for higher utilization. However, keep in mind that this will also increase VRAM consumption.
 - Larger models benefit more from hardware acceleration, if you have the VRAM for them.
 - Compared to ARM NN, RKNPU has:
  - Wider model support (including for search, which ARM NN does not accelerate)
  - Less heat generation
  - Very slightly lower accuracy (RKNPU always uses FP16, while ARM NN by default uses higher precision FP32 unless `MACHINE_LEARNING_ANN_FP16_TURBO` is enabled)
  - Varying speed (tested on RK3588):
    - If `MACHINE_LEARNING_RKNN_THREADS` is at the default of 1, RKNPU will have substantially lower throughput for ML jobs than ARM NN in most cases, but similar latency (such as when searching)
    - If `MACHINE_LEARNING_RKNN_THREADS` is set to 3, it will be somewhat faster than ARM NN at FP32, but somewhat slower than ARM NN if `MACHINE_LEARNING_ANN_FP16_TURBO` is enabled
    - When other tasks also use the GPU (like transcoding), RKNPU has a significant advantage over ARM NN as it uses the otherwise idle NPU instead of competing for GPU usage
  - Lower RAM usage if `MACHINE_LEARNING_RKNN_THREADS` is at the default of 1, but significantly higher if greater than 1 (which is necessary for it to fully utilize the NPU and hence be comparable in speed to ARM NN)
--- a/docs/docs/features/mobile-app.mdx
+++ b/docs/docs/features/mobile-app.mdx
@@ -88,9 +88,9 @@ It will only reflect files you add.
 :::
 If the same asset is in more than one album it will only sync to the first album it's in, after that it won't sync again even if the user clicks sync albums manually.
-To overcome this limitation, the files must be removed from the ignore list by
+To overcome this limitation, the files must be removed from the blacklist by
 App settings -> Advanced -> Duplicate Assets -> Clear
 :::info
-Cleaning duplicate assets from the list will cause all the previously uploaded duplicate files to be re-uploaded, the files will not actually be uploaded and will be rejected on the server side (due to duplication) but will be synchronized to the album and at the end will be added to the ignore list again at the end of the synchronization.
+Cleaning duplicate assets from the list will cause all the previously uploaded duplicate files to be re-uploaded, the files will not actually be uploaded and will be rejected on the server side (due to duplication) but will be synchronized to the album and at the end will be added to the black list again at the end of the synchronization.
 :::
--- a/docs/docs/features/searching.md
+++ b/docs/docs/features/searching.md
--- a/docs/docs/features/supported-formats.md
+++ b/docs/docs/features/supported-formats.md
@@ -16,9 +16,9 @@ For the full list, refer to the [Immich source code](https://github.com/immich-a
 | `HEIC`      | `.heic`                       | :white_check_mark: |                 |
 | `HEIF`      | `.heif`                       | :white_check_mark: |                 |
 | `JPEG 2000` | `.jp2`                        | :white_check_mark: |                 |
-| `JPEG`      | `.jpeg` `.jpg` `.jpe` `.insp` | :white_check_mark: |                 |
+| `JPEG`      | `.webp` `.jpg` `.jpe` `.insp` | :white_check_mark: |                 |
 | `JPEG XL`   | `.jxl`                        | :white_check_mark: |                 |
-| `PNG`       | `.png`                        | :white_check_mark: |                 |
+| `PNG`       | `.webp`                       | :white_check_mark: |                 |
 | `PSD`       | `.psd`                        | :white_check_mark: | Adobe Photoshop |
 | `RAW`       | `.raw`                        | :white_check_mark: |                 |
 | `RW2`       | `.rw2`                        | :white_check_mark: |                 |
--- a/docs/docs/guides/better-facial-clusters.md
+++ b/docs/docs/guides/better-facial-clusters.md
@@ -1,72 +0,0 @@
 # Better Facial Recognition Clusters
 ## Purpose
 This guide explains how to optimize facial recognition in systems with large image libraries. By following these steps, you'll achieve better clustering of faces, reducing the need for manual merging.
 ---
 ## Important Notes
 - **Best Suited For:** Large image libraries after importing a significant number of images.
 - **Warning:** This method deletes all previously assigned names.
 - **Tip:** **Always take a [backup](/docs/administration/backup-and-restore#database) before proceeding!**
 ---
 ## Step-by-Step Instructions
 ### Objective
 To enhance face clustering and ensure the model effectively identifies faces using qualitative initial data.
 ---
 ### Steps
 #### 1. Adjust Machine Learning Settings
 Navigate to:  
 **Admin → Administration → Settings → Machine Learning Settings**
 Make the following changes:
 - **Maximum recognition distance (Optional):**  
  Lower this value, e.g., to **0.4**, if the library contains people with similar facial features.
 - **Minimum recognized faces:**  
  Set this to a **high value** (e.g., 20 For libraries with a large amount of assets (~100K+), and 10 for libraries with medium amount of assets (~40K+)).
  > A high value ensures clusters only include faces that appear at least 20/`value` times in the library, improving the initial clustering process.
 ---
 #### 2. Run Reset Jobs
 Go to:  
 **Admin → Administration → Settings → Jobs**
 Perform the following:
 1. **FACIAL RECOGNITION → Reset**
 > These reset jobs rebuild the recognition model based on the new settings.
 ---
 #### 3. Refine Recognition with Lower Thresholds
 Once the reset jobs are complete, refine the recognition as follows:
 - **Step 1:**  
  Return to **Minimum recognized faces** in Machine Learning Settings and lower the value to **10** (In medium libraries we will lower the value from 10 to 5).
  > Run the job: **FACIAL RECOGNITION → MISSING Mode**
 - **Step 2:**  
  Lower the value again to **3**.
  > Run the job: **FACIAL RECOGNITION → MISSING Mode**
 :::tip try different values
 For certain libraries with a larger or smaller amount of assets, other settings will be better or worse. It is recommended to try different values **before assigning names** and see which settings work best for your library.
 :::
 ---
--- a/docs/docs/guides/custom-locations.md
+++ b/docs/docs/guides/custom-locations.md
@@ -27,11 +27,11 @@ After defining the locations of these files, we will edit the `docker-compose.ym
 services:
  immich-server:
      volumes:
-      - ${UPLOAD_LOCATION}:/data
+      - ${UPLOAD_LOCATION}:/usr/src/app/upload
-+     - ${THUMB_LOCATION}:/data/thumbs
+     - ${THUMB_LOCATION}:/usr/src/app/upload/thumbs
-+     - ${ENCODED_VIDEO_LOCATION}:/data/encoded-video
+     - ${ENCODED_VIDEO_LOCATION}:/usr/src/app/upload/encoded-video
-+     - ${PROFILE_LOCATION}:/data/profile
+     - ${PROFILE_LOCATION}:/usr/src/app/upload/profile
-+     - ${BACKUP_LOCATION}:/data/backups
+     - ${BACKUP_LOCATION}:/usr/src/app/upload/backups
      - /etc/localtime:/etc/localtime:ro
 ```
@@ -44,7 +44,7 @@ docker compose up -d
 :::note
 Because of the underlying properties of docker bind mounts, it is not recommended to mount the `upload/` and `library/` folders as separate bind mounts if they are on the same device.
-For this reason, we mount the HDD or the network storage (NAS) to `/data` and then mount the folders we want to access under that folder.
+For this reason, we mount the HDD or the network storage (NAS) to `/usr/src/app/upload` and then mount the folders we want to access under that folder.
 The `thumbs/` folder contains both the small thumbnails displayed in the timeline and the larger previews shown when clicking into an image. These cannot be separated.
--- a/docs/docs/guides/custom-map-styles.md
+++ b/docs/docs/guides/custom-map-styles.md
@@ -14,14 +14,14 @@ online generators you can use.
 2. Paste the link to your JSON style in either the **Light Style** or **Dark Style**. (You can add different styles which will help make the map style more appropriate depending on whether you set **Immich** to Light or Dark mode.)
 3. Save your selections. Reload the map, and enjoy your custom map style!
-## Use MapTiler to build a custom style
+## Use Maptiler to build a custom style
-Customizing the map style can be done easily using MapTiler, if you do not want to write an entire JSON document by hand.
+Customizing the map style can be done easily using Maptiler, if you do not want to write an entire JSON document by hand.
 1. Create a free account at https://cloud.maptiler.com
 2. Once logged in, you can either create a brand new map by clicking on **New Map**, selecting a starter map, and then clicking **Customize**, OR by selecting a **Standard Map** and customizing it from there.
 3. The **editor** interface is self-explanatory. You can change colors, remove visible layers, or add optional layers (e.g., administrative, topo, hydro, etc.) in the composer.
 4. Once you have your map composed, click on **Save** at the top right. Give it a unique name to save it to your account.
-5. Next, **Publish** your style using the **Publish** button at the top right. This will deploy it to production, which means it is able to be exposed over the Internet. MapTiler will present an interactive side-by-side map with the original and your changes prior to publication.<br/>![MapTiler Publication Settings](img/immich_map_styles_publish.webp)
+5. Next, **Publish** your style using the **Publish** button at the top right. This will deploy it to production, which means it is able to be exposed over the Internet. Maptiler will present an interactive side-by-side map with the original and your changes prior to publication.<br/>![Maptiler Publication Settings](img/immich_map_styles_publish.webp)
-6. MapTiler will warn you that changing the map will change it across all apps using the map. Since no apps are using the map yet, this is okay.
+6. Maptiler will warn you that changing the map will change it across all apps using the map. Since no apps are using the map yet, this is okay.
-7. Clicking on the name of your new map at the top left will bring you to the item's **details** page. From here, copy the link to the JSON style under **Use vector style**. This link will automatically contain your personal API key to MapTiler.
+7. Clicking on the name of your new map at the top left will bring you to the item's **details** page. From here, copy the link to the JSON style under **Use vector style**. This link will automatically contain your personal API key to Maptiler.
--- a/Show More
+++ b/Show More
		`@@ -1,2 +0,0 @@`
			`#!/usr/bin/env node`
			`import '../dist/index.js';`