refactor(web): expose scaled image dimensions from AdaptiveImage

Change-Id: Iae105fb749525739ba8df5b944a73ea66a6a6964
Added Code of conduct
2026-06-03 13:25:19 -04:00 · 2026-06-03 03:56:29 +00:00 · 2026-06-02 21:57:50 +00:00 · 2026-06-02 21:57:47 +00:00 · 2026-06-02 21:57:45 +00:00 · 2026-06-02 21:33:13 +00:00
142 changed files with 5397 additions and 1302 deletions
@@ -15,7 +15,7 @@ services:
    volumes:
      - ${UPLOAD_LOCATION:-upload-devcontainer-volume}${UPLOAD_LOCATION:+/photos}:/data
      - /etc/localtime:/etc/localtime:ro
-      - pnpm_store_server:/buildcache/pnpm-store
+      - build_cache:/buildcache
      - ../packages/plugin-core:/build/plugins/immich-plugin-core
  immich-web:
    env_file: !reset []
@@ -1 +0,0 @@
-custom: ['https://buy.immich.app', 'https://immich.store']
@@ -51,7 +51,7 @@ jobs:
      should_run: ${{ steps.check.outputs.should_run }}
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -79,7 +79,7 @@ jobs:

    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -201,7 +201,7 @@ jobs:

    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -19,7 +19,7 @@ jobs:
      actions: write
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -24,7 +24,7 @@ jobs:
          persist-credentials: false

      - name: Check for breaking API changes
-        uses: oasdiff/oasdiff-action/breaking@6147a58e5d1249a12f42fc864ab791d571a30015 # v0.0.47
+        uses: oasdiff/oasdiff-action/breaking@50e6a3413e5aa9c3ae4d8393c34745be44288b46 # v0.0.48
        with:
          base: https://raw.githubusercontent.com/${{ github.repository }}/main/open-api/immich-openapi-specs.json
          revision: open-api/immich-openapi-specs.json
@@ -31,7 +31,7 @@ jobs:
        working-directory: ./packages/cli
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -49,7 +49,9 @@ jobs:

      - name: Publish
        if: ${{ github.event_name == 'release' }}
-        run: mise run ci-publish
+        env:
+          NPM_TAG: ${{ github.event.release.prerelease && 'rc' || 'latest' }}
+        run: mise run ci-publish -- --tag "$NPM_TAG"

  docker:
    name: Docker
@@ -61,7 +63,7 @@ jobs:

    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -73,13 +75,13 @@ jobs:
          token: ${{ steps.token.outputs.token }}

      - name: Set up QEMU
-        uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
+        uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # v4.1.0

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
+        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0

      - name: Login to GitHub Container Registry
-        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
+        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
        if: ${{ !github.event.pull_request.head.repo.fork }}
        with:
          registry: ghcr.io
@@ -94,7 +96,7 @@ jobs:

      - name: Generate docker image tags
        id: metadata
-        uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
+        uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
        with:
          flavor: |
            latest=false
@@ -102,10 +104,10 @@ jobs:
            name=ghcr.io/${{ github.repository_owner }}/immich-cli
          tags: |
            type=raw,value=${{ steps.package-version.outputs.version }},enable=${{ github.event_name == 'release' }}
-            type=raw,value=latest,enable=${{ github.event_name == 'release' }}
+            type=raw,value=latest,enable=${{ github.event_name == 'release' && !github.event.release.prerelease }}

      - name: Build and push image
-        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
+        uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
        with:
          file: packages/cli/Dockerfile
          platforms: linux/amd64,linux/arm64
@@ -35,7 +35,7 @@ jobs:
    needs: [get_body, should_run]
    if: ${{ needs.should_run.outputs.should_run == 'true' }}
    container:
-      image: ghcr.io/immich-app/mdq:main@sha256:0a8b8867773a0f8368061f47578603f438349f8f1f28b0e16105f481e5c794e0
+      image: ghcr.io/immich-app/mdq:main@sha256:e73f60195b39748c4876f23e3e6cd22a68a9754acec8aef1fd6979fd52cd2c9f
    outputs:
      checked: ${{ steps.get_checkbox.outputs.checked }}
    steps:
@@ -44,7 +44,7 @@ jobs:

    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -57,7 +57,7 @@ jobs:

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
+        uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
        with:
          languages: ${{ matrix.language }}
          # If you wish to specify custom queries, you can do so here or in a config file.
@@ -70,7 +70,7 @@ jobs:
      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
      # If this step fails, then you should remove it and run the build manually (see below)
      - name: Autobuild
-        uses: github/codeql-action/autobuild@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
+        uses: github/codeql-action/autobuild@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0

      # ℹ️ Command-line programs to run using the OS shell.
      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -83,6 +83,6 @@ jobs:
      #   ./location_of_script_within_repo/buildscript.sh

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
+        uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
        with:
          category: '/language:${{matrix.language}}'
@@ -23,7 +23,7 @@ jobs:
      should_run: ${{ steps.check.outputs.should_run }}
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -60,7 +60,7 @@ jobs:
        suffix: ['', '-cuda', '-rocm', '-openvino', '-armnn', '-rknn']
    steps:
      - name: Login to GitHub Container Registry
-        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
+        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
@@ -90,7 +90,7 @@ jobs:
        suffix: ['']
    steps:
      - name: Login to GitHub Container Registry
-        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
+        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
@@ -132,7 +132,7 @@ jobs:
            suffixes: '-rocm'
            platforms: linux/amd64
            runner-mapping: '{"linux/amd64": "pokedex-large"}'
-    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@5813c7c4f7016c748ae7ac5d5f684846649d4d20 # multi-runner-build-workflow-v2.4.0
+    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@db54dcf16fbb12c43479a23749ceea0ad1b4a704 # multi-runner-build-workflow-v3.0.0
    permissions:
      contents: read
      actions: read
@@ -147,7 +147,7 @@ jobs:
      platforms: ${{ matrix.platforms }}
      runner-mapping: ${{ matrix.runner-mapping }}
      suffixes: ${{ matrix.suffixes }}
-      dockerhub-push: ${{ github.event_name == 'release' }}
+      dockerhub-push: ${{ github.event_name == 'release' && !github.event.release.prerelease }}
      build-args: |
        DEVICE=${{ matrix.device }}

@@ -155,7 +155,7 @@ jobs:
    name: Build and Push Server
    needs: pre-job
    if: ${{ fromJSON(needs.pre-job.outputs.should_run).server == true }}
-    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@5813c7c4f7016c748ae7ac5d5f684846649d4d20 # multi-runner-build-workflow-v2.4.0
+    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@db54dcf16fbb12c43479a23749ceea0ad1b4a704 # multi-runner-build-workflow-v3.0.0
    permissions:
      contents: read
      actions: read
@@ -167,7 +167,7 @@ jobs:
      image: immich-server
      context: .
      dockerfile: server/Dockerfile
-      dockerhub-push: ${{ github.event_name == 'release' }}
+      dockerhub-push: ${{ github.event_name == 'release' && !github.event.release.prerelease }}
      build-args: |
        DEVICE=cpu

@@ -21,7 +21,7 @@ jobs:
      should_run: ${{ steps.check.outputs.should_run }}
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -54,7 +54,7 @@ jobs:

    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -20,7 +20,7 @@ jobs:
      artifact: ${{ steps.get-artifact.outputs.result }}
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -98,9 +98,16 @@ jobs:
                shouldDeploy: true
              };
            } else if (eventType == "release") {
+              const tag = context.payload.workflow_run.head_branch;
+              const { data: release } = await github.rest.repos.getReleaseByTag({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                tag,
+              });
              parameters = {
                event: "release",
-                name: context.payload.workflow_run.head_branch,
+                name: tag,
+                prerelease: release.prerelease,
                shouldDeploy: !isFork
              };
            }
@@ -119,7 +126,7 @@ jobs:
    if: ${{ fromJson(needs.checks.outputs.artifact).found && fromJson(needs.checks.outputs.parameters).shouldDeploy }}
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -146,6 +153,7 @@ jobs:
            const parameters = JSON.parse(process.env.PARAM_JSON);
            core.setOutput("event", parameters.event);
            core.setOutput("name", parameters.name);
+            core.setOutput("prerelease", parameters.prerelease);
            core.setOutput("shouldDeploy", parameters.shouldDeploy);

      - name: Download artifact
@@ -203,7 +211,7 @@ jobs:
        run: mise run //docs:deploy

      - name: Deploy Docs Release Domain
-        if: ${{ steps.parameters.outputs.event == 'release' }}
+        if: ${{ steps.parameters.outputs.event == 'release' && steps.parameters.outputs.prerelease != 'true' }}
        env:
          TF_VAR_prefix_name: ${{ steps.parameters.outputs.name}}
          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
@@ -17,7 +17,7 @@ jobs:
      pull-requests: write
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -15,7 +15,7 @@ jobs:
      pull-requests: write
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -14,7 +14,7 @@ jobs:
      pull-requests: write
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -12,7 +12,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -49,7 +49,7 @@ jobs:
    permissions: {} # No job-level permissions are needed because it uses the app-token
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -137,7 +137,7 @@ jobs:
          github-token: ${{ steps.generate-token.outputs.token }}

      - name: Create draft release
-        uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2.6.2
+        uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0
        with:
          draft: true
          tag_name: ${{ needs.bump_version.outputs.version }}
@@ -14,7 +14,7 @@ jobs:
      pull-requests: write
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -32,7 +32,7 @@ jobs:
      pull-requests: write
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -16,7 +16,7 @@ jobs:
      packages: write
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -39,4 +39,6 @@ jobs:
        run: pnpm --filter @immich/sdk build

      - name: Publish
-        run: pnpm --filter @immich/sdk publish --provenance --no-git-checks
+        env:
+          NPM_TAG: ${{ github.event.release.prerelease && 'rc' || 'latest' }}
+        run: pnpm --filter @immich/sdk publish --provenance --no-git-checks --tag "$NPM_TAG"
@@ -20,7 +20,7 @@ jobs:
      should_run: ${{ steps.check.outputs.should_run }}
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -49,7 +49,7 @@ jobs:
        working-directory: ./mobile
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -17,7 +17,7 @@ jobs:
      should_run: ${{ steps.check.outputs.should_run }}
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -71,7 +71,7 @@ jobs:
      contents: read
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -102,7 +102,7 @@ jobs:
        working-directory: ./packages/cli
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -133,7 +133,7 @@ jobs:
        working-directory: ./packages/cli
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -177,7 +177,7 @@ jobs:
        working-directory: ./web
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -215,7 +215,7 @@ jobs:
        working-directory: ./web
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -243,7 +243,7 @@ jobs:
      contents: read
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -293,7 +293,7 @@ jobs:
        working-directory: ./e2e
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -325,7 +325,7 @@ jobs:
        working-directory: ./server
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -361,7 +361,7 @@ jobs:
        runner: [ubuntu-latest, ubuntu-24.04-arm]
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -374,7 +374,7 @@ jobs:
          token: ${{ steps.token.outputs.token }}

      - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8

      - name: Setup Node
        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
@@ -438,7 +438,7 @@ jobs:
        runner: [ubuntu-latest, ubuntu-24.04-arm]
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -451,7 +451,7 @@ jobs:
          token: ${{ steps.token.outputs.token }}

      - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8

      - name: Setup Node
        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
@@ -546,7 +546,7 @@ jobs:
      contents: read
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -583,7 +583,7 @@ jobs:
        working-directory: ./machine-learning
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -613,7 +613,7 @@ jobs:
        working-directory: ./.github
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -643,7 +643,7 @@ jobs:
      contents: read
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -664,7 +664,7 @@ jobs:
      contents: read
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -722,7 +722,7 @@ jobs:
          - 5432:5432
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -24,7 +24,7 @@ jobs:
      should_run: ${{ steps.check.outputs.should_run }}
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -47,7 +47,7 @@ jobs:
    if: ${{ fromJSON(needs.pre-job.outputs.should_run).i18n == true }}
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -1,134 +0,0 @@
-# Contributor Covenant Code of Conduct
-
-## Our Pledge
-
-We as members, contributors, and leaders pledge to make participation
-in our community a harassment-free experience for everyone, regardless
-of age, body size, visible or invisible disability, ethnicity, sex
-characteristics, gender identity and expression, level of experience,
-education, socio-economic status, nationality, personal appearance,
-race, religion, or sexual identity and orientation.
-
-We pledge to act and interact in ways that contribute to an open,
-welcoming, diverse, inclusive, and healthy community.
-
-## Our Standards
-
-Examples of behavior that contributes to a positive environment for
-our community include:
-
- Demonstrating empathy and kindness toward other people
- Being respectful of differing opinions, viewpoints, and experiences
- Giving and gracefully accepting constructive feedback
- Accepting responsibility and apologizing to those affected by our
-  mistakes, and learning from the experience
- Focusing on what is best not just for us as individuals, but for the
-  overall community
-
-Examples of unacceptable behavior include:
-
- The use of sexualized language or imagery, and sexual attention or
-  advances of any kind
- Trolling, insulting or derogatory comments, and personal or
-  political attacks
- Public or private harassment
- Publishing others' private information, such as a physical or email
-  address, without their explicit permission
- Other conduct which could reasonably be considered inappropriate in
-  a professional setting
-
-## Enforcement Responsibilities
-
-Community leaders are responsible for clarifying and enforcing our
-standards of acceptable behavior and will take appropriate and fair
-corrective action in response to any behavior that they deem
-inappropriate, threatening, offensive, or harmful.
-
-Community leaders have the right and responsibility to remove, edit,
-or reject comments, commits, code, wiki edits, issues, and other
-contributions that are not aligned to this Code of Conduct, and will
-communicate reasons for moderation decisions when appropriate.
-
-## Scope
-
-This Code of Conduct applies within all community spaces, and also
-applies when an individual is officially representing the community in
-public spaces. Examples of representing our community include using an
-official e-mail address, posting via an official social media account,
-or acting as an appointed representative at an online or offline
-event.
-
-## Enforcement
-
-Instances of abusive, harassing, or otherwise unacceptable behavior
-may be reported to the community leaders responsible for enforcement
-at our Discord channel. All complaints
-will be reviewed and investigated promptly and fairly.
-
-All community leaders are obligated to respect the privacy and
-security of the reporter of any incident.
-
-## Enforcement Guidelines
-
-Community leaders will follow these Community Impact Guidelines in
-determining the consequences for any action they deem in violation of
-this Code of Conduct:
-
-### 1. Correction
-
-**Community Impact**: Use of inappropriate language or other behavior
-deemed unprofessional or unwelcome in the community.
-
-**Consequence**: A private, written warning from community leaders,
-providing clarity around the nature of the violation and an
-explanation of why the behavior was inappropriate. A public apology
-may be requested.
-
-### 2. Warning
-
-**Community Impact**: A violation through a single incident or series
-of actions.
-
-**Consequence**: A warning with consequences for continued
-behavior. No interaction with the people involved, including
-unsolicited interaction with those enforcing the Code of Conduct, for
-a specified period of time. This includes avoiding interactions in
-community spaces as well as external channels like social
-media. Violating these terms may lead to a temporary or permanent ban.
-
-### 3. Temporary Ban
-
-**Community Impact**: A serious violation of community standards,
-including sustained inappropriate behavior.
-
-**Consequence**: A temporary ban from any sort of interaction or
-public communication with the community for a specified period of
-time. No public or private interaction with the people involved,
-including unsolicited interaction with those enforcing the Code of
-Conduct, is allowed during this period. Violating these terms may lead
-to a permanent ban.
-
-### 4. Permanent Ban
-
-**Community Impact**: Demonstrating a pattern of violation of
-community standards, including sustained inappropriate behavior,
-harassment of an individual, or aggression toward or disparagement of
-classes of individuals.
-
-**Consequence**: A permanent ban from any sort of public interaction
-within the community.
-
-## Attribution
-
-This Code of Conduct is adapted from the [Contributor
-Covenant][homepage], version 2.0, available at
-https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
-
-Community Impact Guidelines were inspired by [Mozilla's code of
-conduct enforcement ladder](https://github.com/mozilla/diversity).
-
-[homepage]: https://www.contributor-covenant.org
-
-For answers to common questions about this code of conduct, see the
-FAQ at https://www.contributor-covenant.org/faq. Translations are
-available at https://www.contributor-covenant.org/translations.
@@ -1,5 +0,0 @@
-# Security Policy
-
-## Reporting a Vulnerability
-
-Please report security issues to `security@immich.app`
@@ -154,7 +154,7 @@ services:

  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:9@sha256:8436e10bc65c94886a91d4415b6a6dfa9cb5a306fb3b996e5bb67cd2b4854193
+    image: docker.io/valkey/valkey:9@sha256:4963247afc4cd33c7d3b2d2816b9f7f8eeebab148d29056c2ca4d7cbc966f2d9
    healthcheck:
      test: redis-cli ping || exit 1

@@ -56,7 +56,7 @@ services:

  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:9@sha256:8436e10bc65c94886a91d4415b6a6dfa9cb5a306fb3b996e5bb67cd2b4854193
+    image: docker.io/valkey/valkey:9@sha256:4963247afc4cd33c7d3b2d2816b9f7f8eeebab148d29056c2ca4d7cbc966f2d9
    healthcheck:
      test: redis-cli ping || exit 1
    restart: always
@@ -85,7 +85,7 @@ services:
    container_name: immich_prometheus
    ports:
      - 9090:9090
-    image: prom/prometheus@sha256:e4254400b85610324913f0dc4acf92603d9984e7519414c5a12811aa6146acc3
+    image: prom/prometheus@sha256:69f5241418838263316593f7274a304b095c40bcf22e57272865da91bd60a8ac
    volumes:
      - ./prometheus.yml:/etc/prometheus/prometheus.yml
      - prometheus-data:/prometheus
@@ -61,7 +61,7 @@ services:

  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:9@sha256:8436e10bc65c94886a91d4415b6a6dfa9cb5a306fb3b996e5bb67cd2b4854193
+    image: docker.io/valkey/valkey:9@sha256:4963247afc4cd33c7d3b2d2816b9f7f8eeebab148d29056c2ca4d7cbc966f2d9
    user: '1000:1000'
    security_opt:
      - no-new-privileges:true
@@ -49,7 +49,7 @@ services:

  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:9@sha256:8436e10bc65c94886a91d4415b6a6dfa9cb5a306fb3b996e5bb67cd2b4854193
+    image: docker.io/valkey/valkey:9@sha256:4963247afc4cd33c7d3b2d2816b9f7f8eeebab148d29056c2ca4d7cbc966f2d9
    healthcheck:
      test: redis-cli ping || exit 1
    restart: always
@@ -44,7 +44,7 @@ services:

  redis:
    container_name: immich-e2e-redis
-    image: docker.io/valkey/valkey:9@sha256:8436e10bc65c94886a91d4415b6a6dfa9cb5a306fb3b996e5bb67cd2b4854193
+    image: docker.io/valkey/valkey:9@sha256:4963247afc4cd33c7d3b2d2816b9f7f8eeebab148d29056c2ca4d7cbc966f2d9
    healthcheck:
      test: redis-cli ping || exit 1

@@ -95,6 +95,7 @@ describe('/server', () => {
        major: expect.any(Number),
        minor: expect.any(Number),
        patch: expect.any(Number),
+        prerelease: null,
      });
    });
  });
@@ -115,6 +116,7 @@ describe('/server', () => {
        oauthAutoLaunch: false,
        ocr: false,
        passwordLogin: true,
+        realtimeTranscoding: false,
        search: true,
        sidecar: true,
        trash: true,
@@ -139,6 +141,7 @@ describe('/server', () => {
        maintenanceMode: false,
        mapDarkStyleUrl: 'https://tiles.immich.cloud/v1/style/dark.json',
        mapLightStyleUrl: 'https://tiles.immich.cloud/v1/style/light.json',
+        minFaces: 3,
      });
    });
  });
@@ -21,18 +21,18 @@ describe('/system-config', () => {
      const response1 = await request(app)
        .put('/system-config')
        .set('Authorization', `Bearer ${admin.accessToken}`)
-        .send({ ...config, newVersionCheck: { enabled: false } });
+        .send({ ...config, newVersionCheck: { enabled: false, channel: 'stable' } });

      expect(response1.status).toBe(200);
-      expect(response1.body).toEqual({ ...config, newVersionCheck: { enabled: false } });
+      expect(response1.body).toEqual({ ...config, newVersionCheck: { enabled: false, channel: 'stable' } });

      const response2 = await request(app)
        .put('/system-config')
        .set('Authorization', `Bearer ${admin.accessToken}`)
-        .send({ ...config, newVersionCheck: { enabled: true } });
+        .send({ ...config, newVersionCheck: { enabled: true, channel: 'stable' } });

      expect(response2.status).toBe(200);
-      expect(response2.body).toEqual({ ...config, newVersionCheck: { enabled: true } });
+      expect(response2.body).toEqual({ ...config, newVersionCheck: { enabled: true, channel: 'stable' } });
    });

    it('should reject an invalid config entry', async () => {
@@ -230,6 +230,21 @@ describe('/users', () => {
      const after = await getMyPreferences({ headers: asBearerAuth(admin.accessToken) });
      expect(after).toMatchObject({ download: { includeEmbeddedVideos: true } });
    });
+
+    it('should update minimum face count to display people', async () => {
+      const before = await getMyPreferences({ headers: asBearerAuth(admin.accessToken) });
+      expect(before).toMatchObject({ people: { minimumFaces: 3 } });
+
+      const { status, body } = await request(app)
+        .put('/users/me/preferences')
+        .send({ people: { minimumFaces: 2 } })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toMatchObject({ people: { minimumFaces: 2 } });
+
+      const after = await getMyPreferences({ headers: asBearerAuth(admin.accessToken) });
+      expect(after).toMatchObject({ people: { minimumFaces: 2 } });
+    });
  });

  describe('GET /users/:id', () => {
@@ -305,6 +305,8 @@
    "refreshing_all_libraries": "Refreshing all libraries",
    "registration": "Admin Registration",
    "registration_description": "Since you are the first user on the system, you will be assigned as the Admin and are responsible for administrative tasks, and additional users will be created by you.",
+    "release_channel_release_candidate": "Release candidate",
+    "release_channel_stable": "Stable",
    "remove_failed_jobs": "Remove failed jobs",
    "require_password_change_on_login": "Require user to change password on first login",
    "reset_settings_to_default": "Reset settings to default",
@@ -399,6 +401,10 @@
    "transcoding_preferred_hardware_device_description": "Applies only to VAAPI and QSV. Sets the dri node used for hardware transcoding.",
    "transcoding_preset_preset": "Preset (-preset)",
    "transcoding_preset_preset_description": "Compression speed. Slower presets produce smaller files, and increase quality when targeting a certain bitrate. VP9 ignores speeds above 'faster'.",
+    "transcoding_realtime": "Real-time Transcoding [EXPERIMENTAL]",
+    "transcoding_realtime_description": "Allows transcoding to be performed in real-time as the video is being streamed. Enables quality switching, but may cause higher playback latency and stuttering depending on server capabilities.",
+    "transcoding_realtime_enabled": "Enable real-time transcoding",
+    "transcoding_realtime_enabled_description": "If disabled, the server will refuse to start new real-time transcoding sessions.",
    "transcoding_reference_frames": "Reference frames",
    "transcoding_reference_frames_description": "The number of frames to reference when compressing a given frame. Higher values improve compression efficiency, but slow down encoding. 0 sets this value automatically.",
    "transcoding_required_description": "Only videos not in an accepted format",
@@ -442,6 +448,8 @@
    "user_settings_description": "Manage user settings",
    "user_successfully_removed": "User {email} has been successfully removed.",
    "users_page_description": "Admin users page",
+    "version_check_channel": "Release channel",
+    "version_check_channel_description": "Pick the release channel you want to get version announcements for",
    "version_check_enabled_description": "Enable version check",
    "version_check_implications": "The version check feature relies on periodic communication with {server}",
    "version_check_settings": "Version Check",
@@ -1584,6 +1592,8 @@
  "merge_people_prompt": "Do you want to merge these people? This action is irreversible.",
  "merge_people_successfully": "Merge people successfully",
  "merged_people_count": "Merged {count, plural, one {# person} other {# people}}",
+  "minFaces": "Minimum faces",
+  "minFaces_description": "The minimum number of recognized faces for a person to be displayed",
  "minimize": "Minimize",
  "minute": "Minute",
  "minutes": "Minutes",
@@ -2452,6 +2462,7 @@
  "video": "Video",
  "video_hover_setting": "Play video thumbnail on hover",
  "video_hover_setting_description": "Play video thumbnail when mouse is hovering over item. Even when disabled, playback can be started by hovering over the play icon.",
+  "video_quality": "Video quality",
  "videos": "Videos",
  "videos_count": "{count, plural, one {# Video} other {# Videos}}",
  "videos_only": "Videos only",
@@ -1,8 +1,8 @@
 ARG DEVICE=cpu

-FROM python:3.11-bookworm@sha256:970c99f886b839fc8829289040c1845dadaf2cae46b37acc7710333158ec29b4 AS builder-cpu
+FROM python:3.11-bookworm@sha256:121d86b6d08752968a7dddbc708849e5f3a839bbff47f32212b46d2a1d842bab AS builder-cpu

-FROM python:3.13-slim-trixie@sha256:d168b8d9eb761f4d3fe305ebd04aeb7e7f2de0297cec5fb2f8f6403244621664 AS builder-openvino
+FROM python:3.13-slim-trixie@sha256:b04b5d7233d2ad9c379e22ea8927cd1378cd15c60d4ef876c065b25ea8fb3bf3 AS builder-openvino

 FROM builder-cpu AS builder-cuda

@@ -39,12 +39,12 @@ RUN --mount=type=cache,target=/root/.cache/uv \
    --mount=type=bind,source=pyproject.toml,target=pyproject.toml \
    uv sync --frozen --extra ${DEVICE} --no-dev --no-editable --no-install-project --compile-bytecode --no-progress --active --link-mode copy

-FROM python:3.11-slim-bookworm@sha256:9c6f90801e6b68e772b7c0ca74260cbf7af9f320acec894e26fccdaccfbe3b47 AS prod-cpu
+FROM python:3.11-slim-bookworm@sha256:8dca233de9f3d9bb410665f00a4da6dd06f331083137e0e98ccf227236fcc438 AS prod-cpu

 ENV LD_PRELOAD=/usr/lib/libmimalloc.so.2 \
    MACHINE_LEARNING_MODEL_ARENA=false

-FROM python:3.13-slim-trixie@sha256:d168b8d9eb761f4d3fe305ebd04aeb7e7f2de0297cec5fb2f8f6403244621664 AS prod-openvino
+FROM python:3.13-slim-trixie@sha256:b04b5d7233d2ad9c379e22ea8927cd1378cd15c60d4ef876c065b25ea8fb3bf3 AS prod-openvino

 RUN apt-get update && \
    apt-get install --no-install-recommends -yqq ocl-icd-libopencl1 wget && \
@@ -49,6 +49,7 @@ try:
            str(settings.http_keepalive_timeout_s),
            "--graceful-timeout",
            "10",
+            "--no-control-socket",
        ],
    ) as cmd:
        cmd.wait()
@@ -12,7 +12,7 @@ from zipfile import BadZipFile

 import orjson
 from fastapi import Depends, FastAPI, File, Form, HTTPException
-from fastapi.responses import ORJSONResponse, PlainTextResponse
+from fastapi.responses import PlainTextResponse
 from onnxruntime.capi.onnxruntime_pybind11_state import InvalidProtobuf, NoSuchFile
 from PIL.Image import Image
 from pydantic import ValidationError
@@ -32,6 +32,7 @@ from .schemas import (
    ModelIdentity,
    ModelTask,
    ModelType,
+    ORJSONResponse,
    PipelineRequest,
    T,
 )
@@ -89,7 +89,9 @@ class OpenClipTextualEncoder(BaseCLIPTextualEncoder):

        tokenizer: Tokenizer = Tokenizer.from_file(self.tokenizer_file_path.as_posix())

-        pad_id: int = tokenizer.token_to_id(pad_token)
+        pad_id = tokenizer.token_to_id(pad_token)
+        if pad_id is None:
+            raise ValueError(f"Pad token '{pad_token}' not found in tokenizer vocab")
        tokenizer.enable_padding(length=context_length, pad_token=pad_token, pad_id=pad_id)
        tokenizer.enable_truncation(max_length=context_length)

@@ -3,9 +3,16 @@ from typing import Any, Literal, Protocol, TypeGuard, TypeVar

 import numpy as np
 import numpy.typing as npt
+import orjson
+from fastapi.responses import JSONResponse
 from typing_extensions import TypedDict


+class ORJSONResponse(JSONResponse):
+    def render(self, content: Any) -> bytes:
+        return orjson.dumps(content, option=orjson.OPT_SERIALIZE_NUMPY)
+
+
 class StrEnum(str, Enum):
    value: str

@@ -49,7 +49,7 @@ def get_version_from_pubspec
  pubspec = YAML.load_file(pubspec_path)
  
  version_string = pubspec['version']
-  version_string ? version_string.split('+').first : nil
+  version_string ? version_string.split('+').first.split('-').first : nil
 end
  
  # Helper method to configure code signing for all targets
@@ -2,16 +2,12 @@ import 'package:immich_mobile/utils/semver.dart';
 import 'package:openapi/api.dart';

 class ServerVersion extends SemVer {
-  const ServerVersion({required super.major, required super.minor, required super.patch});
+  const ServerVersion({required super.major, required super.minor, required super.patch, super.prerelease});

-  @override
-  String toString() {
-    return 'ServerVersion(major: $major, minor: $minor, patch: $patch)';
-  }
+  ServerVersion.fromDto(ServerVersionResponseDto dto)
+    : super(major: dto.major, minor: dto.minor, patch: dto.patch_, prerelease: dto.prerelease);

-  ServerVersion.fromDto(ServerVersionResponseDto dto) : super(major: dto.major, minor: dto.minor, patch: dto.patch_);
-
-  bool isAtLeast({int major = 0, int minor = 0, int patch = 0}) {
-    return this >= SemVer(major: major, minor: minor, patch: patch);
+  bool isAtLeast({int major = 0, int minor = 0, int patch = 0, int? prerelease}) {
+    return this >= SemVer(major: major, minor: minor, patch: patch, prerelease: prerelease);
  }
 }
@@ -63,16 +63,19 @@ class SheetTile extends ConsumerWidget {
      subtitleWidget = null;
    }

-    return ListTile(
-      dense: true,
-      visualDensity: VisualDensity.compact,
-      title: GestureDetector(onLongPress: () => copyTitle(context, ref), child: titleWidget),
-      titleAlignment: ListTileTitleAlignment.center,
-      leading: leading,
-      trailing: trailing,
-      contentPadding: leading == null ? null : const EdgeInsets.only(left: 25),
-      subtitle: subtitleWidget,
-      onTap: onTap,
+    return Material(
+      type: MaterialType.transparency,
+      child: ListTile(
+        dense: true,
+        visualDensity: VisualDensity.compact,
+        title: GestureDetector(onLongPress: () => copyTitle(context, ref), child: titleWidget),
+        titleAlignment: ListTileTitleAlignment.center,
+        leading: leading,
+        trailing: trailing,
+        contentPadding: leading == null ? null : const EdgeInsets.only(left: 25),
+        subtitle: subtitleWidget,
+        onTap: onTap,
+      ),
    );
  }
 }
@@ -1,36 +1,42 @@
-enum SemVerType { major, minor, patch }
+enum SemVerType { major, minor, patch, prerelease }

 class SemVer {
  final int major;
  final int minor;
  final int patch;
+  final int? prerelease;

-  const SemVer({required this.major, required this.minor, required this.patch});
+  const SemVer({required this.major, required this.minor, required this.patch, this.prerelease});

  @override
  String toString() {
-    return '$major.$minor.$patch';
+    return '$major.$minor.$patch${prerelease == null ? '' : '-rc.$prerelease'}';
  }

-  SemVer copyWith({int? major, int? minor, int? patch}) {
-    return SemVer(major: major ?? this.major, minor: minor ?? this.minor, patch: patch ?? this.patch);
+  SemVer copyWith({int? major, int? minor, int? patch, int? prerelease}) {
+    return SemVer(
+      major: major ?? this.major,
+      minor: minor ?? this.minor,
+      patch: patch ?? this.patch,
+      prerelease: prerelease ?? this.prerelease,
+    );
  }

+  static final _pattern = RegExp(r'^v?(\d+)\.(\d+)\.(\d+)(?:-rc\.(\d+))?(?:[-+].*)?$', caseSensitive: false);
+
  factory SemVer.fromString(String version) {
-    if (version.toLowerCase().startsWith("v")) {
-      version = version.substring(1);
-    }
-
-    final parts = version.split("-")[0].split('.');
-    if (parts.length != 3) {
+    final match = _pattern.firstMatch(version);
+    if (match == null) {
      throw FormatException('Invalid semantic version string: $version');
    }

-    try {
-      return SemVer(major: int.parse(parts[0]), minor: int.parse(parts[1]), patch: int.parse(parts[2]));
-    } catch (e) {
-      throw FormatException('Invalid semantic version string: $version');
-    }
+    final prerelease = match.group(4);
+    return SemVer(
+      major: int.parse(match.group(1)!),
+      minor: int.parse(match.group(2)!),
+      patch: int.parse(match.group(3)!),
+      prerelease: prerelease == null ? null : int.parse(prerelease),
+    );
  }

  bool operator >(SemVer other) {
@@ -40,7 +46,10 @@ class SemVer {
    if (minor != other.minor) {
      return minor > other.minor;
    }
-    return patch > other.patch;
+    if (patch != other.patch) {
+      return patch > other.patch;
+    }
+    return _comparePrerelease(other) > 0;
  }

  bool operator <(SemVer other) {
@@ -50,7 +59,23 @@ class SemVer {
    if (minor != other.minor) {
      return minor < other.minor;
    }
-    return patch < other.patch;
+    if (patch != other.patch) {
+      return patch < other.patch;
+    }
+    return _comparePrerelease(other) < 0;
+  }
+
+  int _comparePrerelease(SemVer other) {
+    if (prerelease == other.prerelease) {
+      return 0;
+    }
+    if (prerelease == null) {
+      return 1;
+    }
+    if (other.prerelease == null) {
+      return -1;
+    }
+    return prerelease!.compareTo(other.prerelease!);
  }

  bool operator >=(SemVer other) {
@@ -67,7 +92,11 @@ class SemVer {
      return true;
    }

-    return other is SemVer && other.major == major && other.minor == minor && other.patch == patch;
+    return other is SemVer &&
+        other.major == major &&
+        other.minor == minor &&
+        other.patch == patch &&
+        other.prerelease == prerelease;
  }

  SemVerType? differenceType(SemVer other) {
@@ -80,10 +109,13 @@ class SemVer {
    if (patch != other.patch) {
      return SemVerType.patch;
    }
+    if (prerelease != other.prerelease) {
+      return SemVerType.prerelease;
+    }

    return null;
  }

  @override
-  int get hashCode => major.hashCode ^ minor.hashCode ^ patch.hashCode;
+  int get hashCode => major.hashCode ^ minor.hashCode ^ patch.hashCode ^ prerelease.hashCode;
 }
@@ -50,9 +50,7 @@ class AppBarServerInfo extends HookConsumerWidget {
          divider,
          _ServerInfoItem(
            label: "server_version".tr(),
-            text: serverInfoState.serverVersion.major > 0
-                ? "${serverInfoState.serverVersion.major}.${serverInfoState.serverVersion.minor}.${serverInfoState.serverVersion.patch}"
-                : "--",
+            text: serverInfoState.serverVersion.major > 0 ? "${serverInfoState.serverVersion}" : "--",
          ),
          divider,
          _ServerInfoItem(label: "server_info_box_server_url".tr(), text: getServerUrl() ?? '--', tooltip: true),
@@ -60,9 +58,7 @@ class AppBarServerInfo extends HookConsumerWidget {
            divider,
            _ServerInfoItem(
              label: "latest_version".tr(),
-              text: serverInfoState.latestVersion!.major > 0
-                  ? "${serverInfoState.latestVersion!.major}.${serverInfoState.latestVersion!.minor}.${serverInfoState.latestVersion!.patch}"
-                  : "--",
+              text: serverInfoState.latestVersion!.major > 0 ? "${serverInfoState.latestVersion!}" : "--",
              tooltip: true,
              icon: serverInfoState.versionStatus == VersionStatus.serverOutOfDate
                  ? const Icon(Icons.info, color: Color.fromARGB(255, 243, 188, 106), size: 12)
@@ -103,12 +103,16 @@ Class | Method | HTTP request | Description
 *AssetsApi* | [**deleteBulkAssetMetadata**](doc//AssetsApi.md#deletebulkassetmetadata) | **DELETE** /assets/metadata | Delete asset metadata
 *AssetsApi* | [**downloadAsset**](doc//AssetsApi.md#downloadasset) | **GET** /assets/{id}/original | Download original asset
 *AssetsApi* | [**editAsset**](doc//AssetsApi.md#editasset) | **PUT** /assets/{id}/edits | Apply edits to an existing asset
+*AssetsApi* | [**endSession**](doc//AssetsApi.md#endsession) | **DELETE** /assets/{id}/video/stream/{sessionId} | End HLS streaming session
 *AssetsApi* | [**getAssetEdits**](doc//AssetsApi.md#getassetedits) | **GET** /assets/{id}/edits | Retrieve edits for an existing asset
 *AssetsApi* | [**getAssetInfo**](doc//AssetsApi.md#getassetinfo) | **GET** /assets/{id} | Retrieve an asset
 *AssetsApi* | [**getAssetMetadata**](doc//AssetsApi.md#getassetmetadata) | **GET** /assets/{id}/metadata | Get asset metadata
 *AssetsApi* | [**getAssetMetadataByKey**](doc//AssetsApi.md#getassetmetadatabykey) | **GET** /assets/{id}/metadata/{key} | Retrieve asset metadata by key
 *AssetsApi* | [**getAssetOcr**](doc//AssetsApi.md#getassetocr) | **GET** /assets/{id}/ocr | Retrieve asset OCR data
 *AssetsApi* | [**getAssetStatistics**](doc//AssetsApi.md#getassetstatistics) | **GET** /assets/statistics | Get asset statistics
+*AssetsApi* | [**getMainPlaylist**](doc//AssetsApi.md#getmainplaylist) | **GET** /assets/{id}/video/stream/main.m3u8 | Get HLS main playlist
+*AssetsApi* | [**getMediaPlaylist**](doc//AssetsApi.md#getmediaplaylist) | **GET** /assets/{id}/video/stream/{sessionId}/{variantIndex}/playlist.m3u8 | Get HLS media playlist
+*AssetsApi* | [**getSegment**](doc//AssetsApi.md#getsegment) | **GET** /assets/{id}/video/stream/{sessionId}/{variantIndex}/{filename} | Get HLS segment or init file
 *AssetsApi* | [**playAssetVideo**](doc//AssetsApi.md#playassetvideo) | **GET** /assets/{id}/video/playback | Play asset video
 *AssetsApi* | [**removeAssetEdits**](doc//AssetsApi.md#removeassetedits) | **DELETE** /assets/{id}/edits | Remove edits from an existing asset
 *AssetsApi* | [**runAssetJobs**](doc//AssetsApi.md#runassetjobs) | **POST** /assets/jobs | Run an asset job
@@ -513,6 +517,9 @@ Class | Method | HTTP request | Description
 - [RatingsUpdate](doc//RatingsUpdate.md)
 - [ReactionLevel](doc//ReactionLevel.md)
 - [ReactionType](doc//ReactionType.md)
+ - [ReleaseChannel](doc//ReleaseChannel.md)
+ - [ReleaseEventV1](doc//ReleaseEventV1.md)
+ - [ReleaseType](doc//ReleaseType.md)
 - [ReverseGeocodingStateResponseDto](doc//ReverseGeocodingStateResponseDto.md)
 - [RotateParameters](doc//RotateParameters.md)
 - [SearchAlbumResponseDto](doc//SearchAlbumResponseDto.md)
@@ -597,6 +604,7 @@ Class | Method | HTTP request | Description
 - [SystemConfigBackupsDto](doc//SystemConfigBackupsDto.md)
 - [SystemConfigDto](doc//SystemConfigDto.md)
 - [SystemConfigFFmpegDto](doc//SystemConfigFFmpegDto.md)
+ - [SystemConfigFFmpegRealtimeDto](doc//SystemConfigFFmpegRealtimeDto.md)
 - [SystemConfigFacesDto](doc//SystemConfigFacesDto.md)
 - [SystemConfigGeneratedFullsizeImageDto](doc//SystemConfigGeneratedFullsizeImageDto.md)
 - [SystemConfigGeneratedImageDto](doc//SystemConfigGeneratedImageDto.md)
@@ -258,6 +258,9 @@ part 'model/ratings_response.dart';
 part 'model/ratings_update.dart';
 part 'model/reaction_level.dart';
 part 'model/reaction_type.dart';
+part 'model/release_channel.dart';
+part 'model/release_event_v1.dart';
+part 'model/release_type.dart';
 part 'model/reverse_geocoding_state_response_dto.dart';
 part 'model/rotate_parameters.dart';
 part 'model/search_album_response_dto.dart';
@@ -342,6 +345,7 @@ part 'model/sync_user_v1.dart';
 part 'model/system_config_backups_dto.dart';
 part 'model/system_config_dto.dart';
 part 'model/system_config_f_fmpeg_dto.dart';
+part 'model/system_config_f_fmpeg_realtime_dto.dart';
 part 'model/system_config_faces_dto.dart';
 part 'model/system_config_generated_fullsize_image_dto.dart';
 part 'model/system_config_generated_image_dto.dart';
@@ -423,6 +423,76 @@ class AssetsApi {
    return null;
  }

+  /// End HLS streaming session
+  ///
+  /// Releases server resources for the streaming session.
+  ///
+  /// Note: This method returns the HTTP [Response].
+  ///
+  /// Parameters:
+  ///
+  /// * [String] id (required):
+  ///
+  /// * [String] sessionId (required):
+  ///
+  /// * [String] key:
+  ///
+  /// * [String] slug:
+  Future<Response> endSessionWithHttpInfo(String id, String sessionId, { String? key, String? slug, Future<void>? abortTrigger, }) async {
+    // ignore: prefer_const_declarations
+    final apiPath = r'/assets/{id}/video/stream/{sessionId}'
+      .replaceAll('{id}', id)
+      .replaceAll('{sessionId}', sessionId);
+
+    // ignore: prefer_final_locals
+    Object? postBody;
+
+    final queryParams = <QueryParam>[];
+    final headerParams = <String, String>{};
+    final formParams = <String, String>{};
+
+    if (key != null) {
+      queryParams.addAll(_queryParams('', 'key', key));
+    }
+    if (slug != null) {
+      queryParams.addAll(_queryParams('', 'slug', slug));
+    }
+
+    const contentTypes = <String>[];
+
+
+    return apiClient.invokeAPI(
+      apiPath,
+      'DELETE',
+      queryParams,
+      postBody,
+      headerParams,
+      formParams,
+      contentTypes.isEmpty ? null : contentTypes.first,
+      abortTrigger: abortTrigger,
+    );
+  }
+
+  /// End HLS streaming session
+  ///
+  /// Releases server resources for the streaming session.
+  ///
+  /// Parameters:
+  ///
+  /// * [String] id (required):
+  ///
+  /// * [String] sessionId (required):
+  ///
+  /// * [String] key:
+  ///
+  /// * [String] slug:
+  Future<void> endSession(String id, String sessionId, { String? key, String? slug, Future<void>? abortTrigger, }) async {
+    final response = await endSessionWithHttpInfo(id, sessionId, key: key, slug: slug, abortTrigger: abortTrigger,);
+    if (response.statusCode >= HttpStatus.badRequest) {
+      throw ApiException(response.statusCode, await _decodeBodyBytes(response));
+    }
+  }
+
  /// Retrieve edits for an existing asset
  ///
  /// Retrieve a series of edit actions (crop, rotate, mirror) associated with the specified asset.
@@ -822,6 +892,250 @@ class AssetsApi {
    return null;
  }

+  /// Get HLS main playlist
+  ///
+  /// Returns an HLS main playlist with all available variants for the asset.
+  ///
+  /// Note: This method returns the HTTP [Response].
+  ///
+  /// Parameters:
+  ///
+  /// * [String] id (required):
+  ///
+  /// * [String] key:
+  ///
+  /// * [String] slug:
+  Future<Response> getMainPlaylistWithHttpInfo(String id, { String? key, String? slug, Future<void>? abortTrigger, }) async {
+    // ignore: prefer_const_declarations
+    final apiPath = r'/assets/{id}/video/stream/main.m3u8'
+      .replaceAll('{id}', id);
+
+    // ignore: prefer_final_locals
+    Object? postBody;
+
+    final queryParams = <QueryParam>[];
+    final headerParams = <String, String>{};
+    final formParams = <String, String>{};
+
+    if (key != null) {
+      queryParams.addAll(_queryParams('', 'key', key));
+    }
+    if (slug != null) {
+      queryParams.addAll(_queryParams('', 'slug', slug));
+    }
+
+    const contentTypes = <String>[];
+
+
+    return apiClient.invokeAPI(
+      apiPath,
+      'GET',
+      queryParams,
+      postBody,
+      headerParams,
+      formParams,
+      contentTypes.isEmpty ? null : contentTypes.first,
+      abortTrigger: abortTrigger,
+    );
+  }
+
+  /// Get HLS main playlist
+  ///
+  /// Returns an HLS main playlist with all available variants for the asset.
+  ///
+  /// Parameters:
+  ///
+  /// * [String] id (required):
+  ///
+  /// * [String] key:
+  ///
+  /// * [String] slug:
+  Future<String?> getMainPlaylist(String id, { String? key, String? slug, Future<void>? abortTrigger, }) async {
+    final response = await getMainPlaylistWithHttpInfo(id, key: key, slug: slug, abortTrigger: abortTrigger,);
+    if (response.statusCode >= HttpStatus.badRequest) {
+      throw ApiException(response.statusCode, await _decodeBodyBytes(response));
+    }
+    // When a remote server returns no body with a status of 204, we shall not decode it.
+    // At the time of writing this, `dart:convert` will throw an "Unexpected end of input"
+    // FormatException when trying to decode an empty string.
+    if (response.body.isNotEmpty && response.statusCode != HttpStatus.noContent) {
+      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'String',) as String;
+    
+    }
+    return null;
+  }
+
+  /// Get HLS media playlist
+  ///
+  /// Returns an HLS media playlist for one variant of the streaming session.
+  ///
+  /// Note: This method returns the HTTP [Response].
+  ///
+  /// Parameters:
+  ///
+  /// * [String] id (required):
+  ///
+  /// * [String] sessionId (required):
+  ///
+  /// * [int] variantIndex (required):
+  ///
+  /// * [String] key:
+  ///
+  /// * [String] slug:
+  Future<Response> getMediaPlaylistWithHttpInfo(String id, String sessionId, int variantIndex, { String? key, String? slug, Future<void>? abortTrigger, }) async {
+    // ignore: prefer_const_declarations
+    final apiPath = r'/assets/{id}/video/stream/{sessionId}/{variantIndex}/playlist.m3u8'
+      .replaceAll('{id}', id)
+      .replaceAll('{sessionId}', sessionId)
+      .replaceAll('{variantIndex}', variantIndex.toString());
+
+    // ignore: prefer_final_locals
+    Object? postBody;
+
+    final queryParams = <QueryParam>[];
+    final headerParams = <String, String>{};
+    final formParams = <String, String>{};
+
+    if (key != null) {
+      queryParams.addAll(_queryParams('', 'key', key));
+    }
+    if (slug != null) {
+      queryParams.addAll(_queryParams('', 'slug', slug));
+    }
+
+    const contentTypes = <String>[];
+
+
+    return apiClient.invokeAPI(
+      apiPath,
+      'GET',
+      queryParams,
+      postBody,
+      headerParams,
+      formParams,
+      contentTypes.isEmpty ? null : contentTypes.first,
+      abortTrigger: abortTrigger,
+    );
+  }
+
+  /// Get HLS media playlist
+  ///
+  /// Returns an HLS media playlist for one variant of the streaming session.
+  ///
+  /// Parameters:
+  ///
+  /// * [String] id (required):
+  ///
+  /// * [String] sessionId (required):
+  ///
+  /// * [int] variantIndex (required):
+  ///
+  /// * [String] key:
+  ///
+  /// * [String] slug:
+  Future<String?> getMediaPlaylist(String id, String sessionId, int variantIndex, { String? key, String? slug, Future<void>? abortTrigger, }) async {
+    final response = await getMediaPlaylistWithHttpInfo(id, sessionId, variantIndex, key: key, slug: slug, abortTrigger: abortTrigger,);
+    if (response.statusCode >= HttpStatus.badRequest) {
+      throw ApiException(response.statusCode, await _decodeBodyBytes(response));
+    }
+    // When a remote server returns no body with a status of 204, we shall not decode it.
+    // At the time of writing this, `dart:convert` will throw an "Unexpected end of input"
+    // FormatException when trying to decode an empty string.
+    if (response.body.isNotEmpty && response.statusCode != HttpStatus.noContent) {
+      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'String',) as String;
+    
+    }
+    return null;
+  }
+
+  /// Get HLS segment or init file
+  ///
+  /// Streams an HLS init segment (init.mp4) or media segment (seg_N.m4s).
+  ///
+  /// Note: This method returns the HTTP [Response].
+  ///
+  /// Parameters:
+  ///
+  /// * [String] filename (required):
+  ///
+  /// * [String] id (required):
+  ///
+  /// * [String] sessionId (required):
+  ///
+  /// * [int] variantIndex (required):
+  ///
+  /// * [String] key:
+  ///
+  /// * [String] slug:
+  Future<Response> getSegmentWithHttpInfo(String filename, String id, String sessionId, int variantIndex, { String? key, String? slug, Future<void>? abortTrigger, }) async {
+    // ignore: prefer_const_declarations
+    final apiPath = r'/assets/{id}/video/stream/{sessionId}/{variantIndex}/{filename}'
+      .replaceAll('{filename}', filename)
+      .replaceAll('{id}', id)
+      .replaceAll('{sessionId}', sessionId)
+      .replaceAll('{variantIndex}', variantIndex.toString());
+
+    // ignore: prefer_final_locals
+    Object? postBody;
+
+    final queryParams = <QueryParam>[];
+    final headerParams = <String, String>{};
+    final formParams = <String, String>{};
+
+    if (key != null) {
+      queryParams.addAll(_queryParams('', 'key', key));
+    }
+    if (slug != null) {
+      queryParams.addAll(_queryParams('', 'slug', slug));
+    }
+
+    const contentTypes = <String>[];
+
+
+    return apiClient.invokeAPI(
+      apiPath,
+      'GET',
+      queryParams,
+      postBody,
+      headerParams,
+      formParams,
+      contentTypes.isEmpty ? null : contentTypes.first,
+      abortTrigger: abortTrigger,
+    );
+  }
+
+  /// Get HLS segment or init file
+  ///
+  /// Streams an HLS init segment (init.mp4) or media segment (seg_N.m4s).
+  ///
+  /// Parameters:
+  ///
+  /// * [String] filename (required):
+  ///
+  /// * [String] id (required):
+  ///
+  /// * [String] sessionId (required):
+  ///
+  /// * [int] variantIndex (required):
+  ///
+  /// * [String] key:
+  ///
+  /// * [String] slug:
+  Future<MultipartFile?> getSegment(String filename, String id, String sessionId, int variantIndex, { String? key, String? slug, Future<void>? abortTrigger, }) async {
+    final response = await getSegmentWithHttpInfo(filename, id, sessionId, variantIndex, key: key, slug: slug, abortTrigger: abortTrigger,);
+    if (response.statusCode >= HttpStatus.badRequest) {
+      throw ApiException(response.statusCode, await _decodeBodyBytes(response));
+    }
+    // When a remote server returns no body with a status of 204, we shall not decode it.
+    // At the time of writing this, `dart:convert` will throw an "Unexpected end of input"
+    // FormatException when trying to decode an empty string.
+    if (response.body.isNotEmpty && response.statusCode != HttpStatus.noContent) {
+      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'MultipartFile',) as MultipartFile;
+    
+    }
+    return null;
+  }
+
  /// Play asset video
  ///
  /// Streams the video file for the specified asset. This endpoint also supports byte range requests.
@@ -563,6 +563,12 @@ class ApiClient {
          return ReactionLevelTypeTransformer().decode(value);
        case 'ReactionType':
          return ReactionTypeTypeTransformer().decode(value);
+        case 'ReleaseChannel':
+          return ReleaseChannelTypeTransformer().decode(value);
+        case 'ReleaseEventV1':
+          return ReleaseEventV1.fromJson(value);
+        case 'ReleaseType':
+          return ReleaseTypeTypeTransformer().decode(value);
        case 'ReverseGeocodingStateResponseDto':
          return ReverseGeocodingStateResponseDto.fromJson(value);
        case 'RotateParameters':
@@ -731,6 +737,8 @@ class ApiClient {
          return SystemConfigDto.fromJson(value);
        case 'SystemConfigFFmpegDto':
          return SystemConfigFFmpegDto.fromJson(value);
+        case 'SystemConfigFFmpegRealtimeDto':
+          return SystemConfigFFmpegRealtimeDto.fromJson(value);
        case 'SystemConfigFacesDto':
          return SystemConfigFacesDto.fromJson(value);
        case 'SystemConfigGeneratedFullsizeImageDto':
@@ -157,6 +157,12 @@ String parameterToString(dynamic value) {
  if (value is ReactionType) {
    return ReactionTypeTypeTransformer().encode(value).toString();
  }
+  if (value is ReleaseChannel) {
+    return ReleaseChannelTypeTransformer().encode(value).toString();
+  }
+  if (value is ReleaseType) {
+    return ReleaseTypeTypeTransformer().encode(value).toString();
+  }
  if (value is SearchSuggestionType) {
    return SearchSuggestionTypeTypeTransformer().encode(value).toString();
  }
@@ -52,6 +52,7 @@ class JobName {
  static const librarySyncFilesQueueAll = JobName._(r'LibrarySyncFilesQueueAll');
  static const librarySyncFiles = JobName._(r'LibrarySyncFiles');
  static const libraryScanQueueAll = JobName._(r'LibraryScanQueueAll');
+  static const hlsSessionCleanup = JobName._(r'HlsSessionCleanup');
  static const memoryCleanup = JobName._(r'MemoryCleanup');
  static const memoryGenerate = JobName._(r'MemoryGenerate');
  static const notificationsCleanup = JobName._(r'NotificationsCleanup');
@@ -110,6 +111,7 @@ class JobName {
    librarySyncFilesQueueAll,
    librarySyncFiles,
    libraryScanQueueAll,
+    hlsSessionCleanup,
    memoryCleanup,
    memoryGenerate,
    notificationsCleanup,
@@ -203,6 +205,7 @@ class JobNameTypeTransformer {
        case r'LibrarySyncFilesQueueAll': return JobName.librarySyncFilesQueueAll;
        case r'LibrarySyncFiles': return JobName.librarySyncFiles;
        case r'LibraryScanQueueAll': return JobName.libraryScanQueueAll;
+        case r'HlsSessionCleanup': return JobName.hlsSessionCleanup;
        case r'MemoryCleanup': return JobName.memoryCleanup;
        case r'MemoryGenerate': return JobName.memoryGenerate;
        case r'NotificationsCleanup': return JobName.notificationsCleanup;
@@ -14,32 +14,52 @@ class PeopleResponse {
  /// Returns a new [PeopleResponse] instance.
  PeopleResponse({
    required this.enabled,
+    this.minimumFaces,
    required this.sidebarWeb,
  });

  /// Whether people are enabled
  bool enabled;

+  /// People face threshold
+  ///
+  /// Minimum value: 1
+  /// Maximum value: 9007199254740991
+  ///
+  /// Please note: This property should have been non-nullable! Since the specification file
+  /// does not include a default value (using the "default:" property), however, the generated
+  /// source code must fall back to having a nullable type.
+  /// Consider adding a "default:" property in the specification file to hide this note.
+  ///
+  int? minimumFaces;
+
  /// Whether people appear in web sidebar
  bool sidebarWeb;

  @override
  bool operator ==(Object other) => identical(this, other) || other is PeopleResponse &&
    other.enabled == enabled &&
+    other.minimumFaces == minimumFaces &&
    other.sidebarWeb == sidebarWeb;

  @override
  int get hashCode =>
    // ignore: unnecessary_parenthesis
    (enabled.hashCode) +
+    (minimumFaces == null ? 0 : minimumFaces!.hashCode) +
    (sidebarWeb.hashCode);

  @override
-  String toString() => 'PeopleResponse[enabled=$enabled, sidebarWeb=$sidebarWeb]';
+  String toString() => 'PeopleResponse[enabled=$enabled, minimumFaces=$minimumFaces, sidebarWeb=$sidebarWeb]';

  Map<String, dynamic> toJson() {
    final json = <String, dynamic>{};
      json[r'enabled'] = this.enabled;
+    if (this.minimumFaces != null) {
+      json[r'minimumFaces'] = this.minimumFaces;
+    } else {
+    //  json[r'minimumFaces'] = null;
+    }
      json[r'sidebarWeb'] = this.sidebarWeb;
    return json;
  }
@@ -54,6 +74,7 @@ class PeopleResponse {

      return PeopleResponse(
        enabled: mapValueOfType<bool>(json, r'enabled')!,
+        minimumFaces: mapValueOfType<int>(json, r'minimumFaces'),
        sidebarWeb: mapValueOfType<bool>(json, r'sidebarWeb')!,
      );
    }
@@ -14,6 +14,7 @@ class PeopleUpdate {
  /// Returns a new [PeopleUpdate] instance.
  PeopleUpdate({
    this.enabled,
+    this.minimumFaces,
    this.sidebarWeb,
  });

@@ -26,6 +27,18 @@ class PeopleUpdate {
  ///
  bool? enabled;

+  /// People face threshold
+  ///
+  /// Minimum value: 1
+  /// Maximum value: 9007199254740991
+  ///
+  /// Please note: This property should have been non-nullable! Since the specification file
+  /// does not include a default value (using the "default:" property), however, the generated
+  /// source code must fall back to having a nullable type.
+  /// Consider adding a "default:" property in the specification file to hide this note.
+  ///
+  int? minimumFaces;
+
  /// Whether people appear in web sidebar
  ///
  /// Please note: This property should have been non-nullable! Since the specification file
@@ -38,16 +51,18 @@ class PeopleUpdate {
  @override
  bool operator ==(Object other) => identical(this, other) || other is PeopleUpdate &&
    other.enabled == enabled &&
+    other.minimumFaces == minimumFaces &&
    other.sidebarWeb == sidebarWeb;

  @override
  int get hashCode =>
    // ignore: unnecessary_parenthesis
    (enabled == null ? 0 : enabled!.hashCode) +
+    (minimumFaces == null ? 0 : minimumFaces!.hashCode) +
    (sidebarWeb == null ? 0 : sidebarWeb!.hashCode);

  @override
-  String toString() => 'PeopleUpdate[enabled=$enabled, sidebarWeb=$sidebarWeb]';
+  String toString() => 'PeopleUpdate[enabled=$enabled, minimumFaces=$minimumFaces, sidebarWeb=$sidebarWeb]';

  Map<String, dynamic> toJson() {
    final json = <String, dynamic>{};
@@ -56,6 +71,11 @@ class PeopleUpdate {
    } else {
    //  json[r'enabled'] = null;
    }
+    if (this.minimumFaces != null) {
+      json[r'minimumFaces'] = this.minimumFaces;
+    } else {
+    //  json[r'minimumFaces'] = null;
+    }
    if (this.sidebarWeb != null) {
      json[r'sidebarWeb'] = this.sidebarWeb;
    } else {
@@ -74,6 +94,7 @@ class PeopleUpdate {

      return PeopleUpdate(
        enabled: mapValueOfType<bool>(json, r'enabled'),
+        minimumFaces: mapValueOfType<int>(json, r'minimumFaces'),
        sidebarWeb: mapValueOfType<bool>(json, r'sidebarWeb'),
      );
    }
@@ -0,0 +1,85 @@
+//
+// AUTO-GENERATED FILE, DO NOT MODIFY!
+//
+// @dart=2.18
+
+// ignore_for_file: unused_element, unused_import
+// ignore_for_file: always_put_required_named_parameters_first
+// ignore_for_file: constant_identifier_names
+// ignore_for_file: lines_longer_than_80_chars
+
+part of openapi.api;
+
+/// Release channel
+class ReleaseChannel {
+  /// Instantiate a new enum with the provided [value].
+  const ReleaseChannel._(this.value);
+
+  /// The underlying value of this enum member.
+  final String value;
+
+  @override
+  String toString() => value;
+
+  String toJson() => value;
+
+  static const stable = ReleaseChannel._(r'stable');
+  static const releaseCandidate = ReleaseChannel._(r'releaseCandidate');
+
+  /// List of all possible values in this [enum][ReleaseChannel].
+  static const values = <ReleaseChannel>[
+    stable,
+    releaseCandidate,
+  ];
+
+  static ReleaseChannel? fromJson(dynamic value) => ReleaseChannelTypeTransformer().decode(value);
+
+  static List<ReleaseChannel> listFromJson(dynamic json, {bool growable = false,}) {
+    final result = <ReleaseChannel>[];
+    if (json is List && json.isNotEmpty) {
+      for (final row in json) {
+        final value = ReleaseChannel.fromJson(row);
+        if (value != null) {
+          result.add(value);
+        }
+      }
+    }
+    return result.toList(growable: growable);
+  }
+}
+
+/// Transformation class that can [encode] an instance of [ReleaseChannel] to String,
+/// and [decode] dynamic data back to [ReleaseChannel].
+class ReleaseChannelTypeTransformer {
+  factory ReleaseChannelTypeTransformer() => _instance ??= const ReleaseChannelTypeTransformer._();
+
+  const ReleaseChannelTypeTransformer._();
+
+  String encode(ReleaseChannel data) => data.value;
+
+  /// Decodes a [dynamic value][data] to a ReleaseChannel.
+  ///
+  /// If [allowNull] is true and the [dynamic value][data] cannot be decoded successfully,
+  /// then null is returned. However, if [allowNull] is false and the [dynamic value][data]
+  /// cannot be decoded successfully, then an [UnimplementedError] is thrown.
+  ///
+  /// The [allowNull] is very handy when an API changes and a new enum value is added or removed,
+  /// and users are still using an old app with the old code.
+  ReleaseChannel? decode(dynamic data, {bool allowNull = true}) {
+    if (data != null) {
+      switch (data) {
+        case r'stable': return ReleaseChannel.stable;
+        case r'releaseCandidate': return ReleaseChannel.releaseCandidate;
+        default:
+          if (!allowNull) {
+            throw ArgumentError('Unknown enum value to decode: $data');
+          }
+      }
+    }
+    return null;
+  }
+
+  /// Singleton [ReleaseChannelTypeTransformer] instance.
+  static ReleaseChannelTypeTransformer? _instance;
+}
+
@@ -0,0 +1,133 @@
+//
+// AUTO-GENERATED FILE, DO NOT MODIFY!
+//
+// @dart=2.18
+
+// ignore_for_file: unused_element, unused_import
+// ignore_for_file: always_put_required_named_parameters_first
+// ignore_for_file: constant_identifier_names
+// ignore_for_file: lines_longer_than_80_chars
+
+part of openapi.api;
+
+class ReleaseEventV1 {
+  /// Returns a new [ReleaseEventV1] instance.
+  ReleaseEventV1({
+    required this.checkedAt,
+    required this.isAvailable,
+    required this.releaseVersion,
+    required this.serverVersion,
+    required this.type,
+  });
+
+  /// When the server last checked for a latest version. As an ISO timestamp
+  String checkedAt;
+
+  /// Whether a new version is available
+  bool isAvailable;
+
+  ServerVersionResponseDto releaseVersion;
+
+  ServerVersionResponseDto serverVersion;
+
+  ReleaseType type;
+
+  @override
+  bool operator ==(Object other) => identical(this, other) || other is ReleaseEventV1 &&
+    other.checkedAt == checkedAt &&
+    other.isAvailable == isAvailable &&
+    other.releaseVersion == releaseVersion &&
+    other.serverVersion == serverVersion &&
+    other.type == type;
+
+  @override
+  int get hashCode =>
+    // ignore: unnecessary_parenthesis
+    (checkedAt.hashCode) +
+    (isAvailable.hashCode) +
+    (releaseVersion.hashCode) +
+    (serverVersion.hashCode) +
+    (type.hashCode);
+
+  @override
+  String toString() => 'ReleaseEventV1[checkedAt=$checkedAt, isAvailable=$isAvailable, releaseVersion=$releaseVersion, serverVersion=$serverVersion, type=$type]';
+
+  Map<String, dynamic> toJson() {
+    final json = <String, dynamic>{};
+      json[r'checkedAt'] = this.checkedAt;
+      json[r'isAvailable'] = this.isAvailable;
+      json[r'releaseVersion'] = this.releaseVersion;
+      json[r'serverVersion'] = this.serverVersion;
+      json[r'type'] = this.type;
+    return json;
+  }
+
+  /// Returns a new [ReleaseEventV1] instance and imports its values from
+  /// [value] if it's a [Map], null otherwise.
+  // ignore: prefer_constructors_over_static_methods
+  static ReleaseEventV1? fromJson(dynamic value) {
+    upgradeDto(value, "ReleaseEventV1");
+    if (value is Map) {
+      final json = value.cast<String, dynamic>();
+
+      return ReleaseEventV1(
+        checkedAt: mapValueOfType<String>(json, r'checkedAt')!,
+        isAvailable: mapValueOfType<bool>(json, r'isAvailable')!,
+        releaseVersion: ServerVersionResponseDto.fromJson(json[r'releaseVersion'])!,
+        serverVersion: ServerVersionResponseDto.fromJson(json[r'serverVersion'])!,
+        type: ReleaseType.fromJson(json[r'type'])!,
+      );
+    }
+    return null;
+  }
+
+  static List<ReleaseEventV1> listFromJson(dynamic json, {bool growable = false,}) {
+    final result = <ReleaseEventV1>[];
+    if (json is List && json.isNotEmpty) {
+      for (final row in json) {
+        final value = ReleaseEventV1.fromJson(row);
+        if (value != null) {
+          result.add(value);
+        }
+      }
+    }
+    return result.toList(growable: growable);
+  }
+
+  static Map<String, ReleaseEventV1> mapFromJson(dynamic json) {
+    final map = <String, ReleaseEventV1>{};
+    if (json is Map && json.isNotEmpty) {
+      json = json.cast<String, dynamic>(); // ignore: parameter_assignments
+      for (final entry in json.entries) {
+        final value = ReleaseEventV1.fromJson(entry.value);
+        if (value != null) {
+          map[entry.key] = value;
+        }
+      }
+    }
+    return map;
+  }
+
+  // maps a json object with a list of ReleaseEventV1-objects as value to a dart map
+  static Map<String, List<ReleaseEventV1>> mapListFromJson(dynamic json, {bool growable = false,}) {
+    final map = <String, List<ReleaseEventV1>>{};
+    if (json is Map && json.isNotEmpty) {
+      // ignore: parameter_assignments
+      json = json.cast<String, dynamic>();
+      for (final entry in json.entries) {
+        map[entry.key] = ReleaseEventV1.listFromJson(entry.value, growable: growable,);
+      }
+    }
+    return map;
+  }
+
+  /// The list of required keys that must be present in a JSON.
+  static const requiredKeys = <String>{
+    'checkedAt',
+    'isAvailable',
+    'releaseVersion',
+    'serverVersion',
+    'type',
+  };
+}
+
@@ -0,0 +1,100 @@
+//
+// AUTO-GENERATED FILE, DO NOT MODIFY!
+//
+// @dart=2.18
+
+// ignore_for_file: unused_element, unused_import
+// ignore_for_file: always_put_required_named_parameters_first
+// ignore_for_file: constant_identifier_names
+// ignore_for_file: lines_longer_than_80_chars
+
+part of openapi.api;
+
+
+class ReleaseType {
+  /// Instantiate a new enum with the provided [value].
+  const ReleaseType._(this.value);
+
+  /// The underlying value of this enum member.
+  final String value;
+
+  @override
+  String toString() => value;
+
+  String toJson() => value;
+
+  static const major = ReleaseType._(r'major');
+  static const premajor = ReleaseType._(r'premajor');
+  static const minor = ReleaseType._(r'minor');
+  static const preminor = ReleaseType._(r'preminor');
+  static const patch_ = ReleaseType._(r'patch');
+  static const prepatch = ReleaseType._(r'prepatch');
+  static const prerelease = ReleaseType._(r'prerelease');
+
+  /// List of all possible values in this [enum][ReleaseType].
+  static const values = <ReleaseType>[
+    major,
+    premajor,
+    minor,
+    preminor,
+    patch_,
+    prepatch,
+    prerelease,
+  ];
+
+  static ReleaseType? fromJson(dynamic value) => ReleaseTypeTypeTransformer().decode(value);
+
+  static List<ReleaseType> listFromJson(dynamic json, {bool growable = false,}) {
+    final result = <ReleaseType>[];
+    if (json is List && json.isNotEmpty) {
+      for (final row in json) {
+        final value = ReleaseType.fromJson(row);
+        if (value != null) {
+          result.add(value);
+        }
+      }
+    }
+    return result.toList(growable: growable);
+  }
+}
+
+/// Transformation class that can [encode] an instance of [ReleaseType] to String,
+/// and [decode] dynamic data back to [ReleaseType].
+class ReleaseTypeTypeTransformer {
+  factory ReleaseTypeTypeTransformer() => _instance ??= const ReleaseTypeTypeTransformer._();
+
+  const ReleaseTypeTypeTransformer._();
+
+  String encode(ReleaseType data) => data.value;
+
+  /// Decodes a [dynamic value][data] to a ReleaseType.
+  ///
+  /// If [allowNull] is true and the [dynamic value][data] cannot be decoded successfully,
+  /// then null is returned. However, if [allowNull] is false and the [dynamic value][data]
+  /// cannot be decoded successfully, then an [UnimplementedError] is thrown.
+  ///
+  /// The [allowNull] is very handy when an API changes and a new enum value is added or removed,
+  /// and users are still using an old app with the old code.
+  ReleaseType? decode(dynamic data, {bool allowNull = true}) {
+    if (data != null) {
+      switch (data) {
+        case r'major': return ReleaseType.major;
+        case r'premajor': return ReleaseType.premajor;
+        case r'minor': return ReleaseType.minor;
+        case r'preminor': return ReleaseType.preminor;
+        case r'patch': return ReleaseType.patch_;
+        case r'prepatch': return ReleaseType.prepatch;
+        case r'prerelease': return ReleaseType.prerelease;
+        default:
+          if (!allowNull) {
+            throw ArgumentError('Unknown enum value to decode: $data');
+          }
+      }
+    }
+    return null;
+  }
+
+  /// Singleton [ReleaseTypeTypeTransformer] instance.
+  static ReleaseTypeTypeTransformer? _instance;
+}
+
@@ -20,6 +20,7 @@ class ServerConfigDto {
    required this.maintenanceMode,
    required this.mapDarkStyleUrl,
    required this.mapLightStyleUrl,
+    required this.minFaces,
    required this.oauthButtonText,
    required this.publicUsers,
    required this.trashDays,
@@ -47,6 +48,12 @@ class ServerConfigDto {
  /// Map light style URL
  String mapLightStyleUrl;

+  /// People min faces server default
+  ///
+  /// Minimum value: -9007199254740991
+  /// Maximum value: 9007199254740991
+  int minFaces;
+
  /// OAuth button text
  String oauthButtonText;

@@ -74,6 +81,7 @@ class ServerConfigDto {
    other.maintenanceMode == maintenanceMode &&
    other.mapDarkStyleUrl == mapDarkStyleUrl &&
    other.mapLightStyleUrl == mapLightStyleUrl &&
+    other.minFaces == minFaces &&
    other.oauthButtonText == oauthButtonText &&
    other.publicUsers == publicUsers &&
    other.trashDays == trashDays &&
@@ -89,13 +97,14 @@ class ServerConfigDto {
    (maintenanceMode.hashCode) +
    (mapDarkStyleUrl.hashCode) +
    (mapLightStyleUrl.hashCode) +
+    (minFaces.hashCode) +
    (oauthButtonText.hashCode) +
    (publicUsers.hashCode) +
    (trashDays.hashCode) +
    (userDeleteDelay.hashCode);

  @override
-  String toString() => 'ServerConfigDto[externalDomain=$externalDomain, isInitialized=$isInitialized, isOnboarded=$isOnboarded, loginPageMessage=$loginPageMessage, maintenanceMode=$maintenanceMode, mapDarkStyleUrl=$mapDarkStyleUrl, mapLightStyleUrl=$mapLightStyleUrl, oauthButtonText=$oauthButtonText, publicUsers=$publicUsers, trashDays=$trashDays, userDeleteDelay=$userDeleteDelay]';
+  String toString() => 'ServerConfigDto[externalDomain=$externalDomain, isInitialized=$isInitialized, isOnboarded=$isOnboarded, loginPageMessage=$loginPageMessage, maintenanceMode=$maintenanceMode, mapDarkStyleUrl=$mapDarkStyleUrl, mapLightStyleUrl=$mapLightStyleUrl, minFaces=$minFaces, oauthButtonText=$oauthButtonText, publicUsers=$publicUsers, trashDays=$trashDays, userDeleteDelay=$userDeleteDelay]';

  Map<String, dynamic> toJson() {
    final json = <String, dynamic>{};
@@ -106,6 +115,7 @@ class ServerConfigDto {
      json[r'maintenanceMode'] = this.maintenanceMode;
      json[r'mapDarkStyleUrl'] = this.mapDarkStyleUrl;
      json[r'mapLightStyleUrl'] = this.mapLightStyleUrl;
+      json[r'minFaces'] = this.minFaces;
      json[r'oauthButtonText'] = this.oauthButtonText;
      json[r'publicUsers'] = this.publicUsers;
      json[r'trashDays'] = this.trashDays;
@@ -129,6 +139,7 @@ class ServerConfigDto {
        maintenanceMode: mapValueOfType<bool>(json, r'maintenanceMode')!,
        mapDarkStyleUrl: mapValueOfType<String>(json, r'mapDarkStyleUrl')!,
        mapLightStyleUrl: mapValueOfType<String>(json, r'mapLightStyleUrl')!,
+        minFaces: mapValueOfType<int>(json, r'minFaces')!,
        oauthButtonText: mapValueOfType<String>(json, r'oauthButtonText')!,
        publicUsers: mapValueOfType<bool>(json, r'publicUsers')!,
        trashDays: mapValueOfType<int>(json, r'trashDays')!,
@@ -187,6 +198,7 @@ class ServerConfigDto {
    'maintenanceMode',
    'mapDarkStyleUrl',
    'mapLightStyleUrl',
+    'minFaces',
    'oauthButtonText',
    'publicUsers',
    'trashDays',
@@ -23,6 +23,7 @@ class ServerFeaturesDto {
    required this.oauthAutoLaunch,
    required this.ocr,
    required this.passwordLogin,
+    required this.realtimeTranscoding,
    required this.reverseGeocoding,
    required this.search,
    required this.sidecar,
@@ -60,6 +61,9 @@ class ServerFeaturesDto {
  /// Whether password login is enabled
  bool passwordLogin;

+  /// Whether real-time transcoding is enabled
+  bool realtimeTranscoding;
+
  /// Whether reverse geocoding is enabled
  bool reverseGeocoding;

@@ -87,6 +91,7 @@ class ServerFeaturesDto {
    other.oauthAutoLaunch == oauthAutoLaunch &&
    other.ocr == ocr &&
    other.passwordLogin == passwordLogin &&
+    other.realtimeTranscoding == realtimeTranscoding &&
    other.reverseGeocoding == reverseGeocoding &&
    other.search == search &&
    other.sidecar == sidecar &&
@@ -106,6 +111,7 @@ class ServerFeaturesDto {
    (oauthAutoLaunch.hashCode) +
    (ocr.hashCode) +
    (passwordLogin.hashCode) +
+    (realtimeTranscoding.hashCode) +
    (reverseGeocoding.hashCode) +
    (search.hashCode) +
    (sidecar.hashCode) +
@@ -113,7 +119,7 @@ class ServerFeaturesDto {
    (trash.hashCode);

  @override
-  String toString() => 'ServerFeaturesDto[configFile=$configFile, duplicateDetection=$duplicateDetection, email=$email, facialRecognition=$facialRecognition, importFaces=$importFaces, map=$map, oauth=$oauth, oauthAutoLaunch=$oauthAutoLaunch, ocr=$ocr, passwordLogin=$passwordLogin, reverseGeocoding=$reverseGeocoding, search=$search, sidecar=$sidecar, smartSearch=$smartSearch, trash=$trash]';
+  String toString() => 'ServerFeaturesDto[configFile=$configFile, duplicateDetection=$duplicateDetection, email=$email, facialRecognition=$facialRecognition, importFaces=$importFaces, map=$map, oauth=$oauth, oauthAutoLaunch=$oauthAutoLaunch, ocr=$ocr, passwordLogin=$passwordLogin, realtimeTranscoding=$realtimeTranscoding, reverseGeocoding=$reverseGeocoding, search=$search, sidecar=$sidecar, smartSearch=$smartSearch, trash=$trash]';

  Map<String, dynamic> toJson() {
    final json = <String, dynamic>{};
@@ -127,6 +133,7 @@ class ServerFeaturesDto {
      json[r'oauthAutoLaunch'] = this.oauthAutoLaunch;
      json[r'ocr'] = this.ocr;
      json[r'passwordLogin'] = this.passwordLogin;
+      json[r'realtimeTranscoding'] = this.realtimeTranscoding;
      json[r'reverseGeocoding'] = this.reverseGeocoding;
      json[r'search'] = this.search;
      json[r'sidecar'] = this.sidecar;
@@ -154,6 +161,7 @@ class ServerFeaturesDto {
        oauthAutoLaunch: mapValueOfType<bool>(json, r'oauthAutoLaunch')!,
        ocr: mapValueOfType<bool>(json, r'ocr')!,
        passwordLogin: mapValueOfType<bool>(json, r'passwordLogin')!,
+        realtimeTranscoding: mapValueOfType<bool>(json, r'realtimeTranscoding')!,
        reverseGeocoding: mapValueOfType<bool>(json, r'reverseGeocoding')!,
        search: mapValueOfType<bool>(json, r'search')!,
        sidecar: mapValueOfType<bool>(json, r'sidecar')!,
@@ -216,6 +224,7 @@ class ServerFeaturesDto {
    'oauthAutoLaunch',
    'ocr',
    'passwordLogin',
+    'realtimeTranscoding',
    'reverseGeocoding',
    'search',
    'sidecar',
@@ -16,47 +16,61 @@ class ServerVersionResponseDto {
    required this.major,
    required this.minor,
    required this.patch_,
+    required this.prerelease,
  });

  /// Major version number
  ///
-  /// Minimum value: -9007199254740991
+  /// Minimum value: 0
  /// Maximum value: 9007199254740991
  int major;

  /// Minor version number
  ///
-  /// Minimum value: -9007199254740991
+  /// Minimum value: 0
  /// Maximum value: 9007199254740991
  int minor;

  /// Patch version number
  ///
-  /// Minimum value: -9007199254740991
+  /// Minimum value: 0
  /// Maximum value: 9007199254740991
  int patch_;

+  /// Pre-release version number
+  ///
+  /// Minimum value: 0
+  /// Maximum value: 9007199254740991
+  int? prerelease;
+
  @override
  bool operator ==(Object other) => identical(this, other) || other is ServerVersionResponseDto &&
    other.major == major &&
    other.minor == minor &&
-    other.patch_ == patch_;
+    other.patch_ == patch_ &&
+    other.prerelease == prerelease;

  @override
  int get hashCode =>
    // ignore: unnecessary_parenthesis
    (major.hashCode) +
    (minor.hashCode) +
-    (patch_.hashCode);
+    (patch_.hashCode) +
+    (prerelease == null ? 0 : prerelease!.hashCode);

  @override
-  String toString() => 'ServerVersionResponseDto[major=$major, minor=$minor, patch_=$patch_]';
+  String toString() => 'ServerVersionResponseDto[major=$major, minor=$minor, patch_=$patch_, prerelease=$prerelease]';

  Map<String, dynamic> toJson() {
    final json = <String, dynamic>{};
      json[r'major'] = this.major;
      json[r'minor'] = this.minor;
      json[r'patch'] = this.patch_;
+    if (this.prerelease != null) {
+      json[r'prerelease'] = this.prerelease;
+    } else {
+    //  json[r'prerelease'] = null;
+    }
    return json;
  }

@@ -72,6 +86,7 @@ class ServerVersionResponseDto {
        major: mapValueOfType<int>(json, r'major')!,
        minor: mapValueOfType<int>(json, r'minor')!,
        patch_: mapValueOfType<int>(json, r'patch')!,
+        prerelease: mapValueOfType<int>(json, r'prerelease'),
      );
    }
    return null;
@@ -122,6 +137,7 @@ class ServerVersionResponseDto {
    'major',
    'minor',
    'patch',
+    'prerelease',
  };
 }

@@ -25,6 +25,7 @@ class SystemConfigFFmpegDto {
    required this.maxBitrate,
    required this.preferredHwDevice,
    required this.preset,
+    required this.realtime,
    required this.refs,
    required this.targetAudioCodec,
    required this.targetResolution,
@@ -79,6 +80,8 @@ class SystemConfigFFmpegDto {
  /// Preset
  String preset;

+  SystemConfigFFmpegRealtimeDto realtime;
+
  /// References
  ///
  /// Minimum value: 0
@@ -122,6 +125,7 @@ class SystemConfigFFmpegDto {
    other.maxBitrate == maxBitrate &&
    other.preferredHwDevice == preferredHwDevice &&
    other.preset == preset &&
+    other.realtime == realtime &&
    other.refs == refs &&
    other.targetAudioCodec == targetAudioCodec &&
    other.targetResolution == targetResolution &&
@@ -147,6 +151,7 @@ class SystemConfigFFmpegDto {
    (maxBitrate.hashCode) +
    (preferredHwDevice.hashCode) +
    (preset.hashCode) +
+    (realtime.hashCode) +
    (refs.hashCode) +
    (targetAudioCodec.hashCode) +
    (targetResolution.hashCode) +
@@ -158,7 +163,7 @@ class SystemConfigFFmpegDto {
    (twoPass.hashCode);

  @override
-  String toString() => 'SystemConfigFFmpegDto[accel=$accel, accelDecode=$accelDecode, acceptedAudioCodecs=$acceptedAudioCodecs, acceptedContainers=$acceptedContainers, acceptedVideoCodecs=$acceptedVideoCodecs, bframes=$bframes, cqMode=$cqMode, crf=$crf, gopSize=$gopSize, maxBitrate=$maxBitrate, preferredHwDevice=$preferredHwDevice, preset=$preset, refs=$refs, targetAudioCodec=$targetAudioCodec, targetResolution=$targetResolution, targetVideoCodec=$targetVideoCodec, temporalAQ=$temporalAQ, threads=$threads, tonemap=$tonemap, transcode=$transcode, twoPass=$twoPass]';
+  String toString() => 'SystemConfigFFmpegDto[accel=$accel, accelDecode=$accelDecode, acceptedAudioCodecs=$acceptedAudioCodecs, acceptedContainers=$acceptedContainers, acceptedVideoCodecs=$acceptedVideoCodecs, bframes=$bframes, cqMode=$cqMode, crf=$crf, gopSize=$gopSize, maxBitrate=$maxBitrate, preferredHwDevice=$preferredHwDevice, preset=$preset, realtime=$realtime, refs=$refs, targetAudioCodec=$targetAudioCodec, targetResolution=$targetResolution, targetVideoCodec=$targetVideoCodec, temporalAQ=$temporalAQ, threads=$threads, tonemap=$tonemap, transcode=$transcode, twoPass=$twoPass]';

  Map<String, dynamic> toJson() {
    final json = <String, dynamic>{};
@@ -174,6 +179,7 @@ class SystemConfigFFmpegDto {
      json[r'maxBitrate'] = this.maxBitrate;
      json[r'preferredHwDevice'] = this.preferredHwDevice;
      json[r'preset'] = this.preset;
+      json[r'realtime'] = this.realtime;
      json[r'refs'] = this.refs;
      json[r'targetAudioCodec'] = this.targetAudioCodec;
      json[r'targetResolution'] = this.targetResolution;
@@ -207,6 +213,7 @@ class SystemConfigFFmpegDto {
        maxBitrate: mapValueOfType<String>(json, r'maxBitrate')!,
        preferredHwDevice: mapValueOfType<String>(json, r'preferredHwDevice')!,
        preset: mapValueOfType<String>(json, r'preset')!,
+        realtime: SystemConfigFFmpegRealtimeDto.fromJson(json[r'realtime'])!,
        refs: mapValueOfType<int>(json, r'refs')!,
        targetAudioCodec: AudioCodec.fromJson(json[r'targetAudioCodec'])!,
        targetResolution: mapValueOfType<String>(json, r'targetResolution')!,
@@ -275,6 +282,7 @@ class SystemConfigFFmpegDto {
    'maxBitrate',
    'preferredHwDevice',
    'preset',
+    'realtime',
    'refs',
    'targetAudioCodec',
    'targetResolution',
@@ -0,0 +1,100 @@
+//
+// AUTO-GENERATED FILE, DO NOT MODIFY!
+//
+// @dart=2.18
+
+// ignore_for_file: unused_element, unused_import
+// ignore_for_file: always_put_required_named_parameters_first
+// ignore_for_file: constant_identifier_names
+// ignore_for_file: lines_longer_than_80_chars
+
+part of openapi.api;
+
+class SystemConfigFFmpegRealtimeDto {
+  /// Returns a new [SystemConfigFFmpegRealtimeDto] instance.
+  SystemConfigFFmpegRealtimeDto({
+    required this.enabled,
+  });
+
+  /// Enable real-time HLS transcoding (alpha)
+  bool enabled;
+
+  @override
+  bool operator ==(Object other) => identical(this, other) || other is SystemConfigFFmpegRealtimeDto &&
+    other.enabled == enabled;
+
+  @override
+  int get hashCode =>
+    // ignore: unnecessary_parenthesis
+    (enabled.hashCode);
+
+  @override
+  String toString() => 'SystemConfigFFmpegRealtimeDto[enabled=$enabled]';
+
+  Map<String, dynamic> toJson() {
+    final json = <String, dynamic>{};
+      json[r'enabled'] = this.enabled;
+    return json;
+  }
+
+  /// Returns a new [SystemConfigFFmpegRealtimeDto] instance and imports its values from
+  /// [value] if it's a [Map], null otherwise.
+  // ignore: prefer_constructors_over_static_methods
+  static SystemConfigFFmpegRealtimeDto? fromJson(dynamic value) {
+    upgradeDto(value, "SystemConfigFFmpegRealtimeDto");
+    if (value is Map) {
+      final json = value.cast<String, dynamic>();
+
+      return SystemConfigFFmpegRealtimeDto(
+        enabled: mapValueOfType<bool>(json, r'enabled')!,
+      );
+    }
+    return null;
+  }
+
+  static List<SystemConfigFFmpegRealtimeDto> listFromJson(dynamic json, {bool growable = false,}) {
+    final result = <SystemConfigFFmpegRealtimeDto>[];
+    if (json is List && json.isNotEmpty) {
+      for (final row in json) {
+        final value = SystemConfigFFmpegRealtimeDto.fromJson(row);
+        if (value != null) {
+          result.add(value);
+        }
+      }
+    }
+    return result.toList(growable: growable);
+  }
+
+  static Map<String, SystemConfigFFmpegRealtimeDto> mapFromJson(dynamic json) {
+    final map = <String, SystemConfigFFmpegRealtimeDto>{};
+    if (json is Map && json.isNotEmpty) {
+      json = json.cast<String, dynamic>(); // ignore: parameter_assignments
+      for (final entry in json.entries) {
+        final value = SystemConfigFFmpegRealtimeDto.fromJson(entry.value);
+        if (value != null) {
+          map[entry.key] = value;
+        }
+      }
+    }
+    return map;
+  }
+
+  // maps a json object with a list of SystemConfigFFmpegRealtimeDto-objects as value to a dart map
+  static Map<String, List<SystemConfigFFmpegRealtimeDto>> mapListFromJson(dynamic json, {bool growable = false,}) {
+    final map = <String, List<SystemConfigFFmpegRealtimeDto>>{};
+    if (json is Map && json.isNotEmpty) {
+      // ignore: parameter_assignments
+      json = json.cast<String, dynamic>();
+      for (final entry in json.entries) {
+        map[entry.key] = SystemConfigFFmpegRealtimeDto.listFromJson(entry.value, growable: growable,);
+      }
+    }
+    return map;
+  }
+
+  /// The list of required keys that must be present in a JSON.
+  static const requiredKeys = <String>{
+    'enabled',
+  };
+}
+
@@ -13,26 +13,32 @@ part of openapi.api;
 class SystemConfigNewVersionCheckDto {
  /// Returns a new [SystemConfigNewVersionCheckDto] instance.
  SystemConfigNewVersionCheckDto({
+    required this.channel,
    required this.enabled,
  });

+  ReleaseChannel channel;
+
  /// Enabled
  bool enabled;

  @override
  bool operator ==(Object other) => identical(this, other) || other is SystemConfigNewVersionCheckDto &&
+    other.channel == channel &&
    other.enabled == enabled;

  @override
  int get hashCode =>
    // ignore: unnecessary_parenthesis
+    (channel.hashCode) +
    (enabled.hashCode);

  @override
-  String toString() => 'SystemConfigNewVersionCheckDto[enabled=$enabled]';
+  String toString() => 'SystemConfigNewVersionCheckDto[channel=$channel, enabled=$enabled]';

  Map<String, dynamic> toJson() {
    final json = <String, dynamic>{};
+      json[r'channel'] = this.channel;
      json[r'enabled'] = this.enabled;
    return json;
  }
@@ -46,6 +52,7 @@ class SystemConfigNewVersionCheckDto {
      final json = value.cast<String, dynamic>();

      return SystemConfigNewVersionCheckDto(
+        channel: ReleaseChannel.fromJson(json[r'channel'])!,
        enabled: mapValueOfType<bool>(json, r'enabled')!,
      );
    }
@@ -94,6 +101,7 @@ class SystemConfigNewVersionCheckDto {

  /// The list of required keys that must be present in a JSON.
  static const requiredKeys = <String>{
+    'channel',
    'enabled',
  };
 }
@@ -116,7 +116,7 @@ void main() {
    when(() => mockApi.serverInfoApi).thenReturn(mockServerApi);
    when(
      () => mockServerApi.getServerVersion(),
-    ).thenAnswer((_) async => ServerVersionResponseDto(major: 1, minor: 132, patch_: 0));
+    ).thenAnswer((_) async => ServerVersionResponseDto(major: 1, minor: 132, patch_: 0, prerelease: null));

    when(() => mockSyncStreamRepo.updateUsersV1(any())).thenAnswer(successHandler);
    when(() => mockSyncStreamRepo.deleteUsersV1(any())).thenAnswer(successHandler);
@@ -559,7 +559,7 @@ void main() {
      await Store.put(StoreKey.syncMigrationStatus, "[]");
      when(
        () => mockServerApi.getServerVersion(),
-      ).thenAnswer((_) async => ServerVersionResponseDto(major: 2, minor: 4, patch_: 1));
+      ).thenAnswer((_) async => ServerVersionResponseDto(major: 2, minor: 4, patch_: 1, prerelease: null));

      await sut.sync();

@@ -587,7 +587,7 @@ void main() {
      await Store.put(StoreKey.syncMigrationStatus, "[]");
      when(
        () => mockServerApi.getServerVersion(),
-      ).thenAnswer((_) async => ServerVersionResponseDto(major: 2, minor: 5, patch_: 0));
+      ).thenAnswer((_) async => ServerVersionResponseDto(major: 2, minor: 5, patch_: 0, prerelease: null));
      await sut.sync();

      verifyInOrder([
@@ -617,7 +617,7 @@ void main() {

      when(
        () => mockServerApi.getServerVersion(),
-      ).thenAnswer((_) async => ServerVersionResponseDto(major: 2, minor: 4, patch_: 1));
+      ).thenAnswer((_) async => ServerVersionResponseDto(major: 2, minor: 4, patch_: 1, prerelease: null));

      await sut.sync();

@@ -88,5 +88,71 @@ void main() {
      expect(version2.minor, 2);
      expect(version2.patch, 3);
    });
+
+    test('Orders later prerelease above earlier prerelease', () {
+      const rc1 = SemVer(major: 1, minor: 151, patch: 0, prerelease: 1);
+      const rc2 = SemVer(major: 1, minor: 151, patch: 0, prerelease: 2);
+      expect(rc2 > rc1, isTrue);
+      expect(rc1 < rc2, isTrue);
+      expect(rc1 == rc2, isFalse);
+    });
+
+    test('Final release outranks its prerelease of the same version', () {
+      const rc = SemVer(major: 1, minor: 151, patch: 0, prerelease: 1);
+      const release = SemVer(major: 1, minor: 151, patch: 0);
+      expect(release > rc, isTrue);
+      expect(rc < release, isTrue);
+    });
+
+    test('Higher major outranks a prerelease regardless of ordinal', () {
+      const rc = SemVer(major: 1, minor: 151, patch: 0, prerelease: 9);
+      const next = SemVer(major: 2, minor: 0, patch: 0);
+      expect(next > rc, isTrue);
+    });
+
+    test('Equal prerelease versions compare as equal', () {
+      const a = SemVer(major: 1, minor: 151, patch: 0, prerelease: 3);
+      const b = SemVer(major: 1, minor: 151, patch: 0, prerelease: 3);
+      expect(a == b, isTrue);
+      expect(a > b, isFalse);
+      expect(a < b, isFalse);
+    });
+
+    test('Reports prerelease difference type', () {
+      const rc1 = SemVer(major: 1, minor: 151, patch: 0, prerelease: 1);
+      const rc2 = SemVer(major: 1, minor: 151, patch: 0, prerelease: 2);
+      expect(rc1.differenceType(rc2), SemVerType.prerelease);
+    });
+
+    test('toString includes prerelease suffix when present', () {
+      const rc = SemVer(major: 1, minor: 151, patch: 0, prerelease: 2);
+      expect(rc.toString(), '1.151.0-rc.2');
+    });
+
+    test('Parses prerelease ordinal from -rc strings', () {
+      final dotted = SemVer.fromString('1.151.0-rc.2');
+      expect(dotted.major, 1);
+      expect(dotted.minor, 151);
+      expect(dotted.patch, 0);
+      expect(dotted.prerelease, 2);
+
+      expect(SemVer.fromString('v1.151.0-rc.3').prerelease, 3);
+      expect(SemVer.fromString('1.2.3-rc.2+build.5').prerelease, 2);
+    });
+
+    test('Plain version string has null prerelease', () {
+      expect(SemVer.fromString('3.0.0').prerelease, isNull);
+    });
+
+    test('Invalid rc suffixes parse without error and have null prerelease', () {
+      final debug = SemVer.fromString('1.2.3-debug');
+      expect(debug.major, 1);
+      expect(debug.minor, 2);
+      expect(debug.patch, 3);
+      expect(debug.prerelease, isNull);
+
+      expect(SemVer.fromString('1.2.3+build.5').prerelease, isNull);
+      expect(SemVer.fromString('1.151.0-rc4').prerelease, isNull);
+    });
  });
 }
@@ -4308,6 +4308,351 @@
        "x-immich-state": "Stable"
      }
    },
+    "/assets/{id}/video/stream/main.m3u8": {
+      "get": {
+        "description": "Returns an HLS main playlist with all available variants for the asset.",
+        "operationId": "getMainPlaylist",
+        "parameters": [
+          {
+            "name": "id",
+            "required": true,
+            "in": "path",
+            "schema": {
+              "format": "uuid",
+              "pattern": "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12})$",
+              "type": "string"
+            }
+          },
+          {
+            "name": "key",
+            "required": false,
+            "in": "query",
+            "schema": {
+              "type": "string"
+            }
+          },
+          {
+            "name": "slug",
+            "required": false,
+            "in": "query",
+            "schema": {
+              "type": "string"
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "content": {
+              "application/vnd.apple.mpegurl": {
+                "schema": {
+                  "type": "string"
+                }
+              }
+            },
+            "description": ""
+          }
+        },
+        "security": [
+          {
+            "bearer": []
+          },
+          {
+            "cookie": []
+          },
+          {
+            "api_key": []
+          }
+        ],
+        "summary": "Get HLS main playlist",
+        "tags": [
+          "Assets"
+        ],
+        "x-immich-history": [
+          {
+            "version": "v3",
+            "state": "Added"
+          },
+          {
+            "version": "v3",
+            "state": "Alpha"
+          }
+        ],
+        "x-immich-permission": "asset.view",
+        "x-immich-state": "Alpha"
+      }
+    },
+    "/assets/{id}/video/stream/{sessionId}": {
+      "delete": {
+        "description": "Releases server resources for the streaming session.",
+        "operationId": "endSession",
+        "parameters": [
+          {
+            "name": "id",
+            "required": true,
+            "in": "path",
+            "schema": {
+              "format": "uuid",
+              "pattern": "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12})$",
+              "type": "string"
+            }
+          },
+          {
+            "name": "key",
+            "required": false,
+            "in": "query",
+            "schema": {
+              "type": "string"
+            }
+          },
+          {
+            "name": "sessionId",
+            "required": true,
+            "in": "path",
+            "schema": {
+              "format": "uuid",
+              "pattern": "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12})$",
+              "type": "string"
+            }
+          },
+          {
+            "name": "slug",
+            "required": false,
+            "in": "query",
+            "schema": {
+              "type": "string"
+            }
+          }
+        ],
+        "responses": {
+          "204": {
+            "description": ""
+          }
+        },
+        "security": [
+          {
+            "bearer": []
+          },
+          {
+            "cookie": []
+          },
+          {
+            "api_key": []
+          }
+        ],
+        "summary": "End HLS streaming session",
+        "tags": [
+          "Assets"
+        ],
+        "x-immich-history": [
+          {
+            "version": "v3",
+            "state": "Added"
+          },
+          {
+            "version": "v3",
+            "state": "Alpha"
+          }
+        ],
+        "x-immich-permission": "asset.view",
+        "x-immich-state": "Alpha"
+      }
+    },
+    "/assets/{id}/video/stream/{sessionId}/{variantIndex}/playlist.m3u8": {
+      "get": {
+        "description": "Returns an HLS media playlist for one variant of the streaming session.",
+        "operationId": "getMediaPlaylist",
+        "parameters": [
+          {
+            "name": "id",
+            "required": true,
+            "in": "path",
+            "schema": {
+              "format": "uuid",
+              "pattern": "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12})$",
+              "type": "string"
+            }
+          },
+          {
+            "name": "key",
+            "required": false,
+            "in": "query",
+            "schema": {
+              "type": "string"
+            }
+          },
+          {
+            "name": "sessionId",
+            "required": true,
+            "in": "path",
+            "schema": {
+              "format": "uuid",
+              "pattern": "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12})$",
+              "type": "string"
+            }
+          },
+          {
+            "name": "slug",
+            "required": false,
+            "in": "query",
+            "schema": {
+              "type": "string"
+            }
+          },
+          {
+            "name": "variantIndex",
+            "required": true,
+            "in": "path",
+            "schema": {
+              "minimum": 0,
+              "maximum": 9007199254740991,
+              "type": "integer"
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "content": {
+              "application/vnd.apple.mpegurl": {
+                "schema": {
+                  "type": "string"
+                }
+              }
+            },
+            "description": ""
+          }
+        },
+        "security": [
+          {
+            "bearer": []
+          },
+          {
+            "cookie": []
+          },
+          {
+            "api_key": []
+          }
+        ],
+        "summary": "Get HLS media playlist",
+        "tags": [
+          "Assets"
+        ],
+        "x-immich-history": [
+          {
+            "version": "v3",
+            "state": "Added"
+          },
+          {
+            "version": "v3",
+            "state": "Alpha"
+          }
+        ],
+        "x-immich-permission": "asset.view",
+        "x-immich-state": "Alpha"
+      }
+    },
+    "/assets/{id}/video/stream/{sessionId}/{variantIndex}/{filename}": {
+      "get": {
+        "description": "Streams an HLS init segment (init.mp4) or media segment (seg_N.m4s).",
+        "operationId": "getSegment",
+        "parameters": [
+          {
+            "name": "filename",
+            "required": true,
+            "in": "path",
+            "schema": {
+              "pattern": "^(init\\.mp4|seg_\\d+\\.m4s)$",
+              "type": "string"
+            }
+          },
+          {
+            "name": "id",
+            "required": true,
+            "in": "path",
+            "schema": {
+              "format": "uuid",
+              "pattern": "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12})$",
+              "type": "string"
+            }
+          },
+          {
+            "name": "key",
+            "required": false,
+            "in": "query",
+            "schema": {
+              "type": "string"
+            }
+          },
+          {
+            "name": "sessionId",
+            "required": true,
+            "in": "path",
+            "schema": {
+              "format": "uuid",
+              "pattern": "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12})$",
+              "type": "string"
+            }
+          },
+          {
+            "name": "slug",
+            "required": false,
+            "in": "query",
+            "schema": {
+              "type": "string"
+            }
+          },
+          {
+            "name": "variantIndex",
+            "required": true,
+            "in": "path",
+            "schema": {
+              "minimum": 0,
+              "maximum": 9007199254740991,
+              "type": "integer"
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "content": {
+              "application/octet-stream": {
+                "schema": {
+                  "format": "binary",
+                  "type": "string"
+                }
+              }
+            },
+            "description": ""
+          }
+        },
+        "security": [
+          {
+            "bearer": []
+          },
+          {
+            "cookie": []
+          },
+          {
+            "api_key": []
+          }
+        ],
+        "summary": "Get HLS segment or init file",
+        "tags": [
+          "Assets"
+        ],
+        "x-immich-history": [
+          {
+            "version": "v3",
+            "state": "Added"
+          },
+          {
+            "version": "v3",
+            "state": "Alpha"
+          }
+        ],
+        "x-immich-permission": "asset.view",
+        "x-immich-state": "Alpha"
+      }
+    },
    "/auth/admin-sign-up": {
      "post": {
        "description": "Create the first admin user in the system.",
@@ -18146,6 +18491,7 @@
          "LibrarySyncFilesQueueAll",
          "LibrarySyncFiles",
          "LibraryScanQueueAll",
+          "HlsSessionCleanup",
          "MemoryCleanup",
          "MemoryGenerate",
          "NotificationsCleanup",
@@ -19561,6 +19907,12 @@
            "description": "Whether people are enabled",
            "type": "boolean"
          },
+          "minimumFaces": {
+            "description": "People face threshold",
+            "maximum": 9007199254740991,
+            "minimum": 1,
+            "type": "integer"
+          },
          "sidebarWeb": {
            "description": "Whether people appear in web sidebar",
            "type": "boolean"
@@ -19622,6 +19974,12 @@
            "description": "Whether people are enabled",
            "type": "boolean"
          },
+          "minimumFaces": {
+            "description": "People face threshold",
+            "maximum": 9007199254740991,
+            "minimum": 1,
+            "type": "integer"
+          },
          "sidebarWeb": {
            "description": "Whether people appear in web sidebar",
            "type": "boolean"
@@ -20828,6 +21186,57 @@
        ],
        "type": "string"
      },
+      "ReleaseChannel": {
+        "description": "Release channel",
+        "enum": [
+          "stable",
+          "releaseCandidate"
+        ],
+        "type": "string"
+      },
+      "ReleaseEventV1": {
+        "properties": {
+          "checkedAt": {
+            "description": "When the server last checked for a latest version. As an ISO timestamp",
+            "type": "string"
+          },
+          "isAvailable": {
+            "description": "Whether a new version is available",
+            "type": "boolean"
+          },
+          "releaseVersion": {
+            "$ref": "#/components/schemas/ServerVersionResponseDto"
+          },
+          "serverVersion": {
+            "$ref": "#/components/schemas/ServerVersionResponseDto"
+          },
+          "type": {
+            "$ref": "#/components/schemas/ReleaseType",
+            "description": "Release type",
+            "nullable": true
+          }
+        },
+        "required": [
+          "checkedAt",
+          "isAvailable",
+          "releaseVersion",
+          "serverVersion",
+          "type"
+        ],
+        "type": "object"
+      },
+      "ReleaseType": {
+        "enum": [
+          "major",
+          "premajor",
+          "minor",
+          "preminor",
+          "patch",
+          "prepatch",
+          "prerelease"
+        ],
+        "type": "string"
+      },
      "ReverseGeocodingStateResponseDto": {
        "properties": {
          "lastImportFileName": {
@@ -21207,6 +21616,12 @@
            "description": "Map light style URL",
            "type": "string"
          },
+          "minFaces": {
+            "description": "People min faces server default",
+            "maximum": 9007199254740991,
+            "minimum": -9007199254740991,
+            "type": "integer"
+          },
          "oauthButtonText": {
            "description": "OAuth button text",
            "type": "string"
@@ -21236,6 +21651,7 @@
          "maintenanceMode",
          "mapDarkStyleUrl",
          "mapLightStyleUrl",
+          "minFaces",
          "oauthButtonText",
          "publicUsers",
          "trashDays",
@@ -21285,6 +21701,10 @@
            "description": "Whether password login is enabled",
            "type": "boolean"
          },
+          "realtimeTranscoding": {
+            "description": "Whether real-time transcoding is enabled",
+            "type": "boolean"
+          },
          "reverseGeocoding": {
            "description": "Whether reverse geocoding is enabled",
            "type": "boolean"
@@ -21317,6 +21737,7 @@
          "oauthAutoLaunch",
          "ocr",
          "passwordLogin",
+          "realtimeTranscoding",
          "reverseGeocoding",
          "search",
          "sidecar",
@@ -21497,26 +21918,40 @@
          "major": {
            "description": "Major version number",
            "maximum": 9007199254740991,
-            "minimum": -9007199254740991,
+            "minimum": 0,
            "type": "integer"
          },
          "minor": {
            "description": "Minor version number",
            "maximum": 9007199254740991,
-            "minimum": -9007199254740991,
+            "minimum": 0,
            "type": "integer"
          },
          "patch": {
            "description": "Patch version number",
            "maximum": 9007199254740991,
-            "minimum": -9007199254740991,
+            "minimum": 0,
            "type": "integer"
+          },
+          "prerelease": {
+            "description": "Pre-release version number",
+            "maximum": 9007199254740991,
+            "minimum": 0,
+            "nullable": true,
+            "type": "integer",
+            "x-immich-history": [
+              {
+                "version": "v3.0.0",
+                "state": "Added"
+              }
+            ]
          }
        },
        "required": [
          "major",
          "minor",
-          "patch"
+          "patch",
+          "prerelease"
        ],
        "type": "object"
      },
@@ -24177,6 +24612,9 @@
            "description": "Preset",
            "type": "string"
          },
+          "realtime": {
+            "$ref": "#/components/schemas/SystemConfigFFmpegRealtimeDto"
+          },
          "refs": {
            "description": "References",
            "maximum": 6,
@@ -24227,6 +24665,7 @@
          "maxBitrate",
          "preferredHwDevice",
          "preset",
+          "realtime",
          "refs",
          "targetAudioCodec",
          "targetResolution",
@@ -24239,6 +24678,18 @@
        ],
        "type": "object"
      },
+      "SystemConfigFFmpegRealtimeDto": {
+        "properties": {
+          "enabled": {
+            "description": "Enable real-time HLS transcoding (alpha)",
+            "type": "boolean"
+          }
+        },
+        "required": [
+          "enabled"
+        ],
+        "type": "object"
+      },
      "SystemConfigFacesDto": {
        "properties": {
          "import": {
@@ -24537,12 +24988,16 @@
      },
      "SystemConfigNewVersionCheckDto": {
        "properties": {
+          "channel": {
+            "$ref": "#/components/schemas/ReleaseChannel"
+          },
          "enabled": {
            "description": "Enabled",
            "type": "boolean"
          }
        },
        "required": [
+          "channel",
          "enabled"
        ],
        "type": "object"
@@ -232,7 +232,6 @@
          "albumName": {
            "type": "string",
            "title": "Album name",
-            "array": true,
            "description": "Use an album with this name if one exists, otherwise create a new one"
          }
        },
@@ -298,6 +298,8 @@ export type MemoriesResponse = {
 export type PeopleResponse = {
    /** Whether people are enabled */
    enabled: boolean;
+    /** People face threshold */
+    minimumFaces?: number;
    /** Whether people appear in web sidebar */
    sidebarWeb: boolean;
 };
@@ -375,6 +377,8 @@ export type MemoriesUpdate = {
 export type PeopleUpdate = {
    /** Whether people are enabled */
    enabled?: boolean;
+    /** People face threshold */
+    minimumFaces?: number;
    /** Whether people appear in web sidebar */
    sidebarWeb?: boolean;
 };
@@ -1963,6 +1967,8 @@ export type ServerConfigDto = {
    mapDarkStyleUrl: string;
    /** Map light style URL */
    mapLightStyleUrl: string;
+    /** People min faces server default */
+    minFaces: number;
    /** OAuth button text */
    oauthButtonText: string;
    /** Whether public user registration is enabled */
@@ -1993,6 +1999,8 @@ export type ServerFeaturesDto = {
    ocr: boolean;
    /** Whether password login is enabled */
    passwordLogin: boolean;
+    /** Whether real-time transcoding is enabled */
+    realtimeTranscoding: boolean;
    /** Whether reverse geocoding is enabled */
    reverseGeocoding: boolean;
    /** Whether search is enabled */
@@ -2076,6 +2084,8 @@ export type ServerVersionResponseDto = {
    minor: number;
    /** Patch version number */
    patch: number;
+    /** Pre-release version number */
+    prerelease: number | null;
 };
 export type VersionCheckStateResponseDto = {
    /** Last check timestamp */
@@ -2251,6 +2261,10 @@ export type DatabaseBackupConfig = {
 export type SystemConfigBackupsDto = {
    database: DatabaseBackupConfig;
 };
+export type SystemConfigFFmpegRealtimeDto = {
+    /** Enable real-time HLS transcoding (alpha) */
+    enabled: boolean;
+};
 export type SystemConfigFFmpegDto = {
    accel: TranscodeHWAccel;
    /** Accelerated decode */
@@ -2274,6 +2288,7 @@ export type SystemConfigFFmpegDto = {
    preferredHwDevice: string;
    /** Preset */
    preset: string;
+    realtime: SystemConfigFFmpegRealtimeDto;
    /** References */
    refs: number;
    targetAudioCodec: AudioCodec;
@@ -2423,6 +2438,7 @@ export type SystemConfigMetadataDto = {
    faces: SystemConfigFacesDto;
 };
 export type SystemConfigNewVersionCheckDto = {
+    channel: ReleaseChannel;
    /** Enabled */
    enabled: boolean;
 };
@@ -2768,6 +2784,16 @@ export type WorkflowShareResponseDto = {
    trigger: WorkflowTrigger;
 };
 export type LicenseResponseDto = UserLicense;
+export type ReleaseEventV1 = {
+    /** When the server last checked for a latest version. As an ISO timestamp */
+    checkedAt: string;
+    /** Whether a new version is available */
+    isAvailable: boolean;
+    releaseVersion: ServerVersionResponseDto;
+    serverVersion: ServerVersionResponseDto;
+    /** Release type */
+    "type": ReleaseType;
+};
 export type SyncAckV1 = {};
 export type SyncAlbumDeleteV1 = {
    /** Album ID */
@@ -4212,6 +4238,82 @@ export function playAssetVideo({ id, key, slug }: {
        ...opts
    }));
 }
+/**
+ * Get HLS main playlist
+ */
+export function getMainPlaylist({ id, key, slug }: {
+    id: string;
+    key?: string;
+    slug?: string;
+}, opts?: Oazapfts.RequestOpts) {
+    return oazapfts.ok(oazapfts.fetchBlob<{
+        status: 200;
+        data: string;
+    }>(`/assets/${encodeURIComponent(id)}/video/stream/main.m3u8${QS.query(QS.explode({
+        key,
+        slug
+    }))}`, {
+        ...opts
+    }));
+}
+/**
+ * End HLS streaming session
+ */
+export function endSession({ id, key, sessionId, slug }: {
+    id: string;
+    key?: string;
+    sessionId: string;
+    slug?: string;
+}, opts?: Oazapfts.RequestOpts) {
+    return oazapfts.ok(oazapfts.fetchText(`/assets/${encodeURIComponent(id)}/video/stream/${encodeURIComponent(sessionId)}${QS.query(QS.explode({
+        key,
+        slug
+    }))}`, {
+        ...opts,
+        method: "DELETE"
+    }));
+}
+/**
+ * Get HLS media playlist
+ */
+export function getMediaPlaylist({ id, key, sessionId, slug, variantIndex }: {
+    id: string;
+    key?: string;
+    sessionId: string;
+    slug?: string;
+    variantIndex: number;
+}, opts?: Oazapfts.RequestOpts) {
+    return oazapfts.ok(oazapfts.fetchBlob<{
+        status: 200;
+        data: string;
+    }>(`/assets/${encodeURIComponent(id)}/video/stream/${encodeURIComponent(sessionId)}/${encodeURIComponent(variantIndex)}/playlist.m3u8${QS.query(QS.explode({
+        key,
+        slug
+    }))}`, {
+        ...opts
+    }));
+}
+/**
+ * Get HLS segment or init file
+ */
+export function getSegment({ filename, id, key, sessionId, slug, variantIndex }: {
+    filename: string;
+    id: string;
+    key?: string;
+    sessionId: string;
+    slug?: string;
+    variantIndex: number;
+}, opts?: Oazapfts.RequestOpts) {
+    return oazapfts.ok(oazapfts.fetchBlob<{
+        status: 200;
+        data: Blob;
+    }>(`/assets/${encodeURIComponent(id)}/video/stream/${encodeURIComponent(sessionId)}/${encodeURIComponent(variantIndex)}/${encodeURIComponent(filename)}${QS.query(QS.explode({
+        key,
+        slug
+    }))}`, {
+        ...opts
+    }));
+}
 /**
 * Register admin
 */
@@ -7122,6 +7224,7 @@ export enum JobName {
    LibrarySyncFilesQueueAll = "LibrarySyncFilesQueueAll",
    LibrarySyncFiles = "LibrarySyncFiles",
    LibraryScanQueueAll = "LibraryScanQueueAll",
+    HlsSessionCleanup = "HlsSessionCleanup",
    MemoryCleanup = "MemoryCleanup",
    MemoryGenerate = "MemoryGenerate",
    NotificationsCleanup = "NotificationsCleanup",
@@ -7312,6 +7415,10 @@ export enum LogLevel {
    Error = "error",
    Fatal = "fatal"
 }
+export enum ReleaseChannel {
+    Stable = "stable",
+    ReleaseCandidate = "releaseCandidate"
+}
 export enum OAuthTokenEndpointAuthMethod {
    ClientSecretPost = "client_secret_post",
    ClientSecretBasic = "client_secret_basic"
@@ -7320,6 +7427,15 @@ export enum AssetOrderBy {
    TakenAt = "takenAt",
    CreatedAt = "createdAt"
 }
+export enum ReleaseType {
+    Major = "major",
+    Premajor = "premajor",
+    Minor = "minor",
+    Preminor = "preminor",
+    Patch = "patch",
+    Prepatch = "prepatch",
+    Prerelease = "prerelease"
+}
 export enum UserMetadataKey {
    Preferences = "preferences",
    License = "license",
@@ -577,8 +577,8 @@ importers:
        specifier: ^1.6.3
        version: 1.6.4
      semver:
-        specifier: ^7.6.2
-        version: 7.8.0
+        specifier: ^7.8.1
+        version: 7.8.1
      sharp:
        specifier: ^0.34.5
        version: 0.34.5
@@ -615,7 +615,7 @@ importers:
        version: 10.0.1(eslint@10.4.0(jiti@2.7.0))
      '@nestjs/cli':
        specifier: ^11.0.2
-        version: 11.0.21(@swc/core@1.15.33(@swc/helpers@0.5.22))(@types/node@24.12.4)(esbuild@0.28.0)(lightningcss@1.32.0)(prettier@3.8.3)
+        version: 11.0.21(@swc/core@1.15.33(@swc/helpers@0.5.23))(@types/node@24.12.4)(esbuild@0.28.0)(lightningcss@1.32.0)(prettier@3.8.3)
      '@nestjs/schematics':
        specifier: ^11.0.0
        version: 11.1.0(chokidar@4.0.3)(prettier@3.8.3)(typescript@6.0.3)
@@ -624,7 +624,7 @@ importers:
        version: 11.1.21(@nestjs/common@11.1.21(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/core@11.1.21)(@nestjs/platform-express@11.1.21)
      '@swc/core':
        specifier: ^1.4.14
-        version: 1.15.33(@swc/helpers@0.5.22)
+        version: 1.15.33(@swc/helpers@0.5.23)
      '@types/archiver':
        specifier: ^7.0.0
        version: 7.0.0
@@ -695,8 +695,8 @@ importers:
        specifier: ^13.15.2
        version: 13.15.10
      '@vitest/coverage-v8':
-        specifier: ^3.0.0
-        version: 3.2.4(vitest@3.2.4(@types/debug@4.1.13)(@types/node@24.12.4)(happy-dom@20.9.0)(jiti@2.7.0)(jsdom@26.1.0(canvas@3.2.3))(lightningcss@1.32.0)(sass@1.99.0)(terser@5.47.1)(tsx@4.22.3)(yaml@2.9.0))
+        specifier: ^4.0.0
+        version: 4.1.7(vitest@3.2.4(@types/debug@4.1.13)(@types/node@24.12.4)(happy-dom@20.9.0)(jiti@2.7.0)(jsdom@26.1.0(canvas@3.2.3))(lightningcss@1.32.0)(sass@1.99.0)(terser@5.47.1)(tsx@4.22.3)(yaml@2.9.0))
      eslint:
        specifier: ^10.0.0
        version: 10.4.0(jiti@2.7.0)
@@ -734,8 +734,8 @@ importers:
        specifier: ^3.4.0
        version: 3.4.19(tsx@4.22.3)(yaml@2.9.0)
      testcontainers:
-        specifier: ^11.0.0
-        version: 11.14.0
+        specifier: ^12.0.0
+        version: 12.0.1
      typescript:
        specifier: ^6.0.0
        version: 6.0.3
@@ -744,7 +744,7 @@ importers:
        version: 8.59.4(eslint@10.4.0(jiti@2.7.0))(typescript@6.0.3)
      unplugin-swc:
        specifier: ^1.4.5
-        version: 1.5.9(@swc/core@1.15.33(@swc/helpers@0.5.22))(rollup@4.60.4)
+        version: 1.5.9(@swc/core@1.15.33(@swc/helpers@0.5.23))(rollup@4.60.4)
      vite-tsconfig-paths:
        specifier: ^6.0.0
        version: 6.1.1(typescript@6.0.3)(vite@8.0.13(@types/node@24.12.4)(esbuild@0.28.0)(jiti@2.7.0)(sass@1.99.0)(terser@5.47.1)(tsx@4.22.3)(yaml@2.9.0))
@@ -765,7 +765,7 @@ importers:
        version: link:../packages/sdk
      '@immich/ui':
        specifier: ^0.79.2
-        version: 0.79.2(@sveltejs/kit@2.60.1(@opentelemetry/api@1.9.1)(@sveltejs/vite-plugin-svelte@7.1.2(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@8.0.13(@types/node@24.12.4)(esbuild@0.28.0)(jiti@2.7.0)(sass@1.99.0)(terser@5.47.1)(tsx@4.22.3)(yaml@2.9.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(typescript@6.0.3)(vite@8.0.13(@types/node@24.12.4)(esbuild@0.28.0)(jiti@2.7.0)(sass@1.99.0)(terser@5.47.1)(tsx@4.22.3)(yaml@2.9.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))
+        version: 0.79.3(@sveltejs/kit@2.60.1(@opentelemetry/api@1.9.1)(@sveltejs/vite-plugin-svelte@7.1.2(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@8.0.13(@types/node@24.12.4)(esbuild@0.28.0)(jiti@2.7.0)(sass@1.99.0)(terser@5.47.1)(tsx@4.22.3)(yaml@2.9.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(typescript@6.0.3)(vite@8.0.13(@types/node@24.12.4)(esbuild@0.28.0)(jiti@2.7.0)(sass@1.99.0)(terser@5.47.1)(tsx@4.22.3)(yaml@2.9.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))
      '@mapbox/mapbox-gl-rtl-text':
        specifier: 0.4.0
        version: 0.4.0
@@ -820,6 +820,12 @@ importers:
      happy-dom:
        specifier: ^20.0.0
        version: 20.9.0
+      hls-video-element:
+        specifier: ^1.5.11
+        version: 1.5.11
+      hls.js:
+        specifier: ^1.6.16
+        version: 1.6.16
      intl-messageformat:
        specifier: ^11.0.0
        version: 11.2.6
@@ -922,7 +928,7 @@ importers:
        version: 14.6.1(@testing-library/dom@10.4.1)
      '@trivago/prettier-plugin-sort-imports':
        specifier: ^6.0.2
-        version: 6.0.2(prettier-plugin-svelte@3.5.2(prettier@3.8.3)(svelte@5.55.8(@typescript-eslint/types@8.59.4)))(prettier@3.8.3)(svelte@5.55.8(@typescript-eslint/types@8.59.4))
+        version: 6.0.2(prettier-plugin-svelte@4.1.0(prettier@3.8.3)(svelte@5.55.8(@typescript-eslint/types@8.59.4)))(prettier@3.8.3)(svelte@5.55.8(@typescript-eslint/types@8.59.4))
      '@types/chromecast-caf-sender':
        specifier: ^1.0.11
        version: 1.0.11
@@ -978,8 +984,8 @@ importers:
        specifier: ^4.1.1
        version: 4.2.0(prettier@3.8.3)
      prettier-plugin-svelte:
-        specifier: ^3.3.3
-        version: 3.5.2(prettier@3.8.3)(svelte@5.55.8(@typescript-eslint/types@8.59.4))
+        specifier: ^4.0.0
+        version: 4.1.0(prettier@3.8.3)(svelte@5.55.8(@typescript-eslint/types@8.59.4))
      rollup-plugin-visualizer:
        specifier: ^7.0.0
        version: 7.0.1(rolldown@1.0.1)(rollup@4.60.4)
@@ -1104,10 +1110,6 @@ packages:
    resolution: {integrity: sha512-UrcABB+4bUrFABwbluTIBErXwvbsU/V7TZWfmbgJfbkwiBuziS9gxdODUyuiecfdGQ85jglMW6juS3+z5TsKLw==}
    engines: {node: '>=10'}

-  '@ampproject/remapping@2.3.0':
-    resolution: {integrity: sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw==}
-    engines: {node: '>=6.0.0'}
-
  '@angular-devkit/core@19.2.24':
    resolution: {integrity: sha512-Kd49warf6U/EyWe5BszF/eebN3zQ3bk7tgfEljAw8q/rX95UUtriJubWvp6pgzHfzBA4jwq8f+QiNZB8eBEXPA==}
    engines: {node: ^18.19.1 || ^20.11.1 || >=22.0.0, npm: ^6.11.0 || ^7.5.6 || >=8.0.0, yarn: '>= 1.13.0'}
@@ -1693,10 +1695,6 @@ packages:
    peerDependencies:
      '@babel/core': ^7.0.0-0

-  '@babel/runtime@7.29.2':
-    resolution: {integrity: sha512-JiDShH45zKHWyGe4ZNVRrCjBz8Nh9TMmZG1kh4QTK8hCBTWBi8Da+i7s1fJw7/lYpM4ccepSNfqzZ/QvABBi5g==}
-    engines: {node: '>=6.9.0'}
-
  '@babel/runtime@7.29.7':
    resolution: {integrity: sha512-Nq8OhGWiZIZGV6hLHoyAKLLcJihP/xFeBMGJoUrxTX2psI8dCifzLhZISFb+VWS3wFMRDmCGw5R+dOySCqPLhw==}
    engines: {node: '>=6.9.0'}
@@ -3214,8 +3212,8 @@ packages:
    resolution: {integrity: sha512-O1SJ+BbeFVsUTF4af1MfagJZM+lPgLjI8lQ3SZNjpo8SGJReSbUl2ii03OKuGni/G0yp2GnRLpOTNSHYGtVrcg==}
    hasBin: true

-  '@immich/ui@0.79.2':
-    resolution: {integrity: sha512-tnpYhYHrjrFJK18QglRMzPUtHv6q5V6tW38HiAraQJBv7MCg+yaJDrdF8omM2L5F311FGlv1PZLJYvmR4e49PA==}
+  '@immich/ui@0.79.3':
+    resolution: {integrity: sha512-QO2gLcmAIVLvcv3eb6RZ5kDahmVMDZlfE2RfbpyRKNI1wTjvTLP5ibIsofY0fXxLf44cN3vcjmz16CXS8bvVWQ==}
    peerDependencies:
      '@sveltejs/kit': ^2.13.0
      svelte: ^5.0.0
@@ -3363,8 +3361,8 @@ packages:
      '@types/node':
        optional: true

-  '@internationalized/date@3.12.1':
-    resolution: {integrity: sha512-6IedsVWXyq4P9Tj+TxuU8WGWM70hYLl12nbYU8jkikVpa6WXapFazPUcHUMDMoWftIDE2ILDkFFte6W2nFCkRQ==}
+  '@internationalized/date@3.12.2':
+    resolution: {integrity: sha512-FY1Y+H64NDs+HAF6omlnWxm3mEpfgaCSWtL5l551ZZfImA+kGjPFgrnJrGjH6lfmLL0g8Z/mBu1R3kufeCp6Jw==}

  '@ioredis/commands@1.5.1':
    resolution: {integrity: sha512-JH8ZL/ywcJyR9MmJ5BNqZllXNZQqQbnVZOqpPQqE1vHiFgAw4NHbvE0FOduNU8IX9babitBT46571OnPTT0Zcw==}
@@ -3377,10 +3375,6 @@ packages:
    resolution: {integrity: sha512-wgm9Ehl2jpeqP3zw/7mo3kRHFp5MEDhqAdwy1fTGkHAwnkGOVsgpvQhL8B5n1qlb01jV3n/bI0ZfZp5lWA1k4w==}
    engines: {node: '>=18.0.0'}

-  '@istanbuljs/schema@0.1.6':
-    resolution: {integrity: sha512-+Sg6GCR/wy1oSmQDFq4LQDAhm3ETKnorxN+y5nbLULOR3P0c14f2Wurzj3/xqPXtasLFfHd5iRFQ7AJt4KH2cw==}
-    engines: {node: '>=8'}
-
  '@jest/schemas@29.6.3':
    resolution: {integrity: sha512-mo5j5X+jIZmJQveBKeS/clAueipV7KgiX1vMgCxam1RNYiqE1w62n0/tJJnHtjW8ZHcQco5gY85jA3mi0L+nSA==}
    engines: {node: ^14.15.0 || ^16.10.0 || >=18.0.0}
@@ -4993,8 +4987,8 @@ packages:
  '@swc/counter@0.1.3':
    resolution: {integrity: sha512-e2BR4lsJkkRlKZ/qCHPw9ZaSxc0MVUd7gtbtaB7aMvHeJVYe8sOB8DBZkP2DtISHGSku9sCK6T6cnY0CtXrOCQ==}

-  '@swc/helpers@0.5.22':
-    resolution: {integrity: sha512-/e2Ly3Docn9kYByap6TV4oquJ3wQuz3c+kC74riqtkwU9CwTMeuj6t2rW+bRr4pyOx/CYQM4wr0RgaKQwGEz0A==}
+  '@swc/helpers@0.5.23':
+    resolution: {integrity: sha512-5lSsMOTXURePglDfvuAQUqkGek9Hg2kksOYay2m0+XR++b2NWYL/4sWyuvVBIs8oKnJaxkdi9whaL/sqN13afw==}

  '@swc/types@0.1.26':
    resolution: {integrity: sha512-lyMwd7WGgG79RS7EERZV3T8wMdmPq3xwyg+1nmAM64kIhx5yl+juO2PYIHb7vTiPgPCj8LYjsNV2T5wiQHUEaw==}
@@ -5690,15 +5684,6 @@ packages:
    peerDependencies:
      valibot: ^1.4.0

-  '@vitest/coverage-v8@3.2.4':
-    resolution: {integrity: sha512-EyF9SXU6kS5Ku/U82E259WSnvg6c8KTjppUncuNdm5QHpe17mwREHnjDzozC8x9MZ0xfBUFSaLkRv4TMA75ALQ==}
-    peerDependencies:
-      '@vitest/browser': 3.2.4
-      vitest: 3.2.4
-    peerDependenciesMeta:
-      '@vitest/browser':
-        optional: true
-
  '@vitest/coverage-v8@4.1.7':
    resolution: {integrity: sha512-qsYPeXc5Q9dFLd1i8Ap+Bx8sQgcp+rFVQo4R0dDsWNBzl26ldVF1qOO+RL24K7FDrR6pA+50XedRLSoSG24bVQ==}
    peerDependencies:
@@ -6049,9 +6034,6 @@ packages:
  ast-metadata-inferer@0.8.1:
    resolution: {integrity: sha512-ht3Dm6Zr7SXv6t1Ra6gFo0+kLDglHGrEbYihTkcycrbHw7WCcuhBzPlJYHEsIpycaUwzsJHje+vUcxXUX4ztTA==}

-  ast-v8-to-istanbul@0.3.12:
-    resolution: {integrity: sha512-BRRC8VRZY2R4Z4lFIL35MwNXmwVqBityvOIwETtsCSwvjl0IdgFsy9NhdaA6j74nUdtJJlIypeRhpDam19Wq3g==}
-
  ast-v8-to-istanbul@1.0.0:
    resolution: {integrity: sha512-1fSfIwuDICFA4LKkCzRPO7F0hzFf0B7+Xqrl27ynQaa+Rh0e1Es0v6kWHPott3lU10AyAr7oKHa65OppjLn3Rg==}

@@ -6947,6 +6929,9 @@ packages:
  csstype@3.2.3:
    resolution: {integrity: sha512-z1HGKcYy2xA8AGQfwrn0PAy+PB7X/GSj3UVJW9qKyn43xWa+gl5nXmU4qqLMRzWVLFC8KusUX8T/0kCiOYpAIQ==}

+  custom-media-element@1.4.6:
+    resolution: {integrity: sha512-/HRYqJOa1ob5ik4q7FIJVYxTJCFs/FL3+cQPAJjUf2uiqrDEzbTgB315gQ2rG8oK3w094W9m5tcB8S5Qah+caA==}
+
  cytoscape-cose-bilkent@4.1.0:
    resolution: {integrity: sha512-wgQlVIUJF13Quxiv5e1gstZ08rnZj2XaLHGoFMYXz7SkNfCDOOteKBE6SYRfA9WxxI/iBc3ajfDoc6hb/MRAHQ==}
    peerDependencies:
@@ -7307,9 +7292,9 @@ packages:
    resolution: {integrity: sha512-XJgGhoR/CLpqshm4d3L7rzH6t8NgDFUIIpztYlLHIApeJjMZKYJMz2zxPsYxnejq5h3ELYSw/RBsi3t5h7gNTA==}
    engines: {node: '>= 8.0'}

-  dockerode@4.0.12:
-    resolution: {integrity: sha512-/bCZd6KlGcjZO8Buqmi/vXuqEGVEZ0PNjx/biBNqJD3MhK9DmdiAuKxqfNhflgDESDIiBz3qF+0e55+CpnrUcw==}
-    engines: {node: '>= 8.0'}
+  dockerode@5.0.0:
+    resolution: {integrity: sha512-C52mvJ+7lcyhWNfrzVfFsbTrBfy/ezE9FGEYLpu17FUeBcCkxERk9nN7uDl/478ynDiQ4U+5DbQC2vENHkVEtQ==}
+    engines: {node: '>= 14.17'}

  docusaurus-lunr-search@3.6.0:
    resolution: {integrity: sha512-CCEAnj5e67sUZmIb2hOl4xb4nDN07fb0fvRDDmdWlYpUvyS1CSKbw4lsGInLyUFEEEBzxQmT6zaVQdF/8Zretg==}
@@ -8271,6 +8256,12 @@ packages:
  history@4.10.1:
    resolution: {integrity: sha512-36nwAD620w12kuzPAsyINPWJqlNbij+hpK1k9XRloDtym8mxzGYl2c17LnV6IAGB2Dmg4tEa7G7DlawS0+qjew==}

+  hls-video-element@1.5.11:
+    resolution: {integrity: sha512-tJJ65/52CDxj8XFyIve6zT9nVVdUIc6mqvKR25X0ycPKHk07rpjp4xxVteeCefDUBSf/tFLhlICFmn3KWj37xA==}
+
+  hls.js@1.6.16:
+    resolution: {integrity: sha512-VSIRpLfRwlAAdGL4wiTucx2ScRipo0ed1FBatWkyt832jC4CReKstga6yIhYVwGu9LOBjuX9wzmRMeQdBJtzEA==}
+
  hogan.js@3.0.2:
    resolution: {integrity: sha512-RqGs4wavGYJWE07t35JQccByczmNUXQT0E12ZYV1VKYu5UiAU9lsos/yBAcf840+zrUQQxgVduCR5/B8nNtibg==}
    hasBin: true
@@ -8713,10 +8704,6 @@ packages:
    resolution: {integrity: sha512-GCfE1mtsHGOELCU8e/Z7YWzpmybrx/+dSTfLrvY8qRmaY6zXTKWn6WQIjaAFw069icm6GVMNkgu0NzI4iPZUNw==}
    engines: {node: '>=10'}

-  istanbul-lib-source-maps@5.0.6:
-    resolution: {integrity: sha512-yg2d+Em4KizZC5niWhQaIomgf5WlL4vOOjZ5xGCmF8SnPE/mDWWXgvRExdcpCgh9lLRRa1/fSYp2ymmbJ1pI+A==}
-    engines: {node: '>=10'}
-
  istanbul-reports@3.2.0:
    resolution: {integrity: sha512-HGYWWS/ehqTV3xN10i23tkPkpH46MLCIMFNCaaKNavAXTF1RkqxawEPtnjnGZ6XKSInBKkiOA5BKS+aZiY3AvA==}
    engines: {node: '>=8'}
@@ -9167,9 +9154,6 @@ packages:
  magic-string@0.30.21:
    resolution: {integrity: sha512-vd2F4YUyEXKGcLHoq+TEyCjxueSeHnFxyyjNp80yg0XV4vUhnDer/lvvlqM/arB5bXQN5K2/3oinyCRyx8T2CQ==}

-  magicast@0.3.5:
-    resolution: {integrity: sha512-L0WhttDl+2BOsybvEOLK7fW3UA0OQ0IQ2d6Zl2x/a6vVRs3bAY0ECOSHHeL5jD+SbOpOCUEi0y1DgHEn9Qn1AQ==}
-
  magicast@0.5.3:
    resolution: {integrity: sha512-pVKE4UdSQ7DvHzivsCIFx2BJn1mHG6KsyrFcaxFx6tONdneEuThrDx0Cj3AMg58KyN4pzYT+LHOotxDQDjNvkw==}

@@ -9275,6 +9259,9 @@ packages:
  media-chrome@4.19.0:
    resolution: {integrity: sha512-HWhDTwts+BSbdPkkB1VsJXp5kvL0IxY7xFT5tBwliM2+89kTPVTnHnev+9it2f9PweANjT/C8/C/S0PW9oyZbA==}

+  media-tracks@0.3.5:
+    resolution: {integrity: sha512-l54rkKXlLBt3ob3zOLWHcnjvwUmX5bNEZ70igyapOZZC9imzqBmq1oz8p2roiV04KhjblFIi2hetLPF1oYVLRA==}
+
  media-typer@0.3.0:
    resolution: {integrity: sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==}
    engines: {node: '>= 0.6'}
@@ -10691,11 +10678,12 @@ packages:
    peerDependencies:
      prettier: ^3.0.0

-  prettier-plugin-svelte@3.5.2:
-    resolution: {integrity: sha512-ItFouLvzSFE3ulNl4DKoWM3BGcbDCNVpIyy/Y3F2gC3aNiGLxtFUdffVqO5Z5hhYG+DFT5KULWaxmeFFpdbvaQ==}
+  prettier-plugin-svelte@4.1.0:
+    resolution: {integrity: sha512-YZkhA2Q9oOerFFG9tq+2f98WYT7Z2JgrybJrAyrB78jpsH9i/DdgplXemehuFPgsldetFNCcR/yCcYlDjPy94Q==}
+    engines: {node: '>=20'}
    peerDependencies:
      prettier: ^3.0.0
-      svelte: ^3.2.0 || ^4.0.0-next.0 || ^5.0.0-next.0
+      svelte: ^5.0.0

  prettier@3.8.3:
    resolution: {integrity: sha512-7igPTM53cGHMW8xWuVTydi2KO233VFiTNyF5hLJqpilHfmn8C8gPf+PS7dUT64YcXFbiMGZxS9pCSxL/Dxm/Jw==}
@@ -11250,6 +11238,11 @@ packages:
    engines: {node: '>=10'}
    hasBin: true

+  semver@7.8.1:
+    resolution: {integrity: sha512-rkVq3IXh+4FDGch+KwzX3aV9W3kO54GyEgpvBzSyctDA6Xtd7RJQV1xmXbeQp5v7+VzLOfVqiutSE6GICgPFvg==}
+    engines: {node: '>=10'}
+    hasBin: true
+
  send@0.19.2:
    resolution: {integrity: sha512-VMbMxbDeehAxpOtWJXlcUS5E8iXh6QmN+BkRX1GARS3wRaXEEgzCcB10gTQazO42tpNIya8xIyNx8fll1OFPrg==}
    engines: {node: '>= 0.8.0'}
@@ -11863,12 +11856,8 @@ packages:
    engines: {node: '>=10'}
    hasBin: true

-  test-exclude@7.0.2:
-    resolution: {integrity: sha512-u9E6A+ZDYdp7a4WnarkXPZOx8Ilz46+kby6p1yZ8zsGTz9gYa6FIS7lj2oezzNKmtdyyJNNmmXDppga5GB7kSw==}
-    engines: {node: '>=18'}
-
-  testcontainers@11.14.0:
-    resolution: {integrity: sha512-r9pniwv/iwzyHaI7gwAvAm4Y+IvjJg3vBWdjrUCaDMc2AXIr4jKbq7jJO18Mw2ybs73pZy1Aj7p/4RVBGMRWjg==}
+  testcontainers@12.0.1:
+    resolution: {integrity: sha512-EMjjfMNJf3HlL7V3elkxqKUO1r3CtqNBTdmKGwwma/lOtUGfoWvFJ0WQ/KQf1DHEMnRjLWzW4cXbv/Tndsbcbw==}

  text-decoder@1.2.7:
    resolution: {integrity: sha512-vlLytXkeP4xvEq2otHeJfSQIRyWxo/oZGEbXrtEEF9Hnmrdly59sUbzZ/QgyWuLYHctCHxFF4tRQZNQ9k60ExQ==}
@@ -11958,8 +11947,8 @@ packages:
    resolution: {integrity: sha512-WMi/OQ2axVTf/ykqCQgXiIct+mSQDFdH2fkwhPwgEwvJ1kSzZRiinb0zF2Xb8u4+OqPChmyI6MEu4EezNJz+FQ==}
    hasBin: true

-  tmp@0.2.5:
-    resolution: {integrity: sha512-voyz6MApa1rQGUxT3E+BK7/ROe8itEx7vD8/HEvt4xwXucvQ5G5oeEiHkmHZJuBO21RpOf+YYm9MOivj709jow==}
+  tmp@0.2.7:
+    resolution: {integrity: sha512-e0votIpp4Uo2AJYSzVHV6xCcawuiez3DzqDAbrTc3YxBkplN6e+dM13ZeIcZnDg/QpSuU2zfZ3rzwY8ukEnaXw==}
    engines: {node: '>=14.14'}

  to-regex-range@5.0.1:
@@ -12300,11 +12289,6 @@ packages:
    resolution: {integrity: sha512-6S5mCapmzcxetOD/2UEjL0GF5e4+gB07Dh8qs63xylw5ay4XuyW6iQs70FOJo/puf10LCkvhp4jYMQSDUBYEFg==}
    engines: {node: '>=10.0.0'}

-  uuid@10.0.0:
-    resolution: {integrity: sha512-8XkAphELsDnEGrDxUOHB3RGvXz6TeuYSGEZBOjtTtPm2lwhGBjLgOzLHB63IUWfBpNucQjND6d3AOudO+H3RWQ==}
-    deprecated: uuid@10 and below is no longer supported.  For ESM codebases, update to uuid@latest.  For CommonJS codebases, use uuid@11 (but be aware this version will likely be deprecated in 2028).
-    hasBin: true
-
  uuid@14.0.0:
    resolution: {integrity: sha512-Qo+uWgilfSmAhXCMav1uYFynlQO7fMFiMVZsQqZRMIXp0O7rR7qjkj+cPvBHLgBqi960QCoo/PH2/6ZtVqKvrg==}
    hasBin: true
@@ -13007,11 +12991,6 @@ snapshots:

  '@alloc/quick-lru@5.2.0': {}

-  '@ampproject/remapping@2.3.0':
-    dependencies:
-      '@jridgewell/gen-mapping': 0.3.13
-      '@jridgewell/trace-mapping': 0.3.31
-
  '@angular-devkit/core@19.2.24(chokidar@4.0.3)':
    dependencies:
      ajv: 8.18.0
@@ -13796,8 +13775,6 @@ snapshots:
    transitivePeerDependencies:
      - supports-color

-  '@babel/runtime@7.29.2': {}
-
  '@babel/runtime@7.29.7': {}

  '@babel/template@7.28.6':
@@ -14241,7 +14218,7 @@ snapshots:
      '@babel/preset-env': 7.29.5(@babel/core@7.29.0)
      '@babel/preset-react': 7.28.5(@babel/core@7.29.0)
      '@babel/preset-typescript': 7.28.5(@babel/core@7.29.0)
-      '@babel/runtime': 7.29.2
+      '@babel/runtime': 7.29.7
      '@babel/traverse': 7.29.0
      '@docusaurus/logger': 3.10.1
      '@docusaurus/utils': 3.10.1(clean-css@5.3.3)(cssnano@6.1.2(postcss@8.5.15))(html-minifier-terser@7.2.0)(postcss@8.5.15)(react-dom@19.2.6(react@19.2.6))(react@19.2.6)
@@ -14275,7 +14252,7 @@ snapshots:
      '@babel/preset-env': 7.29.5(@babel/core@7.29.0)
      '@babel/preset-react': 7.28.5(@babel/core@7.29.0)
      '@babel/preset-typescript': 7.28.5(@babel/core@7.29.0)
-      '@babel/runtime': 7.29.2
+      '@babel/runtime': 7.29.7
      '@babel/traverse': 7.29.0
      '@docusaurus/logger': 3.10.1
      '@docusaurus/utils': 3.10.1(postcss@8.5.15)(react-dom@19.2.6(react@19.2.6))(react@19.2.6)
@@ -14381,7 +14358,7 @@ snapshots:
      react-router: 5.3.4(react@19.2.6)
      react-router-config: 5.1.1(react-router@5.3.4(react@19.2.6))(react@19.2.6)
      react-router-dom: 5.3.4(react@19.2.6)
-      semver: 7.8.0
+      semver: 7.8.1
      serve-handler: 6.1.7
      tinypool: 1.1.1
      tslib: 2.8.1
@@ -15892,12 +15869,12 @@ snapshots:
      pg-connection-string: 2.13.0
      postgres: 3.4.9

-  '@immich/ui@0.79.2(@sveltejs/kit@2.60.1(@opentelemetry/api@1.9.1)(@sveltejs/vite-plugin-svelte@7.1.2(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@8.0.13(@types/node@24.12.4)(esbuild@0.28.0)(jiti@2.7.0)(sass@1.99.0)(terser@5.47.1)(tsx@4.22.3)(yaml@2.9.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(typescript@6.0.3)(vite@8.0.13(@types/node@24.12.4)(esbuild@0.28.0)(jiti@2.7.0)(sass@1.99.0)(terser@5.47.1)(tsx@4.22.3)(yaml@2.9.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))':
+  '@immich/ui@0.79.3(@sveltejs/kit@2.60.1(@opentelemetry/api@1.9.1)(@sveltejs/vite-plugin-svelte@7.1.2(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@8.0.13(@types/node@24.12.4)(esbuild@0.28.0)(jiti@2.7.0)(sass@1.99.0)(terser@5.47.1)(tsx@4.22.3)(yaml@2.9.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(typescript@6.0.3)(vite@8.0.13(@types/node@24.12.4)(esbuild@0.28.0)(jiti@2.7.0)(sass@1.99.0)(terser@5.47.1)(tsx@4.22.3)(yaml@2.9.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))':
    dependencies:
-      '@internationalized/date': 3.12.1
+      '@internationalized/date': 3.12.2
      '@mdi/js': 7.4.47
      '@sveltejs/kit': 2.60.1(@opentelemetry/api@1.9.1)(@sveltejs/vite-plugin-svelte@7.1.2(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@8.0.13(@types/node@24.12.4)(esbuild@0.28.0)(jiti@2.7.0)(sass@1.99.0)(terser@5.47.1)(tsx@4.22.3)(yaml@2.9.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(typescript@6.0.3)(vite@8.0.13(@types/node@24.12.4)(esbuild@0.28.0)(jiti@2.7.0)(sass@1.99.0)(terser@5.47.1)(tsx@4.22.3)(yaml@2.9.0))
-      bits-ui: 2.18.1(@internationalized/date@3.12.1)(@sveltejs/kit@2.60.1(@opentelemetry/api@1.9.1)(@sveltejs/vite-plugin-svelte@7.1.2(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@8.0.13(@types/node@24.12.4)(esbuild@0.28.0)(jiti@2.7.0)(sass@1.99.0)(terser@5.47.1)(tsx@4.22.3)(yaml@2.9.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(typescript@6.0.3)(vite@8.0.13(@types/node@24.12.4)(esbuild@0.28.0)(jiti@2.7.0)(sass@1.99.0)(terser@5.47.1)(tsx@4.22.3)(yaml@2.9.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))
+      bits-ui: 2.18.1(@internationalized/date@3.12.2)(@sveltejs/kit@2.60.1(@opentelemetry/api@1.9.1)(@sveltejs/vite-plugin-svelte@7.1.2(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@8.0.13(@types/node@24.12.4)(esbuild@0.28.0)(jiti@2.7.0)(sass@1.99.0)(terser@5.47.1)(tsx@4.22.3)(yaml@2.9.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(typescript@6.0.3)(vite@8.0.13(@types/node@24.12.4)(esbuild@0.28.0)(jiti@2.7.0)(sass@1.99.0)(terser@5.47.1)(tsx@4.22.3)(yaml@2.9.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))
      luxon: 3.7.2
      simple-icons: 16.20.0
      svelte: 5.55.8(@typescript-eslint/types@8.59.4)
@@ -16046,9 +16023,9 @@ snapshots:
    optionalDependencies:
      '@types/node': 24.12.4

-  '@internationalized/date@3.12.1':
+  '@internationalized/date@3.12.2':
    dependencies:
-      '@swc/helpers': 0.5.22
+      '@swc/helpers': 0.5.23

  '@ioredis/commands@1.5.1': {}

@@ -16065,8 +16042,6 @@ snapshots:
    dependencies:
      minipass: 7.1.3

-  '@istanbuljs/schema@0.1.6': {}
-
  '@jest/schemas@29.6.3':
    dependencies:
      '@sinclair/typebox': 0.27.10
@@ -16307,7 +16282,7 @@ snapshots:
      nopt: 5.0.0
      npmlog: 5.0.1
      rimraf: 3.0.2
-      semver: 7.8.0
+      semver: 7.8.1
      tar: 6.2.1
    transitivePeerDependencies:
      - encoding
@@ -16451,7 +16426,7 @@ snapshots:
      bullmq: 5.76.10
      tslib: 2.8.1

-  '@nestjs/cli@11.0.21(@swc/core@1.15.33(@swc/helpers@0.5.22))(@types/node@24.12.4)(esbuild@0.28.0)(lightningcss@1.32.0)(prettier@3.8.3)':
+  '@nestjs/cli@11.0.21(@swc/core@1.15.33(@swc/helpers@0.5.23))(@types/node@24.12.4)(esbuild@0.28.0)(lightningcss@1.32.0)(prettier@3.8.3)':
    dependencies:
      '@angular-devkit/core': 19.2.24(chokidar@4.0.3)
      '@angular-devkit/schematics': 19.2.24(chokidar@4.0.3)
@@ -16462,17 +16437,17 @@ snapshots:
      chokidar: 4.0.3
      cli-table3: 0.6.5
      commander: 4.1.1
-      fork-ts-checker-webpack-plugin: 9.1.0(typescript@5.9.3)(webpack@5.106.0(@swc/core@1.15.33(@swc/helpers@0.5.22))(esbuild@0.28.0)(lightningcss@1.32.0))
+      fork-ts-checker-webpack-plugin: 9.1.0(typescript@5.9.3)(webpack@5.106.0(@swc/core@1.15.33(@swc/helpers@0.5.23))(esbuild@0.28.0)(lightningcss@1.32.0))
      glob: 13.0.6
      node-emoji: 1.11.0
      ora: 5.4.1
      tsconfig-paths: 4.2.0
      tsconfig-paths-webpack-plugin: 4.2.0
      typescript: 5.9.3
-      webpack: 5.106.0(@swc/core@1.15.33(@swc/helpers@0.5.22))(esbuild@0.28.0)(lightningcss@1.32.0)
+      webpack: 5.106.0(@swc/core@1.15.33(@swc/helpers@0.5.23))(esbuild@0.28.0)(lightningcss@1.32.0)
      webpack-node-externals: 3.0.0
    optionalDependencies:
-      '@swc/core': 1.15.33(@swc/helpers@0.5.22)
+      '@swc/core': 1.15.33(@swc/helpers@0.5.23)
    transitivePeerDependencies:
      - '@minify-html/node'
      - '@swc/css'
@@ -17661,7 +17636,7 @@ snapshots:
  '@swc/core-win32-x64-msvc@1.15.33':
    optional: true

-  '@swc/core@1.15.33(@swc/helpers@0.5.22)':
+  '@swc/core@1.15.33(@swc/helpers@0.5.23)':
    dependencies:
      '@swc/counter': 0.1.3
      '@swc/types': 0.1.26
@@ -17678,11 +17653,11 @@ snapshots:
      '@swc/core-win32-arm64-msvc': 1.15.33
      '@swc/core-win32-ia32-msvc': 1.15.33
      '@swc/core-win32-x64-msvc': 1.15.33
-      '@swc/helpers': 0.5.22
+      '@swc/helpers': 0.5.23

  '@swc/counter@0.1.3': {}

-  '@swc/helpers@0.5.22':
+  '@swc/helpers@0.5.23':
    dependencies:
      tslib: 2.8.1

@@ -17765,7 +17740,7 @@ snapshots:
  '@testing-library/dom@10.4.1':
    dependencies:
      '@babel/code-frame': 7.29.0
-      '@babel/runtime': 7.29.2
+      '@babel/runtime': 7.29.7
      '@types/aria-query': 5.0.4
      aria-query: 5.3.0
      dom-accessibility-api: 0.5.16
@@ -17808,7 +17783,7 @@ snapshots:

  '@tokenizer/token@0.3.0': {}

-  '@trivago/prettier-plugin-sort-imports@6.0.2(prettier-plugin-svelte@3.5.2(prettier@3.8.3)(svelte@5.55.8(@typescript-eslint/types@8.59.4)))(prettier@3.8.3)(svelte@5.55.8(@typescript-eslint/types@8.59.4))':
+  '@trivago/prettier-plugin-sort-imports@6.0.2(prettier-plugin-svelte@4.1.0(prettier@3.8.3)(svelte@5.55.8(@typescript-eslint/types@8.59.4)))(prettier@3.8.3)(svelte@5.55.8(@typescript-eslint/types@8.59.4))':
    dependencies:
      '@babel/generator': 7.29.1
      '@babel/parser': 7.29.3
@@ -17820,7 +17795,7 @@ snapshots:
      parse-imports-exports: 0.2.4
      prettier: 3.8.3
    optionalDependencies:
-      prettier-plugin-svelte: 3.5.2(prettier@3.8.3)(svelte@5.55.8(@typescript-eslint/types@8.59.4))
+      prettier-plugin-svelte: 4.1.0(prettier@3.8.3)(svelte@5.55.8(@typescript-eslint/types@8.59.4))
      svelte: 5.55.8(@typescript-eslint/types@8.59.4)
    transitivePeerDependencies:
      - supports-color
@@ -18469,7 +18444,7 @@ snapshots:
      '@typescript-eslint/visitor-keys': 8.59.4
      debug: 4.4.3
      minimatch: 10.2.5
-      semver: 7.8.0
+      semver: 7.8.1
      tinyglobby: 0.2.16
      ts-api-utils: 2.5.0(typescript@6.0.3)
      typescript: 6.0.3
@@ -18503,24 +18478,19 @@ snapshots:
    dependencies:
      valibot: 1.4.0(typescript@6.0.3)

-  '@vitest/coverage-v8@3.2.4(vitest@3.2.4(@types/debug@4.1.13)(@types/node@24.12.4)(happy-dom@20.9.0)(jiti@2.7.0)(jsdom@26.1.0(canvas@3.2.3))(lightningcss@1.32.0)(sass@1.99.0)(terser@5.47.1)(tsx@4.22.3)(yaml@2.9.0))':
+  '@vitest/coverage-v8@4.1.7(vitest@3.2.4(@types/debug@4.1.13)(@types/node@24.12.4)(happy-dom@20.9.0)(jiti@2.7.0)(jsdom@26.1.0(canvas@3.2.3))(lightningcss@1.32.0)(sass@1.99.0)(terser@5.47.1)(tsx@4.22.3)(yaml@2.9.0))':
    dependencies:
-      '@ampproject/remapping': 2.3.0
      '@bcoe/v8-coverage': 1.0.2
-      ast-v8-to-istanbul: 0.3.12
-      debug: 4.4.3
+      '@vitest/utils': 4.1.7
+      ast-v8-to-istanbul: 1.0.0
      istanbul-lib-coverage: 3.2.2
      istanbul-lib-report: 3.0.1
-      istanbul-lib-source-maps: 5.0.6
      istanbul-reports: 3.2.0
-      magic-string: 0.30.21
-      magicast: 0.3.5
-      std-env: 3.10.0
-      test-exclude: 7.0.2
-      tinyrainbow: 2.0.0
+      magicast: 0.5.3
+      obug: 2.1.1
+      std-env: 4.1.0
+      tinyrainbow: 3.1.0
      vitest: 3.2.4(@types/debug@4.1.13)(@types/node@24.12.4)(happy-dom@20.9.0)(jiti@2.7.0)(jsdom@26.1.0(canvas@3.2.3))(lightningcss@1.32.0)(sass@1.99.0)(terser@5.47.1)(tsx@4.22.3)(yaml@2.9.0)
-    transitivePeerDependencies:
-      - supports-color

  '@vitest/coverage-v8@4.1.7(vitest@4.1.7)':
    dependencies:
@@ -18934,12 +18904,6 @@ snapshots:
    dependencies:
      '@mdn/browser-compat-data': 5.7.6

-  ast-v8-to-istanbul@0.3.12:
-    dependencies:
-      '@jridgewell/trace-mapping': 0.3.31
-      estree-walker: 3.0.3
-      js-tokens: 10.0.0
-
  ast-v8-to-istanbul@1.0.0:
    dependencies:
      '@jridgewell/trace-mapping': 0.3.31
@@ -19087,11 +19051,11 @@ snapshots:

  binary-extensions@2.3.0: {}

-  bits-ui@2.18.1(@internationalized/date@3.12.1)(@sveltejs/kit@2.60.1(@opentelemetry/api@1.9.1)(@sveltejs/vite-plugin-svelte@7.1.2(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@8.0.13(@types/node@24.12.4)(esbuild@0.28.0)(jiti@2.7.0)(sass@1.99.0)(terser@5.47.1)(tsx@4.22.3)(yaml@2.9.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(typescript@6.0.3)(vite@8.0.13(@types/node@24.12.4)(esbuild@0.28.0)(jiti@2.7.0)(sass@1.99.0)(terser@5.47.1)(tsx@4.22.3)(yaml@2.9.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4)):
+  bits-ui@2.18.1(@internationalized/date@3.12.2)(@sveltejs/kit@2.60.1(@opentelemetry/api@1.9.1)(@sveltejs/vite-plugin-svelte@7.1.2(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@8.0.13(@types/node@24.12.4)(esbuild@0.28.0)(jiti@2.7.0)(sass@1.99.0)(terser@5.47.1)(tsx@4.22.3)(yaml@2.9.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(typescript@6.0.3)(vite@8.0.13(@types/node@24.12.4)(esbuild@0.28.0)(jiti@2.7.0)(sass@1.99.0)(terser@5.47.1)(tsx@4.22.3)(yaml@2.9.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4)):
    dependencies:
      '@floating-ui/core': 1.7.5
      '@floating-ui/dom': 1.7.6
-      '@internationalized/date': 3.12.1
+      '@internationalized/date': 3.12.2
      esm-env: 1.2.2
      runed: 0.35.1(@sveltejs/kit@2.60.1(@opentelemetry/api@1.9.1)(@sveltejs/vite-plugin-svelte@7.1.2(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@8.0.13(@types/node@24.12.4)(esbuild@0.28.0)(jiti@2.7.0)(sass@1.99.0)(terser@5.47.1)(tsx@4.22.3)(yaml@2.9.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(typescript@6.0.3)(vite@8.0.13(@types/node@24.12.4)(esbuild@0.28.0)(jiti@2.7.0)(sass@1.99.0)(terser@5.47.1)(tsx@4.22.3)(yaml@2.9.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))
      svelte: 5.55.8(@typescript-eslint/types@8.59.4)
@@ -19569,7 +19533,7 @@ snapshots:
      dot-prop: 10.1.0
      env-paths: 3.0.0
      json-schema-typed: 8.0.2
-      semver: 7.8.0
+      semver: 7.8.1
      uint8array-extras: 1.5.0

  config-chain@1.1.13:
@@ -19741,7 +19705,7 @@ snapshots:
      postcss-modules-scope: 3.2.1(postcss@8.5.15)
      postcss-modules-values: 4.0.0(postcss@8.5.15)
      postcss-value-parser: 4.2.0
-      semver: 7.8.0
+      semver: 7.8.1
    optionalDependencies:
      webpack: 5.107.0(postcss@8.5.15)

@@ -19864,6 +19828,8 @@ snapshots:

  csstype@3.2.3: {}

+  custom-media-element@1.4.6: {}
+
  cytoscape-cose-bilkent@4.1.0(cytoscape@3.33.4):
    dependencies:
      cose-base: 1.0.3
@@ -20209,7 +20175,7 @@ snapshots:
    transitivePeerDependencies:
      - supports-color

-  dockerode@4.0.12:
+  dockerode@5.0.0:
    dependencies:
      '@balena/dockerignore': 1.0.2
      '@grpc/grpc-js': 1.14.3
@@ -20217,7 +20183,6 @@ snapshots:
      docker-modem: 5.0.7
      protobufjs: 7.6.0
      tar-fs: 2.1.4
-      uuid: 10.0.0
    transitivePeerDependencies:
      - supports-color

@@ -20609,7 +20574,7 @@ snapshots:
      find-up: 5.0.0
      globals: 15.15.0
      lodash.memoize: 4.1.2
-      semver: 7.8.0
+      semver: 7.8.1

  eslint-plugin-prettier@5.5.5(@types/eslint@9.6.1)(eslint-config-prettier@10.1.8(eslint@10.4.0(jiti@2.7.0)))(eslint@10.4.0(jiti@2.7.0))(prettier@3.8.3):
    dependencies:
@@ -20632,7 +20597,7 @@ snapshots:
      postcss: 8.5.15
      postcss-load-config: 3.1.4(postcss@8.5.15)
      postcss-safe-parser: 7.0.1(postcss@8.5.15)
-      semver: 7.8.0
+      semver: 7.8.1
      svelte-eslint-parser: 1.6.1(svelte@5.55.8(@typescript-eslint/types@8.59.4))
    optionalDependencies:
      svelte: 5.55.8(@typescript-eslint/types@8.59.4)
@@ -20656,7 +20621,7 @@ snapshots:
      pluralize: 8.0.0
      regexp-tree: 0.1.27
      regjsparser: 0.13.1
-      semver: 7.8.0
+      semver: 7.8.1
      strip-indent: 4.1.1

  eslint-scope@5.1.1:
@@ -21098,7 +21063,7 @@ snapshots:
      cross-spawn: 7.0.6
      signal-exit: 4.1.0

-  fork-ts-checker-webpack-plugin@9.1.0(typescript@5.9.3)(webpack@5.106.0(@swc/core@1.15.33(@swc/helpers@0.5.22))(esbuild@0.28.0)(lightningcss@1.32.0)):
+  fork-ts-checker-webpack-plugin@9.1.0(typescript@5.9.3)(webpack@5.106.0(@swc/core@1.15.33(@swc/helpers@0.5.23))(esbuild@0.28.0)(lightningcss@1.32.0)):
    dependencies:
      '@babel/code-frame': 7.29.0
      chalk: 4.1.2
@@ -21110,10 +21075,10 @@ snapshots:
      minimatch: 3.1.5
      node-abort-controller: 3.1.1
      schema-utils: 3.3.0
-      semver: 7.8.0
+      semver: 7.8.1
      tapable: 2.3.3
      typescript: 5.9.3
-      webpack: 5.106.0(@swc/core@1.15.33(@swc/helpers@0.5.22))(esbuild@0.28.0)(lightningcss@1.32.0)
+      webpack: 5.106.0(@swc/core@1.15.33(@swc/helpers@0.5.23))(esbuild@0.28.0)(lightningcss@1.32.0)

  form-data-encoder@2.1.4: {}

@@ -21546,13 +21511,21 @@ snapshots:

  history@4.10.1:
    dependencies:
-      '@babel/runtime': 7.29.2
+      '@babel/runtime': 7.29.7
      loose-envify: 1.4.0
      resolve-pathname: 3.0.0
      tiny-invariant: 1.3.3
      tiny-warning: 1.0.3
      value-equal: 1.0.1

+  hls-video-element@1.5.11:
+    dependencies:
+      custom-media-element: 1.4.6
+      hls.js: 1.6.16
+      media-tracks: 0.3.5
+
+  hls.js@1.6.16: {}
+
  hogan.js@3.0.2:
    dependencies:
      mkdirp: 0.3.0
@@ -21977,14 +21950,6 @@ snapshots:
      make-dir: 4.0.0
      supports-color: 7.2.0

-  istanbul-lib-source-maps@5.0.6:
-    dependencies:
-      '@jridgewell/trace-mapping': 0.3.31
-      debug: 4.4.3
-      istanbul-lib-coverage: 3.2.2
-    transitivePeerDependencies:
-      - supports-color
-
  istanbul-reports@3.2.0:
    dependencies:
      html-escaper: 2.0.2
@@ -22134,7 +22099,7 @@ snapshots:
      lodash.isstring: 4.0.1
      lodash.once: 4.1.1
      ms: 2.1.3
-      semver: 7.8.0
+      semver: 7.8.1

  just-compare@2.3.0: {}

@@ -22402,12 +22367,6 @@ snapshots:
    dependencies:
      '@jridgewell/sourcemap-codec': 1.5.5

-  magicast@0.3.5:
-    dependencies:
-      '@babel/parser': 7.29.3
-      '@babel/types': 7.29.0
-      source-map-js: 1.2.1
-
  magicast@0.5.3:
    dependencies:
      '@babel/parser': 7.29.3
@@ -22420,7 +22379,7 @@ snapshots:

  make-dir@4.0.0:
    dependencies:
-      semver: 7.8.0
+      semver: 7.8.1

  maplibre-gl@5.24.0:
    dependencies:
@@ -22656,6 +22615,8 @@ snapshots:
    transitivePeerDependencies:
      - react

+  media-tracks@0.3.5: {}
+
  media-typer@0.3.0: {}

  media-typer@1.1.0: {}
@@ -23255,7 +23216,7 @@ snapshots:

  node-abi@3.92.0:
    dependencies:
-      semver: 7.8.0
+      semver: 7.8.1
    optional: true

  node-abort-controller@3.1.1: {}
@@ -23296,7 +23257,7 @@ snapshots:
      graceful-fs: 4.2.11
      nopt: 9.0.0
      proc-log: 6.1.0
-      semver: 7.8.0
+      semver: 7.8.1
      tar: 7.5.15
      tinyglobby: 0.2.16
      undici: 6.25.0
@@ -23534,7 +23495,7 @@ snapshots:
      got: 12.6.1
      registry-auth-token: 5.1.1
      registry-url: 6.0.1
-      semver: 7.8.0
+      semver: 7.8.1

  package-manager-detector@1.6.0: {}

@@ -23922,7 +23883,7 @@ snapshots:
      cosmiconfig: 8.3.6(typescript@6.0.3)
      jiti: 1.21.7
      postcss: 8.5.15
-      semver: 7.8.0
+      semver: 7.8.1
      webpack: 5.107.0(postcss@8.5.15)
    transitivePeerDependencies:
      - typescript
@@ -24276,7 +24237,7 @@ snapshots:
    dependencies:
      prettier: 3.8.3

-  prettier-plugin-svelte@3.5.2(prettier@3.8.3)(svelte@5.55.8(@typescript-eslint/types@8.59.4)):
+  prettier-plugin-svelte@4.1.0(prettier@3.8.3)(svelte@5.55.8(@typescript-eslint/types@8.59.4)):
    dependencies:
      prettier: 3.8.3
      svelte: 5.55.8(@typescript-eslint/types@8.59.4)
@@ -24486,19 +24447,19 @@ snapshots:

  react-loadable-ssr-addon-v5-slorber@1.0.3(@docusaurus/react-loadable@6.0.0(react@19.2.6))(webpack@5.107.0(postcss@8.5.15)):
    dependencies:
-      '@babel/runtime': 7.29.2
+      '@babel/runtime': 7.29.7
      react-loadable: '@docusaurus/react-loadable@6.0.0(react@19.2.6)'
      webpack: 5.107.0(postcss@8.5.15)

  react-router-config@5.1.1(react-router@5.3.4(react@19.2.6))(react@19.2.6):
    dependencies:
-      '@babel/runtime': 7.29.2
+      '@babel/runtime': 7.29.7
      react: 19.2.6
      react-router: 5.3.4(react@19.2.6)

  react-router-dom@5.3.4(react@19.2.6):
    dependencies:
-      '@babel/runtime': 7.29.2
+      '@babel/runtime': 7.29.7
      history: 4.10.1
      loose-envify: 1.4.0
      prop-types: 15.8.1
@@ -24509,7 +24470,7 @@ snapshots:

  react-router@5.3.4(react@19.2.6):
    dependencies:
-      '@babel/runtime': 7.29.2
+      '@babel/runtime': 7.29.7
      history: 4.10.1
      hoist-non-react-statics: 3.3.2
      loose-envify: 1.4.0
@@ -24977,12 +24938,14 @@ snapshots:

  semver-diff@4.0.0:
    dependencies:
-      semver: 7.8.0
+      semver: 7.8.1

  semver@6.3.1: {}

  semver@7.8.0: {}

+  semver@7.8.1: {}
+
  send@0.19.2:
    dependencies:
      debug: 2.6.9
@@ -25097,7 +25060,7 @@ snapshots:
      detect-libc: 2.1.2
      node-addon-api: 8.7.0
      node-gyp: 12.3.0
-      semver: 7.8.0
+      semver: 7.8.1
    optionalDependencies:
      '@img/sharp-darwin-arm64': 0.34.5
      '@img/sharp-darwin-x64': 0.34.5
@@ -25517,7 +25480,7 @@ snapshots:
      postcss: 8.5.15
      postcss-scss: 4.0.9(postcss@8.5.15)
      postcss-selector-parser: 7.1.1
-      semver: 7.8.0
+      semver: 7.8.1
    optionalDependencies:
      svelte: 5.55.8(@typescript-eslint/types@8.59.4)

@@ -25775,15 +25738,15 @@ snapshots:
      - bare-abort-controller
      - react-native-b4a

-  terser-webpack-plugin@5.6.0(@swc/core@1.15.33(@swc/helpers@0.5.22))(esbuild@0.28.0)(lightningcss@1.32.0)(webpack@5.106.0(@swc/core@1.15.33(@swc/helpers@0.5.22))(esbuild@0.28.0)(lightningcss@1.32.0)):
+  terser-webpack-plugin@5.6.0(@swc/core@1.15.33(@swc/helpers@0.5.23))(esbuild@0.28.0)(lightningcss@1.32.0)(webpack@5.106.0(@swc/core@1.15.33(@swc/helpers@0.5.23))(esbuild@0.28.0)(lightningcss@1.32.0)):
    dependencies:
      '@jridgewell/trace-mapping': 0.3.31
      jest-worker: 27.5.1
      schema-utils: 4.3.3
      terser: 5.47.1
-      webpack: 5.106.0(@swc/core@1.15.33(@swc/helpers@0.5.22))(esbuild@0.28.0)(lightningcss@1.32.0)
+      webpack: 5.106.0(@swc/core@1.15.33(@swc/helpers@0.5.23))(esbuild@0.28.0)(lightningcss@1.32.0)
    optionalDependencies:
-      '@swc/core': 1.15.33(@swc/helpers@0.5.22)
+      '@swc/core': 1.15.33(@swc/helpers@0.5.23)
      esbuild: 0.28.0
      lightningcss: 1.32.0

@@ -25817,13 +25780,7 @@ snapshots:
      commander: 2.20.3
      source-map-support: 0.5.21

-  test-exclude@7.0.2:
-    dependencies:
-      '@istanbuljs/schema': 0.1.6
-      glob: 10.5.0
-      minimatch: 10.2.5
-
-  testcontainers@11.14.0:
+  testcontainers@12.0.1:
    dependencies:
      '@balena/dockerignore': 1.0.2
      '@types/dockerode': 4.0.1
@@ -25832,13 +25789,13 @@ snapshots:
      byline: 5.0.0
      debug: 4.4.3
      docker-compose: 1.4.2
-      dockerode: 4.0.12
+      dockerode: 5.0.0
      get-port: 7.2.0
      proper-lockfile: 4.1.2
      properties-reader: 3.0.1
      ssh-remote-port-forward: 1.0.4
      tar-fs: 3.1.2
-      tmp: 0.2.5
+      tmp: 0.2.7
      undici: 7.25.0
    transitivePeerDependencies:
      - bare-abort-controller
@@ -25919,7 +25876,7 @@ snapshots:
      tldts-core: 6.1.86
    optional: true

-  tmp@0.2.5: {}
+  tmp@0.2.7: {}

  to-regex-range@5.0.1:
    dependencies:
@@ -26190,10 +26147,10 @@ snapshots:

  unpipe@1.0.0: {}

-  unplugin-swc@1.5.9(@swc/core@1.15.33(@swc/helpers@0.5.22))(rollup@4.60.4):
+  unplugin-swc@1.5.9(@swc/core@1.15.33(@swc/helpers@0.5.23))(rollup@4.60.4):
    dependencies:
      '@rollup/pluginutils': 5.3.0(rollup@4.60.4)
-      '@swc/core': 1.15.33(@swc/helpers@0.5.22)
+      '@swc/core': 1.15.33(@swc/helpers@0.5.23)
      load-tsconfig: 0.2.5
      unplugin: 2.3.11
    transitivePeerDependencies:
@@ -26225,7 +26182,7 @@ snapshots:
      is-yarn-global: 0.4.1
      latest-version: 7.0.0
      pupa: 3.3.0
-      semver: 7.8.0
+      semver: 7.8.1
      semver-diff: 4.0.0
      xdg-basedir: 5.1.0

@@ -26269,8 +26226,6 @@ snapshots:
      - encoding
      - supports-color

-  uuid@10.0.0: {}
-
  uuid@14.0.0: {}

  uuid@8.3.2: {}
@@ -26592,7 +26547,7 @@ snapshots:

  webpack-virtual-modules@0.6.2: {}

-  webpack@5.106.0(@swc/core@1.15.33(@swc/helpers@0.5.22))(esbuild@0.28.0)(lightningcss@1.32.0):
+  webpack@5.106.0(@swc/core@1.15.33(@swc/helpers@0.5.23))(esbuild@0.28.0)(lightningcss@1.32.0):
    dependencies:
      '@types/eslint-scope': 3.7.7
      '@types/estree': 1.0.9
@@ -26616,7 +26571,7 @@ snapshots:
      neo-async: 2.6.2
      schema-utils: 4.3.3
      tapable: 2.3.3
-      terser-webpack-plugin: 5.6.0(@swc/core@1.15.33(@swc/helpers@0.5.22))(esbuild@0.28.0)(lightningcss@1.32.0)(webpack@5.106.0(@swc/core@1.15.33(@swc/helpers@0.5.22))(esbuild@0.28.0)(lightningcss@1.32.0))
+      terser-webpack-plugin: 5.6.0(@swc/core@1.15.33(@swc/helpers@0.5.23))(esbuild@0.28.0)(lightningcss@1.32.0)(webpack@5.106.0(@swc/core@1.15.33(@swc/helpers@0.5.23))(esbuild@0.28.0)(lightningcss@1.32.0))
      watchpack: 2.5.1
      webpack-sources: 3.4.1
    transitivePeerDependencies:
@@ -1,4 +1,4 @@
-FROM ghcr.io/immich-app/base-server-dev:202605051129@sha256:d07d8fcdb7e9f3ac22a811e87761ebf341ed0bb91956b89097540c2ed3fb9ca3 AS builder
+FROM ghcr.io/immich-app/base-server-dev:202606021219@sha256:63fa91aa011f6f2921dd32fe6d1be8d637e9bd7f3e3dd0c8e446afb31b282af4 AS builder
 ENV COREPACK_ENABLE_DOWNLOAD_PROMPT=0 \
  CI=1 \
  COREPACK_HOME=/tmp \
@@ -56,7 +56,7 @@ FROM builder AS plugins

 ARG TARGETPLATFORM

-COPY --from=ghcr.io/jdx/mise:2026.5.11@sha256:2ba959e4827f845fe0c4cfb4814089e790dc513040ef74f9e14925f446412a51 /usr/local/bin/mise /usr/local/bin/mise
+COPY --from=ghcr.io/jdx/mise:2026.5.18@sha256:5bb3311994fa78cef307ca3077cdb18f9551da0886371fc26ea91ab56220ffc5 /usr/local/bin/mise /usr/local/bin/mise

 WORKDIR /app
 COPY ./mise.toml ./mise.toml
@@ -80,7 +80,7 @@ RUN --mount=type=cache,id=pnpm-packages,target=/buildcache/pnpm-store \
  --mount=type=cache,id=mise-tools-${TARGETPLATFORM},target=/buildcache/mise \
  mise //:plugins

-FROM ghcr.io/immich-app/base-server-prod:202605051129@sha256:50f7ffe4ed31e360c90c4905bd5f6658f2a121297544e3fe9368e338b3f76bcd
+FROM ghcr.io/immich-app/base-server-prod:202606021219@sha256:6ef9ef5859492149af770a6c884b5e2ddbaeef99f8885ea5f2d9f73625a3d9ec

 WORKDIR /usr/src/app
 ENV NODE_ENV=production \
@@ -1,8 +1,8 @@
 # dev build
-FROM ghcr.io/immich-app/base-server-dev:202605051129@sha256:d07d8fcdb7e9f3ac22a811e87761ebf341ed0bb91956b89097540c2ed3fb9ca3 AS dev
+FROM ghcr.io/immich-app/base-server-dev:202606021219@sha256:63fa91aa011f6f2921dd32fe6d1be8d637e9bd7f3e3dd0c8e446afb31b282af4 AS dev


-COPY --from=ghcr.io/jdx/mise:2026.5.11@sha256:2ba959e4827f845fe0c4cfb4814089e790dc513040ef74f9e14925f446412a51 /usr/local/bin/mise /usr/local/bin/mise
+COPY --from=ghcr.io/jdx/mise:2026.5.18@sha256:5bb3311994fa78cef307ca3077cdb18f9551da0886371fc26ea91ab56220ffc5 /usr/local/bin/mise /usr/local/bin/mise

 RUN echo "devdir=/buildcache/node-gyp" >> /usr/local/etc/npmrc && \
  echo "store-dir=/buildcache/pnpm-store" >> /usr/local/etc/npmrc && \
@@ -106,7 +106,7 @@
    "reflect-metadata": "^0.2.0",
    "rxjs": "^7.8.1",
    "sanitize-filename": "^1.6.3",
-    "semver": "^7.6.2",
+    "semver": "^7.8.1",
    "sharp": "^0.34.5",
    "sirv": "^3.0.0",
    "socket.io": "^4.8.1",
@@ -147,7 +147,7 @@
    "@types/supertest": "^7.0.0",
    "@types/ua-parser-js": "^0.7.36",
    "@types/validator": "^13.15.2",
-    "@vitest/coverage-v8": "^3.0.0",
+    "@vitest/coverage-v8": "^4.0.0",
    "eslint": "^10.0.0",
    "eslint-config-prettier": "^10.1.8",
    "eslint-plugin-prettier": "^5.1.3",
@@ -160,7 +160,7 @@
    "sql-formatter": "^15.0.0",
    "supertest": "^7.1.0",
    "tailwindcss": "^3.4.0",
-    "testcontainers": "^11.0.0",
+    "testcontainers": "^12.0.0",
    "typescript": "^6.0.0",
    "typescript-eslint": "^8.28.0",
    "unplugin-swc": "^1.4.5",
@@ -1,4 +1,5 @@
 import { CronExpression } from '@nestjs/schedule';
+import { ReleaseChannel } from 'src/dtos/system-config.dto';
 import {
  AudioCodec,
  Colorspace,
@@ -45,6 +46,9 @@ export type SystemConfig = {
    accel: TranscodeHardwareAcceleration;
    accelDecode: boolean;
    tonemap: ToneMapping;
+    realtime: {
+      enabled: boolean;
+    };
  };
  job: Record<ConcurrentQueueName, { concurrency: number }>;
  logging: {
@@ -135,6 +139,7 @@ export type SystemConfig = {
  };
  newVersionCheck: {
    enabled: boolean;
+    channel: ReleaseChannel;
  };
  nightlyTasks: {
    startTime: string;
@@ -224,6 +229,9 @@ export const defaults = Object.freeze<SystemConfig>({
    tonemap: ToneMapping.Hable,
    accel: TranscodeHardwareAcceleration.Disabled,
    accelDecode: true,
+    realtime: {
+      enabled: false,
+    },
  },
  job: {
    [QueueName.BackgroundTask]: { concurrency: 5 },
@@ -344,6 +352,7 @@ export const defaults = Object.freeze<SystemConfig>({
  },
  newVersionCheck: {
    enabled: true,
+    channel: ReleaseChannel.Stable,
  },
  nightlyTasks: {
    startTime: '00:00',
@@ -1,7 +1,15 @@
 import { readFileSync } from 'node:fs';
 import { dirname, join } from 'node:path';
 import { SemVer } from 'semver';
-import { ApiTag, AudioCodec, DatabaseExtension, ExifOrientation, VectorIndex } from 'src/enum';
+import {
+  ApiTag,
+  AudioCodec,
+  DatabaseExtension,
+  ExifOrientation,
+  TranscodeHardwareAcceleration,
+  VectorIndex,
+  VideoCodec,
+} from 'src/enum';

 export const IMMICH_SERVER_START = 'Immich Server is listening';

@@ -202,3 +210,32 @@ export const AUDIO_ENCODER: Record<AudioCodec, string> = {
  [AudioCodec.Opus]: 'libopus',
  [AudioCodec.PcmS16le]: 'pcm_s16le',
 };
+
+export const SUPPORTED_HWA_CODECS: Record<TranscodeHardwareAcceleration, VideoCodec[]> = {
+  [TranscodeHardwareAcceleration.Nvenc]: [VideoCodec.H264, VideoCodec.Hevc, VideoCodec.Av1],
+  [TranscodeHardwareAcceleration.Qsv]: [VideoCodec.H264, VideoCodec.Hevc, VideoCodec.Vp9, VideoCodec.Av1],
+  [TranscodeHardwareAcceleration.Vaapi]: [VideoCodec.H264, VideoCodec.Hevc, VideoCodec.Vp9, VideoCodec.Av1],
+  [TranscodeHardwareAcceleration.Rkmpp]: [VideoCodec.H264, VideoCodec.Hevc],
+  [TranscodeHardwareAcceleration.Disabled]: [VideoCodec.H264, VideoCodec.Hevc, VideoCodec.Vp9, VideoCodec.Av1],
+};
+
+export const HLS_BACKPRESSURE_PAUSE_SEGMENTS = 30;
+export const HLS_BACKPRESSURE_RESUME_SEGMENTS = 15;
+export const HLS_CLEANUP_INTERVAL_MS = 60 * 1000;
+export const HLS_INACTIVITY_TIMEOUT_MS = 5 * 60 * 1000;
+export const HLS_LEASE_DURATION_MS = 30 * 60 * 1000;
+export const HLS_PLAYLIST_CONTENT_TYPE = 'application/vnd.apple.mpegurl';
+export const HLS_SEGMENT_DURATION = 2;
+export const HLS_SEGMENT_FILENAME_REGEX = /^seg_(\d+)\.m4s$/;
+export const HLS_VARIANTS = [
+  { resolution: 480, codec: VideoCodec.Av1, bitrate: 1_000_000, codecString: 'av01.0.04M.08' },
+  { resolution: 480, codec: VideoCodec.Hevc, bitrate: 1_200_000, codecString: 'hvc1.1.6.L90.B0' },
+  { resolution: 480, codec: VideoCodec.H264, bitrate: 2_500_000, codecString: 'avc1.64001e' },
+  { resolution: 720, codec: VideoCodec.Av1, bitrate: 2_000_000, codecString: 'av01.0.08M.08' },
+  { resolution: 720, codec: VideoCodec.Hevc, bitrate: 2_500_000, codecString: 'hvc1.1.6.L93.B0' },
+  { resolution: 720, codec: VideoCodec.H264, bitrate: 5_000_000, codecString: 'avc1.64001f' },
+  { resolution: 1080, codec: VideoCodec.Av1, bitrate: 4_000_000, codecString: 'av01.0.09M.08' },
+  { resolution: 1080, codec: VideoCodec.Hevc, bitrate: 4_500_000, codecString: 'hvc1.1.6.L120.B0' },
+  { resolution: 1080, codec: VideoCodec.H264, bitrate: 8_000_000, codecString: 'avc1.640028' },
+];
+export const HLS_VERSION = 7;
@@ -35,6 +35,7 @@ import { TimelineController } from 'src/controllers/timeline.controller';
 import { TrashController } from 'src/controllers/trash.controller';
 import { UserAdminController } from 'src/controllers/user-admin.controller';
 import { UserController } from 'src/controllers/user.controller';
+import { VideoStreamController } from 'src/controllers/video-stream.controller';
 import { ViewController } from 'src/controllers/view.controller';
 import { WorkflowController } from 'src/controllers/workflow.controller';

@@ -76,6 +77,7 @@ export const controllers = [
  TrashController,
  UserAdminController,
  UserController,
+  VideoStreamController,
  ViewController,
  WorkflowController,
 ];
@@ -0,0 +1,79 @@
+import { Controller, Delete, Get, Header, HttpCode, HttpStatus, Next, Param, Res } from '@nestjs/common';
+import { ApiProduces, ApiTags } from '@nestjs/swagger';
+import { NextFunction, Response } from 'express';
+import { HLS_PLAYLIST_CONTENT_TYPE } from 'src/constants';
+import { Endpoint, HistoryBuilder } from 'src/decorators';
+import { AuthDto } from 'src/dtos/auth.dto';
+import { HlsSegmentParamDto, HlsSessionParamDto, HlsVariantParamDto } from 'src/dtos/streaming.dto';
+import { ApiTag, Permission, RouteKey } from 'src/enum';
+import { Auth, Authenticated, FileResponse } from 'src/middleware/auth.guard';
+import { LoggingRepository } from 'src/repositories/logging.repository';
+import { HlsService } from 'src/services/hls.service';
+import { sendFile } from 'src/utils/file';
+import { UUIDParamDto } from 'src/validation';
+
+@ApiTags(ApiTag.Assets)
+@Controller(RouteKey.Asset)
+export class VideoStreamController {
+  constructor(
+    private logger: LoggingRepository,
+    private service: HlsService,
+  ) {}
+
+  @Get(':id/video/stream/main.m3u8')
+  @Authenticated({ permission: Permission.AssetView, sharedLink: true })
+  @Header('Cache-Control', 'no-cache')
+  @Header('Content-Type', HLS_PLAYLIST_CONTENT_TYPE)
+  @ApiProduces(HLS_PLAYLIST_CONTENT_TYPE)
+  @Endpoint({
+    summary: 'Get HLS main playlist',
+    description: 'Returns an HLS main playlist with all available variants for the asset.',
+    history: new HistoryBuilder().added('v3').alpha('v3'),
+  })
+  getMainPlaylist(@Auth() auth: AuthDto, @Param() { id }: UUIDParamDto) {
+    return this.service.getMainPlaylist(auth, id);
+  }
+
+  @Get(':id/video/stream/:sessionId/:variantIndex/playlist.m3u8')
+  @Authenticated({ permission: Permission.AssetView, sharedLink: true })
+  @Header('Cache-Control', 'no-cache')
+  @Header('Content-Type', HLS_PLAYLIST_CONTENT_TYPE)
+  @ApiProduces(HLS_PLAYLIST_CONTENT_TYPE)
+  @Endpoint({
+    summary: 'Get HLS media playlist',
+    description: 'Returns an HLS media playlist for one variant of the streaming session.',
+    history: new HistoryBuilder().added('v3').alpha('v3'),
+  })
+  getMediaPlaylist(@Auth() auth: AuthDto, @Param() { id, sessionId }: HlsVariantParamDto) {
+    return this.service.getMediaPlaylist(auth, id, sessionId);
+  }
+
+  @Get(':id/video/stream/:sessionId/:variantIndex/:filename')
+  @FileResponse()
+  @Authenticated({ permission: Permission.AssetView, sharedLink: true })
+  @Endpoint({
+    summary: 'Get HLS segment or init file',
+    description: 'Streams an HLS init segment (init.mp4) or media segment (seg_N.m4s).',
+    history: new HistoryBuilder().added('v3').alpha('v3'),
+  })
+  async getSegment(
+    @Auth() auth: AuthDto,
+    @Param() { id, sessionId, variantIndex, filename }: HlsSegmentParamDto,
+    @Res() res: Response,
+    @Next() next: NextFunction,
+  ) {
+    await sendFile(res, next, () => this.service.getSegment(auth, id, sessionId, variantIndex, filename), this.logger);
+  }
+
+  @Delete(':id/video/stream/:sessionId')
+  @HttpCode(HttpStatus.NO_CONTENT)
+  @Authenticated({ permission: Permission.AssetView, sharedLink: true })
+  @Endpoint({
+    summary: 'End HLS streaming session',
+    description: 'Releases server resources for the streaming session.',
+    history: new HistoryBuilder().added('v3').alpha('v3'),
+  })
+  async endSession(@Auth() auth: AuthDto, @Param() { id, sessionId }: HlsSessionParamDto) {
+    await this.service.endSession(auth, id, sessionId);
+  }
+}
@@ -35,6 +35,10 @@ export interface MoveRequest {

 export type ThumbnailPathEntity = { id: string; ownerId: string };

+export type HlsSessionFolder = { ownerId: string; sessionId: string };
+
+export type HlsVariantFolder = { ownerId: string; sessionId: string; variantIndex: number };
+
 export type ImagePathOptions = { fileType: AssetFileType; format: ImageFormat | RawExtractedFormat; isEdited: boolean };

 let instance: StorageCore | null;
@@ -125,6 +129,14 @@ export class StorageCore {
    return StorageCore.getNestedPath(StorageFolder.EncodedVideo, asset.ownerId, `${asset.id}.mp4`);
  }

+  static getHlsSessionFolder({ ownerId, sessionId }: HlsSessionFolder) {
+    return StorageCore.getNestedPath(StorageFolder.EncodedVideo, ownerId, sessionId);
+  }
+
+  static getHlsVariantFolder({ ownerId, sessionId, variantIndex }: HlsVariantFolder) {
+    return join(StorageCore.getHlsSessionFolder({ ownerId, sessionId }), variantIndex.toString());
+  }
+
  static getAndroidMotionPath(asset: ThumbnailPathEntity, uuid: string) {
    return StorageCore.getNestedPath(StorageFolder.EncodedVideo, asset.ownerId, `${uuid}-MP.mp4`);
  }
@@ -265,3 +265,13 @@ export class HistoryBuilder {
    return this;
  }
 }
+
+// eslint-disable-next-line @typescript-eslint/no-unsafe-function-type
+export const extraModels: Function[] = [];
+
+export const ExtraModel = (): ClassDecorator => {
+  // eslint-disable-next-line unicorn/consistent-function-scoping, @typescript-eslint/no-unsafe-function-type
+  return (object: Function) => {
+    extraModels.push(object);
+  };
+};
@@ -1,5 +1,6 @@
 import { createZodDto } from 'nestjs-zod';
 import type { SemVer } from 'semver';
+import { ExtraModel, HistoryBuilder } from 'src/decorators';
 import { isoDatetimeToDate } from 'src/validation';
 import z from 'zod';

@@ -58,9 +59,15 @@ const ServerStorageResponseSchema = z

 const ServerVersionResponseSchema = z
  .object({
-    major: z.int().describe('Major version number'),
-    minor: z.int().describe('Minor version number'),
-    patch: z.int().describe('Patch version number'),
+    major: z.int().min(0).describe('Major version number'),
+    minor: z.int().min(0).describe('Minor version number'),
+    patch: z.int().min(0).describe('Patch version number'),
+    prerelease: z
+      .int()
+      .min(0)
+      .nullable()
+      .meta(HistoryBuilder.v3().getExtensions())
+      .describe('Pre-release version number'),
  })
  .meta({ id: 'ServerVersionResponseDto' });

@@ -117,6 +124,7 @@ const ServerConfigSchema = z
    mapDarkStyleUrl: z.string().describe('Map dark style URL'),
    mapLightStyleUrl: z.string().describe('Map light style URL'),
    maintenanceMode: z.boolean().describe('Whether maintenance mode is active'),
+    minFaces: z.int().describe('People min faces server default'),
  })
  .meta({ id: 'ServerConfigDto' });

@@ -137,9 +145,30 @@ const ServerFeaturesSchema = z
    search: z.boolean().describe('Whether search is enabled'),
    email: z.boolean().describe('Whether email notifications are enabled'),
    ocr: z.boolean().describe('Whether OCR is enabled'),
+    realtimeTranscoding: z.boolean().describe('Whether real-time transcoding is enabled'),
  })
  .meta({ id: 'ServerFeaturesDto' });

+export enum ReleaseType {
+  Major = 'major',
+  Premajor = 'premajor',
+  Minor = 'minor',
+  Preminor = 'preminor',
+  Patch = 'patch',
+  Prepatch = 'prepatch',
+  Prerelease = 'prerelease',
+}
+
+const ReleaseTypeSchema = z.enum(ReleaseType).meta({ id: 'ReleaseType' }).describe('Release type');
+
+const ReleaseEventV1Schema = z.object({
+  isAvailable: z.boolean().describe('Whether a new version is available'),
+  checkedAt: z.string().describe('When the server last checked for a latest version. As an ISO timestamp'),
+  serverVersion: ServerVersionResponseSchema,
+  releaseVersion: ServerVersionResponseSchema,
+  type: ReleaseTypeSchema.nullable(),
+});
+
 export class ServerPingResponse extends createZodDto(ServerPingResponseSchema) {}
 export class ServerAboutResponseDto extends createZodDto(ServerAboutResponseSchema) {}
 export class ServerApkLinksDto extends createZodDto(ServerApkLinksSchema) {}
@@ -147,7 +176,12 @@ export class ServerStorageResponseDto extends createZodDto(ServerStorageResponse

 export class ServerVersionResponseDto extends createZodDto(ServerVersionResponseSchema) {
  static fromSemVer(value: SemVer): z.infer<typeof ServerVersionResponseSchema> {
-    return { major: value.major, minor: value.minor, patch: value.patch };
+    return {
+      major: value.major,
+      minor: value.minor,
+      patch: value.patch,
+      prerelease: (value.prerelease[1] as number) ?? null,
+    };
  }
 }

@@ -158,10 +192,5 @@ export class ServerMediaTypesResponseDto extends createZodDto(ServerMediaTypesRe
 export class ServerConfigDto extends createZodDto(ServerConfigSchema) {}
 export class ServerFeaturesDto extends createZodDto(ServerFeaturesSchema) {}

-export interface ReleaseNotification {
-  isAvailable: boolean;
-  /** ISO8601 */
-  checkedAt: string;
-  serverVersion: ServerVersionResponseDto;
-  releaseVersion: ServerVersionResponseDto;
-}
+@ExtraModel()
+export class ReleaseEventV1 extends createZodDto(ReleaseEventV1Schema) {}
@@ -0,0 +1,26 @@
+import { createZodDto } from 'nestjs-zod';
+import z from 'zod';
+
+const HlsSessionParamSchema = z.object({
+  id: z.uuidv4(),
+  sessionId: z.uuidv4(),
+});
+
+export class HlsSessionParamDto extends createZodDto(HlsSessionParamSchema) {}
+
+const HlsVariantParamSchema = z.object({
+  id: z.uuidv4(),
+  sessionId: z.uuidv4(),
+  variantIndex: z.coerce.number().int().min(0),
+});
+
+export class HlsVariantParamDto extends createZodDto(HlsVariantParamSchema) {}
+
+const HlsSegmentParamSchema = z.object({
+  id: z.uuidv4(),
+  sessionId: z.uuidv4(),
+  variantIndex: z.coerce.number().int().min(0),
+  filename: z.string().regex(/^(init\.mp4|seg_\d+\.m4s)$/, { error: 'Invalid HLS segment filename' }),
+});
+
+export class HlsSegmentParamDto extends createZodDto(HlsSegmentParamSchema) {}
@@ -1,5 +1,5 @@
-/* eslint-disable @typescript-eslint/no-unsafe-function-type */
 import { createZodDto } from 'nestjs-zod';
+import { ExtraModel } from 'src/decorators';
 import { AssetEditActionSchema } from 'src/dtos/editing.dto';
 import {
  AlbumUserRole,
@@ -17,15 +17,6 @@ import {
 import { isoDatetimeToDate } from 'src/validation';
 import z from 'zod';

-export const extraSyncModels: Function[] = [];
-
-const ExtraModel = (): ClassDecorator => {
-  // eslint-disable-next-line unicorn/consistent-function-scoping
-  return (object: Function) => {
-    extraSyncModels.push(object);
-  };
-};
-
 const SyncUserV1Schema = z
  .object({
    id: z.string().describe('User ID'),
@@ -79,6 +79,11 @@ const SystemConfigFFmpegSchema = z
    accel: TranscodeHardwareAccelerationSchema,
    accelDecode: configBool.describe('Accelerated decode'),
    tonemap: ToneMappingSchema,
+    realtime: z
+      .object({
+        enabled: configBool.describe('Enable real-time HLS transcoding (alpha)'),
+      })
+      .meta({ id: 'SystemConfigFFmpegRealtimeDto' }),
  })
  .meta({ id: 'SystemConfigFFmpegDto' });

@@ -151,8 +156,15 @@ const SystemConfigMapSchema = z
  })
  .meta({ id: 'SystemConfigMapDto' });

+export enum ReleaseChannel {
+  Stable = 'stable',
+  ReleaseCandidate = 'releaseCandidate',
+}
+
+const ReleaseChannelSchema = z.enum(ReleaseChannel).describe('Release channel').meta({ id: 'ReleaseChannel' });
+
 const SystemConfigNewVersionCheckSchema = z
-  .object({ enabled: configBool.describe('Enabled') })
+  .object({ enabled: configBool.describe('Enabled'), channel: ReleaseChannelSchema })
  .meta({ id: 'SystemConfigNewVersionCheckDto' });

 const SystemConfigNightlyTasksSchema = z
@@ -45,6 +45,7 @@ const PeopleUpdateSchema = z
  .object({
    enabled: z.boolean().optional().describe('Whether people are enabled'),
    sidebarWeb: z.boolean().optional().describe('Whether people appear in web sidebar'),
+    minimumFaces: z.int().min(1).optional().describe('People face threshold'),
  })
  .optional()
  .meta({ id: 'PeopleUpdate' });
@@ -138,6 +139,7 @@ const PeopleResponseSchema = z
  .object({
    enabled: z.boolean().describe('Whether people are enabled'),
    sidebarWeb: z.boolean().describe('Whether people appear in web sidebar'),
+    minimumFaces: z.int().min(1).optional().describe('People face threshold'),
  })
  .meta({ id: 'PeopleResponse' });

@@ -453,11 +453,7 @@ export enum VideoCodec {

 export const VideoCodecSchema = z.enum(VideoCodec).describe('Target video codec').meta({ id: 'VideoCodec' });

-export enum VideoSegmentCodec {
-  Av1 = 'av1',
-  Hevc = 'hevc',
-  H264 = 'h264',
-}
+export type VideoSegmentCodec = VideoCodec.Av1 | VideoCodec.Hevc | VideoCodec.H264;

 export enum AudioCodec {
  Mp3 = 'mp3',
@@ -827,6 +823,8 @@ export enum JobName {
  LibrarySyncFiles = 'LibrarySyncFiles',
  LibraryScanQueueAll = 'LibraryScanQueueAll',

+  HlsSessionCleanup = 'HlsSessionCleanup',
+
  MemoryCleanup = 'MemoryCleanup',
  MemoryGenerate = 'MemoryGenerate',

@@ -920,6 +918,7 @@ export enum DatabaseLock {
  MaintenanceOperation = 621,
  MemoryCreation = 777,
  VersionCheck = 800,
+  HlsSessionCleanup = 850,
 }

 export enum MaintenanceAction {
@@ -42,7 +42,18 @@ group by
 having
  (
    "person"."name" != $3
-    or count("asset_face"."assetId") >= $4
+    or count("asset_face"."assetId") >= COALESCE(
+      (
+        SELECT
+          value -> 'people' ->> 'minimumFaces'
+        FROM
+          user_metadata
+        WHERE
+          "userId" = $4
+          AND key = 'preferences'
+      ),
+      '3'
+    )::int
  )
 order by
  "person"."isHidden" asc,
@@ -7,6 +7,7 @@ from
  "video_stream_session"
 where
  "id" = $1
+  and "expiresAt" > $2

 -- VideoStreamRepository.getVariant
 select
@@ -27,11 +28,13 @@ where

 -- VideoStreamRepository.getExpiredSessions
 select
-  "id"
+  "video_stream_session"."id",
+  "asset"."ownerId"
 from
  "video_stream_session"
+  inner join "asset" on "asset"."id" = "video_stream_session"."assetId"
 where
-  "expiresAt" <= $1
+  "video_stream_session"."expiresAt" <= $1

 -- VideoStreamRepository.extendSession
 update "video_stream_session"
@@ -44,3 +47,253 @@ where
 delete from "video_stream_session"
 where
  "id" = $1
+
+-- VideoStreamRepository.getForMainPlaylist
+select
+  (
+    select
+      to_json(obj)
+    from
+      (
+        select
+          "asset_video"."index",
+          "asset_video"."codecName",
+          "asset_video"."profile",
+          "asset_video"."level",
+          "asset_video"."bitrate",
+          "asset_exif"."exifImageWidth" as "width",
+          "asset_exif"."exifImageHeight" as "height",
+          "asset_video"."pixelFormat",
+          "asset_video"."frameCount",
+          "asset_exif"."fps" as "frameRate",
+          "asset_video"."timeBase",
+          case
+            when "asset_exif"."orientation" = '6' then -90
+            when "asset_exif"."orientation" = '8' then 90
+            when "asset_exif"."orientation" = '3' then 180
+            else 0
+          end as "rotation",
+          "asset_video"."colorPrimaries",
+          "asset_video"."colorMatrix",
+          "asset_video"."colorTransfer",
+          "asset_video"."dvProfile",
+          "asset_video"."dvLevel",
+          "asset_video"."dvBlSignalCompatibilityId"
+        from
+          (
+            select
+              1
+          ) as "dummy"
+        where
+          "asset_video"."assetId" is not null
+      ) as obj
+  ) as "videoStream",
+  (
+    select
+      to_json(obj)
+    from
+      (
+        select
+          "asset_keyframe"."pts" as "keyframePts",
+          "asset_keyframe"."accDuration" as "keyframeAccDuration",
+          "asset_keyframe"."ownDuration" as "keyframeOwnDuration",
+          "asset_keyframe"."totalDuration",
+          "asset_keyframe"."packetCount",
+          "asset_keyframe"."outputFrames"
+        from
+          (
+            select
+              1
+          ) as "dummy"
+        where
+          "asset_keyframe"."assetId" is not null
+      ) as obj
+  ) as "packets"
+from
+  "asset"
+  inner join "asset_exif" on "asset"."id" = "asset_exif"."assetId"
+  inner join "asset_video" on "asset"."id" = "asset_video"."assetId"
+  inner join "asset_keyframe" on "asset"."id" = "asset_keyframe"."assetId"
+where
+  "asset"."id" = $1
+
+-- VideoStreamRepository.getForMediaPlaylist
+select
+  (
+    select
+      to_json(obj)
+    from
+      (
+        select
+          "asset_video"."index",
+          "asset_video"."codecName",
+          "asset_video"."profile",
+          "asset_video"."level",
+          "asset_video"."bitrate",
+          "asset_exif"."exifImageWidth" as "width",
+          "asset_exif"."exifImageHeight" as "height",
+          "asset_video"."pixelFormat",
+          "asset_video"."frameCount",
+          "asset_exif"."fps" as "frameRate",
+          "asset_video"."timeBase",
+          case
+            when "asset_exif"."orientation" = '6' then -90
+            when "asset_exif"."orientation" = '8' then 90
+            when "asset_exif"."orientation" = '3' then 180
+            else 0
+          end as "rotation",
+          "asset_video"."colorPrimaries",
+          "asset_video"."colorMatrix",
+          "asset_video"."colorTransfer",
+          "asset_video"."dvProfile",
+          "asset_video"."dvLevel",
+          "asset_video"."dvBlSignalCompatibilityId"
+        from
+          (
+            select
+              1
+          ) as "dummy"
+        where
+          "asset_video"."assetId" is not null
+      ) as obj
+  ) as "videoStream",
+  (
+    select
+      to_json(obj)
+    from
+      (
+        select
+          "asset_keyframe"."pts" as "keyframePts",
+          "asset_keyframe"."accDuration" as "keyframeAccDuration",
+          "asset_keyframe"."ownDuration" as "keyframeOwnDuration",
+          "asset_keyframe"."totalDuration",
+          "asset_keyframe"."packetCount",
+          "asset_keyframe"."outputFrames"
+        from
+          (
+            select
+              1
+          ) as "dummy"
+        where
+          "asset_keyframe"."assetId" is not null
+      ) as obj
+  ) as "packets"
+from
+  "asset"
+  inner join "asset_exif" on "asset"."id" = "asset_exif"."assetId"
+  inner join "video_stream_session" on "asset"."id" = "video_stream_session"."assetId"
+  inner join "asset_video" on "asset"."id" = "asset_video"."assetId"
+  inner join "asset_keyframe" on "asset"."id" = "asset_keyframe"."assetId"
+where
+  "asset"."id" = $1
+  and "video_stream_session"."id" = $2
+  and "video_stream_session"."expiresAt" > $3
+
+-- VideoStreamRepository.getForTranscoding
+select
+  "asset"."originalPath",
+  (
+    select
+      to_json(obj)
+    from
+      (
+        select
+          "asset_audio"."index",
+          "asset_audio"."codecName",
+          "asset_audio"."profile",
+          "asset_audio"."bitrate"
+        from
+          (
+            select
+              1
+          ) as "dummy"
+        where
+          "asset_audio"."assetId" is not null
+      ) as obj
+  ) as "audioStream",
+  (
+    select
+      to_json(obj)
+    from
+      (
+        select
+          "asset_video"."index",
+          "asset_video"."codecName",
+          "asset_video"."profile",
+          "asset_video"."level",
+          "asset_video"."bitrate",
+          "asset_exif"."exifImageWidth" as "width",
+          "asset_exif"."exifImageHeight" as "height",
+          "asset_video"."pixelFormat",
+          "asset_video"."frameCount",
+          "asset_exif"."fps" as "frameRate",
+          "asset_video"."timeBase",
+          case
+            when "asset_exif"."orientation" = '6' then -90
+            when "asset_exif"."orientation" = '8' then 90
+            when "asset_exif"."orientation" = '3' then 180
+            else 0
+          end as "rotation",
+          "asset_video"."colorPrimaries",
+          "asset_video"."colorMatrix",
+          "asset_video"."colorTransfer",
+          "asset_video"."dvProfile",
+          "asset_video"."dvLevel",
+          "asset_video"."dvBlSignalCompatibilityId"
+        from
+          (
+            select
+              1
+          ) as "dummy"
+        where
+          "asset_video"."assetId" is not null
+      ) as obj
+  ) as "videoStream",
+  (
+    select
+      to_json(obj)
+    from
+      (
+        select
+          "asset_video"."formatName",
+          "asset_video"."formatLongName",
+          "asset"."duration",
+          "asset_video"."bitrate"
+        from
+          (
+            select
+              1
+          ) as "dummy"
+        where
+          "asset_video"."assetId" is not null
+      ) as obj
+  ) as "format",
+  (
+    select
+      to_json(obj)
+    from
+      (
+        select
+          "asset_keyframe"."pts" as "keyframePts",
+          "asset_keyframe"."accDuration" as "keyframeAccDuration",
+          "asset_keyframe"."ownDuration" as "keyframeOwnDuration",
+          "asset_keyframe"."totalDuration",
+          "asset_keyframe"."packetCount",
+          "asset_keyframe"."outputFrames"
+        from
+          (
+            select
+              1
+          ) as "dummy"
+        where
+          "asset_keyframe"."assetId" is not null
+      ) as obj
+  ) as "packets"
+from
+  "asset"
+  inner join "asset_exif" on "asset"."id" = "asset_exif"."assetId"
+  left join "asset_audio" on "asset"."id" = "asset_audio"."assetId"
+  inner join "asset_video" on "asset"."id" = "asset_video"."assetId"
+  inner join "asset_keyframe" on "asset"."id" = "asset_keyframe"."assetId"
+where
+  "asset"."id" = $1
@@ -92,6 +92,14 @@ type EventMap = {

  AuthChangePassword: [{ userId: string; currentSessionId?: string; invalidateSessions?: boolean }];

+  // hls streaming events
+  HlsSegmentRequest: [{ sessionId: string; assetId: string; variantIndex: number; segmentIndex: number }];
+  HlsSegmentResult: [{ sessionId: string; variantIndex: number; segmentIndex: number; error?: string }];
+  HlsHeartbeat: [{ sessionId: string; variantIndex?: number; segmentIndex?: number }];
+  HlsSessionRequest: [{ sessionId: string; assetId: string; ownerId: string }];
+  HlsSessionResult: [{ sessionId: string; error?: string }];
+  HlsSessionEnd: [{ sessionId: string }];
+
  // websocket events
  WebsocketConnect: [{ userId: string }];
 };
@@ -490,18 +490,43 @@ export class MediaRepository {
    return this.parseInt(b.bit_rate) - this.parseInt(a.bit_rate);
  }

+  /* Ported from https://code.ffmpeg.org/FFmpeg/FFmpeg/src/commit/5c44245878e235ae64fe87fb9877644856d33d1d/fftools/ffmpeg_filter.c
+   * SPDX-License-Identifier: LGPL-2.1-or-later
+   * Copyright (c) FFmpeg authors and contributors — https://ffmpeg.org/
+   * Modifications: TS port operating on probe-derived packet metadata rather than decoded AVFrames. */
  private cfrOutputFrames(packets: { pts: number; duration: number }[], slotsPerTick: number) {
-    // Packets may be out of PTS order due to B-frames
    packets.sort((a, b) => a.pts - b.pts);
    const firstPts = packets[0].pts;
    let outputFrames = 0;
    let nextPts = 0;
+    const history = [0, 0, 0];
    for (const pkt of packets) {
-      const delta = (pkt.pts - firstPts) * slotsPerTick - nextPts + pkt.duration * slotsPerTick;
-      const nb = delta < -1.1 ? 0 : delta > 1.1 ? Math.round(delta) : 1;
+      const syncIpts = (pkt.pts - firstPts) * slotsPerTick;
+      const duration = pkt.duration * slotsPerTick;
+      let delta0 = syncIpts - nextPts;
+      const delta = delta0 + duration;
+
+      if (delta0 < 0 && delta > 0) {
+        delta0 = 0;
+      }
+
+      let nb = 1;
+      let nbPrev = 0;
+      if (delta < -1.1) {
+        nb = 0;
+      } else if (delta > 1.1) {
+        nb = Math.round(delta);
+        if (delta0 > 1.1) {
+          nbPrev = Math.round(delta0 - 0.6);
+        }
+      }
      outputFrames += nb;
      nextPts += nb;
+      history[2] = history[1];
+      history[1] = history[0];
+      history[0] = nbPrev;
    }
-    return outputFrames;
+    const median = history.sort((a, b) => a - b)[1];
+    return outputFrames + median;
  }
 }
@@ -4,7 +4,7 @@ import { jsonObjectFrom } from 'kysely/helpers/postgres';
 import { InjectKysely } from 'nestjs-kysely';
 import { AssetFace } from 'src/database';
 import { Chunked, ChunkedArray, DummyValue, GenerateSql } from 'src/decorators';
-import { AssetFileType, AssetVisibility, SourceType } from 'src/enum';
+import { AssetFileType, AssetVisibility, SourceType, UserMetadataKey } from 'src/enum';
 import { DB } from 'src/schema';
 import { AssetFaceTable } from 'src/schema/tables/asset-face.table';
 import { FaceSearchTable } from 'src/schema/tables/face-search.table';
@@ -13,7 +13,6 @@ import { dummy, removeUndefinedKeys, withFilePath } from 'src/utils/database';
 import { paginationHelper, PaginationOptions } from 'src/utils/pagination';

 export interface PersonSearchOptions {
-  minimumFaceCount: number;
  withHidden: boolean;
  closestFaceAssetId?: string;
 }
@@ -168,7 +167,17 @@ export class PersonRepository {
      .having((eb) =>
        eb.or([
          eb('person.name', '!=', ''),
-          eb((innerEb) => innerEb.fn.count('asset_face.assetId'), '>=', options?.minimumFaceCount || 1),
+          eb(
+            (innerEb) => innerEb.fn.count('asset_face.assetId'),
+            '>=',
+            sql<number>`COALESCE(
+              (SELECT value -> 'people' ->> 'minimumFaces'
+              FROM user_metadata
+              WHERE "userId" = ${userId}
+                AND key = ${sql.lit(UserMetadataKey.Preferences)}),
+              '3'
+            )::int `,
+          ),
        ]),
      )
      .groupBy('person.id')
@@ -1,12 +1,10 @@
 import { Injectable } from '@nestjs/common';
-import { ChildProcessWithoutNullStreams, fork, spawn, SpawnOptionsWithoutStdio } from 'node:child_process';
+import { fork, spawn, SpawnOptionsWithoutStdio } from 'node:child_process';
 import { Duplex } from 'node:stream';

@Injectable()
 export class ProcessRepository {
-  spawn(command: string, args?: readonly string[], options?: SpawnOptionsWithoutStdio): ChildProcessWithoutNullStreams {
-    return spawn(command, args, options);
-  }
+  spawn = spawn;

  spawnDuplexStream(command: string, args?: readonly string[], options?: SpawnOptionsWithoutStdio): Duplex {
    let stdinClosed = false;
@@ -4,6 +4,7 @@ import { exec as execCallback } from 'node:child_process';
 import { readFile } from 'node:fs/promises';
 import { promisify } from 'node:util';
 import sharp from 'sharp';
+import { ReleaseChannel } from 'src/dtos/system-config.dto';
 import { ConfigRepository } from 'src/repositories/config.repository';
 import { LoggingRepository } from 'src/repositories/logging.repository';

@@ -64,10 +65,12 @@ export class ServerInfoRepository {
    this.logger.setContext(ServerInfoRepository.name);
  }

-  async getLatestRelease(): Promise<VersionResponse> {
+  async getLatestRelease(channel: ReleaseChannel): Promise<VersionResponse> {
    try {
      const { versionCheck } = this.configRepository.getEnv();
-      const response = await fetch(versionCheck.url);
+      const url = new URL(versionCheck.url);
+      url.searchParams.append('channel', channel);
+      const response = await fetch(url);

      if (!response.ok) {
        throw new Error(`Version check request failed with status ${response.status}: ${await response.text()}`);
@@ -10,6 +10,7 @@ import {
  existsSync,
  mkdirSync,
  ReadOptionsWithBuffer,
+  watch,
 } from 'node:fs';
 import fs from 'node:fs/promises';
 import path from 'node:path';
@@ -277,6 +278,8 @@ export class StorageRepository {
    return () => watcher.close();
  }

+  watchDir = watch; // Native fs.watch without chokidar overhead
+
  private asGlob(pathToCrawl: string): string {
    const escapedPath = escapePath(pathToCrawl).replaceAll('"', '["]').replaceAll("'", "[']").replaceAll('`', '[`]');
    const extensions = `*{${mimeTypes.getSupportedFileExtensions().join(',')}}`;
@@ -8,6 +8,7 @@ import {
  VideoStreamSessionTable,
  VideoStreamVariantTable,
 } from 'src/schema/tables/video-stream.table';
+import { withAudioStream, withVideoFormat, withVideoPackets, withVideoStream } from 'src/utils/database';

@Injectable()
 export class VideoStreamRepository {
@@ -27,7 +28,12 @@ export class VideoStreamRepository {

  @GenerateSql({ params: [DummyValue.UUID] })
  getSession(id: string) {
-    return this.db.selectFrom('video_stream_session').selectAll().where('id', '=', id).executeTakeFirst();
+    return this.db
+      .selectFrom('video_stream_session')
+      .selectAll()
+      .where('id', '=', id)
+      .where('expiresAt', '>', new Date())
+      .executeTakeFirst();
  }

  @GenerateSql({ params: [DummyValue.UUID] })
@@ -47,7 +53,12 @@ export class VideoStreamRepository {

  @GenerateSql()
  getExpiredSessions() {
-    return this.db.selectFrom('video_stream_session').select(['id']).where('expiresAt', '<=', new Date()).execute();
+    return this.db
+      .selectFrom('video_stream_session')
+      .innerJoin('asset', 'asset.id', 'video_stream_session.assetId')
+      .select(['video_stream_session.id', 'asset.ownerId'])
+      .where('video_stream_session.expiresAt', '<=', new Date())
+      .execute();
  }

  @GenerateSql({ params: [DummyValue.UUID, DummyValue.DATE] })
@@ -59,4 +70,50 @@ export class VideoStreamRepository {
  async deleteSession(id: string) {
    await this.db.deleteFrom('video_stream_session').where('id', '=', id).execute();
  }
+
+  @GenerateSql({ params: [DummyValue.UUID] })
+  async getForMainPlaylist(id: string) {
+    return this.db
+      .selectFrom('asset')
+      .innerJoin('asset_exif', 'asset.id', 'asset_exif.assetId')
+      .where('asset.id', '=', id)
+      .innerJoin('asset_video', 'asset.id', 'asset_video.assetId')
+      .innerJoin('asset_keyframe', 'asset.id', 'asset_keyframe.assetId')
+      .select((eb) => withVideoStream(eb).$notNull().as('videoStream'))
+      .select((eb) => withVideoPackets(eb).$notNull().as('packets'))
+      .executeTakeFirst();
+  }
+
+  @GenerateSql({ params: [DummyValue.UUID, DummyValue.UUID] })
+  async getForMediaPlaylist(id: string, sessionId: string) {
+    return this.db
+      .selectFrom('asset')
+      .innerJoin('asset_exif', 'asset.id', 'asset_exif.assetId')
+      .innerJoin('video_stream_session', 'asset.id', 'video_stream_session.assetId')
+      .where('asset.id', '=', id)
+      .where('video_stream_session.id', '=', sessionId)
+      .where('video_stream_session.expiresAt', '>', new Date())
+      .innerJoin('asset_video', 'asset.id', 'asset_video.assetId')
+      .innerJoin('asset_keyframe', 'asset.id', 'asset_keyframe.assetId')
+      .select((eb) => withVideoStream(eb).$notNull().as('videoStream'))
+      .select((eb) => withVideoPackets(eb).$notNull().as('packets'))
+      .executeTakeFirst();
+  }
+
+  @GenerateSql({ params: [DummyValue.UUID] })
+  async getForTranscoding(id: string) {
+    return this.db
+      .selectFrom('asset')
+      .innerJoin('asset_exif', 'asset.id', 'asset_exif.assetId')
+      .where('asset.id', '=', id)
+      .leftJoin('asset_audio', 'asset.id', 'asset_audio.assetId')
+      .innerJoin('asset_video', 'asset.id', 'asset_video.assetId')
+      .innerJoin('asset_keyframe', 'asset.id', 'asset_keyframe.assetId')
+      .select('asset.originalPath')
+      .select((eb) => withAudioStream(eb).as('audioStream'))
+      .select((eb) => withVideoStream(eb).$notNull().as('videoStream'))
+      .select((eb) => withVideoFormat(eb).$notNull().as('format'))
+      .select((eb) => withVideoPackets(eb).$notNull().as('packets'))
+      .executeTakeFirst();
+  }
 }
@@ -10,13 +10,22 @@ import { Server, Socket } from 'socket.io';
 import { AssetResponseDto } from 'src/dtos/asset-response.dto';
 import { AuthDto } from 'src/dtos/auth.dto';
 import { NotificationDto } from 'src/dtos/notification.dto';
-import { ReleaseNotification, ServerVersionResponseDto } from 'src/dtos/server.dto';
+import { ReleaseEventV1, ServerVersionResponseDto } from 'src/dtos/server.dto';
 import { SyncAssetEditV1, SyncAssetExifV1, SyncAssetV2 } from 'src/dtos/sync.dto';
 import { AppRestartEvent, ArgsOf, EventRepository } from 'src/repositories/event.repository';
 import { LoggingRepository } from 'src/repositories/logging.repository';
 import { handlePromiseError } from 'src/utils/misc';

-export const serverEvents = ['ConfigUpdate', 'AppRestart'] as const;
+export const serverEvents = [
+  'ConfigUpdate',
+  'AppRestart',
+  'HlsSegmentRequest',
+  'HlsSegmentResult',
+  'HlsHeartbeat',
+  'HlsSessionRequest',
+  'HlsSessionResult',
+  'HlsSessionEnd',
+] as const;
 export type ServerEvents = (typeof serverEvents)[number];

 export interface ClientEventMap {
@@ -31,7 +40,7 @@ export interface ClientEventMap {
  on_person_thumbnail: [string];
  on_server_version: [ServerVersionResponseDto];
  on_config_update: [];
-  on_new_release: [ReleaseNotification];
+  on_new_release: [ReleaseEventV1];
  on_notification: [NotificationDto];
  on_session_delete: [string];

@@ -1,12 +1,5 @@
 import { registerEnum } from '@immich/sql-tools';
-import {
-  AlbumUserRole,
-  AssetStatus,
-  AssetVisibility,
-  ChecksumAlgorithm,
-  SourceType,
-  VideoSegmentCodec,
-} from 'src/enum';
+import { AlbumUserRole, AssetStatus, AssetVisibility, ChecksumAlgorithm, SourceType, VideoCodec } from 'src/enum';

 export const album_user_role_enum = registerEnum({
  name: 'album_user_role_enum',
@@ -35,5 +28,5 @@ export const asset_checksum_algorithm_enum = registerEnum({

 export const video_stream_variant_codec_enum = registerEnum({
  name: 'video_stream_variant_codec_enum',
-  values: Object.values(VideoSegmentCodec),
+  values: [VideoCodec.Av1, VideoCodec.Hevc, VideoCodec.H264],
 });
@@ -0,0 +1,16 @@
+import { Kysely, sql } from 'kysely';
+
+export async function up(db: Kysely<any>): Promise<void> {
+  // Delete unauthorized cross-owner asset faces
+  await sql`
+    DELETE FROM asset_face
+    USING person, asset
+    WHERE asset_face."personId" = person.id
+      AND asset_face."assetId" = asset.id
+      AND person."ownerId" != asset."ownerId"
+  `.execute(db);
+}
+
+export async function down(): Promise<void> {
+  // Not implemented: the deleted rows were unauthorized cross-owner entries
+}
@@ -0,0 +1,327 @@
+import { BadRequestException, NotFoundException } from '@nestjs/common';
+import { TranscodeHardwareAcceleration } from 'src/enum';
+import { HlsService } from 'src/services/hls.service';
+import { eiffelTower, train, waterfall } from 'test/fixtures/media.stub';
+import { factory } from 'test/small.factory';
+import { newTestService, ServiceMocks } from 'test/utils';
+
+// EXTINF values come from FFmpeg's playlist to enforce an exact match
+const eiffelExpectedMediaPlaylist = `#EXTM3U
+#EXT-X-VERSION:7
+#EXT-X-TARGETDURATION:2
+#EXT-X-MEDIA-SEQUENCE:0
+#EXT-X-PLAYLIST-TYPE:VOD
+#EXT-X-MAP:URI="init.mp4"
+#EXTINF:2.007222,
+seg_0.m4s
+#EXTINF:2.007222,
+seg_1.m4s
+#EXTINF:2.007222,
+seg_2.m4s
+#EXTINF:2.007222,
+seg_3.m4s
+#EXTINF:2.007222,
+seg_4.m4s
+#EXTINF:2.007222,
+seg_5.m4s
+#EXTINF:2.007222,
+seg_6.m4s
+#EXTINF:2.007222,
+seg_7.m4s
+#EXTINF:2.007222,
+seg_8.m4s
+#EXTINF:2.007222,
+seg_9.m4s
+#EXTINF:2.007222,
+seg_10.m4s
+#EXTINF:0.281011,
+seg_11.m4s
+#EXT-X-ENDLIST
+`;
+
+const waterfallExpectedMediaPlaylist = `#EXTM3U
+#EXT-X-VERSION:7
+#EXT-X-TARGETDURATION:2
+#EXT-X-MEDIA-SEQUENCE:0
+#EXT-X-PLAYLIST-TYPE:VOD
+#EXT-X-MAP:URI="init.mp4"
+#EXTINF:2.011405,
+seg_0.m4s
+#EXTINF:2.011405,
+seg_1.m4s
+#EXTINF:2.011405,
+seg_2.m4s
+#EXTINF:2.011405,
+seg_3.m4s
+#EXTINF:2.011405,
+seg_4.m4s
+#EXTINF:0.301711,
+seg_5.m4s
+#EXT-X-ENDLIST
+`;
+
+const trainExpectedMediaPlaylist = `#EXTM3U
+#EXT-X-VERSION:7
+#EXT-X-TARGETDURATION:2
+#EXT-X-MEDIA-SEQUENCE:0
+#EXT-X-PLAYLIST-TYPE:VOD
+#EXT-X-MAP:URI="init.mp4"
+#EXTINF:2.000000,
+seg_0.m4s
+#EXTINF:2.000000,
+seg_1.m4s
+#EXTINF:2.000000,
+seg_2.m4s
+#EXTINF:2.000000,
+seg_3.m4s
+#EXTINF:2.000000,
+seg_4.m4s
+#EXTINF:2.000000,
+seg_5.m4s
+#EXTINF:2.000000,
+seg_6.m4s
+#EXTINF:2.000000,
+seg_7.m4s
+#EXTINF:2.000000,
+seg_8.m4s
+#EXTINF:2.000000,
+seg_9.m4s
+#EXTINF:1.733333,
+seg_10.m4s
+#EXT-X-ENDLIST
+`;
+
+const sessionId = '00000000-0000-0000-0000-000000000000';
+
+const eiffelExpectedMasterDisabled = `#EXTM3U
+#EXT-X-VERSION:7
+#EXT-X-STREAM-INF:BANDWIDTH=1000000,RESOLUTION=480x852,CODECS="av01.0.04M.08,mp4a.40.2",VIDEO-RANGE=SDR,FRAME-RATE=24.910
+${sessionId}/0/playlist.m3u8
+#EXT-X-STREAM-INF:BANDWIDTH=1200000,RESOLUTION=480x852,CODECS="hvc1.1.6.L90.B0,mp4a.40.2",VIDEO-RANGE=SDR,FRAME-RATE=24.910
+${sessionId}/1/playlist.m3u8
+#EXT-X-STREAM-INF:BANDWIDTH=2500000,RESOLUTION=480x852,CODECS="avc1.64001e,mp4a.40.2",VIDEO-RANGE=SDR,FRAME-RATE=24.910
+${sessionId}/2/playlist.m3u8
+#EXT-X-STREAM-INF:BANDWIDTH=2000000,RESOLUTION=720x1280,CODECS="av01.0.08M.08,mp4a.40.2",VIDEO-RANGE=SDR,FRAME-RATE=24.910
+${sessionId}/3/playlist.m3u8
+#EXT-X-STREAM-INF:BANDWIDTH=2500000,RESOLUTION=720x1280,CODECS="hvc1.1.6.L93.B0,mp4a.40.2",VIDEO-RANGE=SDR,FRAME-RATE=24.910
+${sessionId}/4/playlist.m3u8
+#EXT-X-STREAM-INF:BANDWIDTH=5000000,RESOLUTION=720x1280,CODECS="avc1.64001f,mp4a.40.2",VIDEO-RANGE=SDR,FRAME-RATE=24.910
+${sessionId}/5/playlist.m3u8
+#EXT-X-STREAM-INF:BANDWIDTH=4000000,RESOLUTION=1080x1920,CODECS="av01.0.09M.08,mp4a.40.2",VIDEO-RANGE=SDR,FRAME-RATE=24.910
+${sessionId}/6/playlist.m3u8
+#EXT-X-STREAM-INF:BANDWIDTH=4500000,RESOLUTION=1080x1920,CODECS="hvc1.1.6.L120.B0,mp4a.40.2",VIDEO-RANGE=SDR,FRAME-RATE=24.910
+${sessionId}/7/playlist.m3u8
+#EXT-X-STREAM-INF:BANDWIDTH=8000000,RESOLUTION=1080x1920,CODECS="avc1.640028,mp4a.40.2",VIDEO-RANGE=SDR,FRAME-RATE=24.910
+${sessionId}/8/playlist.m3u8
+`;
+
+const eiffelExpectedMasterRkmpp = `#EXTM3U
+#EXT-X-VERSION:7
+#EXT-X-STREAM-INF:BANDWIDTH=1200000,RESOLUTION=480x852,CODECS="hvc1.1.6.L90.B0,mp4a.40.2",VIDEO-RANGE=SDR,FRAME-RATE=24.910
+${sessionId}/1/playlist.m3u8
+#EXT-X-STREAM-INF:BANDWIDTH=2500000,RESOLUTION=480x852,CODECS="avc1.64001e,mp4a.40.2",VIDEO-RANGE=SDR,FRAME-RATE=24.910
+${sessionId}/2/playlist.m3u8
+#EXT-X-STREAM-INF:BANDWIDTH=2500000,RESOLUTION=720x1280,CODECS="hvc1.1.6.L93.B0,mp4a.40.2",VIDEO-RANGE=SDR,FRAME-RATE=24.910
+${sessionId}/4/playlist.m3u8
+#EXT-X-STREAM-INF:BANDWIDTH=5000000,RESOLUTION=720x1280,CODECS="avc1.64001f,mp4a.40.2",VIDEO-RANGE=SDR,FRAME-RATE=24.910
+${sessionId}/5/playlist.m3u8
+#EXT-X-STREAM-INF:BANDWIDTH=4500000,RESOLUTION=1080x1920,CODECS="hvc1.1.6.L120.B0,mp4a.40.2",VIDEO-RANGE=SDR,FRAME-RATE=24.910
+${sessionId}/7/playlist.m3u8
+#EXT-X-STREAM-INF:BANDWIDTH=8000000,RESOLUTION=1080x1920,CODECS="avc1.640028,mp4a.40.2",VIDEO-RANGE=SDR,FRAME-RATE=24.910
+${sessionId}/8/playlist.m3u8
+`;
+
+const waterfallExpectedMasterDisabled = `#EXTM3U
+#EXT-X-VERSION:7
+#EXT-X-STREAM-INF:BANDWIDTH=1000000,RESOLUTION=480x852,CODECS="av01.0.04M.08,mp4a.40.2",VIDEO-RANGE=SDR,FRAME-RATE=29.830
+${sessionId}/0/playlist.m3u8
+#EXT-X-STREAM-INF:BANDWIDTH=1200000,RESOLUTION=480x852,CODECS="hvc1.1.6.L90.B0,mp4a.40.2",VIDEO-RANGE=SDR,FRAME-RATE=29.830
+${sessionId}/1/playlist.m3u8
+#EXT-X-STREAM-INF:BANDWIDTH=2500000,RESOLUTION=480x852,CODECS="avc1.64001e,mp4a.40.2",VIDEO-RANGE=SDR,FRAME-RATE=29.830
+${sessionId}/2/playlist.m3u8
+#EXT-X-STREAM-INF:BANDWIDTH=2000000,RESOLUTION=720x1280,CODECS="av01.0.08M.08,mp4a.40.2",VIDEO-RANGE=SDR,FRAME-RATE=29.830
+${sessionId}/3/playlist.m3u8
+#EXT-X-STREAM-INF:BANDWIDTH=2500000,RESOLUTION=720x1280,CODECS="hvc1.1.6.L93.B0,mp4a.40.2",VIDEO-RANGE=SDR,FRAME-RATE=29.830
+${sessionId}/4/playlist.m3u8
+#EXT-X-STREAM-INF:BANDWIDTH=5000000,RESOLUTION=720x1280,CODECS="avc1.64001f,mp4a.40.2",VIDEO-RANGE=SDR,FRAME-RATE=29.830
+${sessionId}/5/playlist.m3u8
+#EXT-X-STREAM-INF:BANDWIDTH=4000000,RESOLUTION=1080x1920,CODECS="av01.0.09M.08,mp4a.40.2",VIDEO-RANGE=SDR,FRAME-RATE=29.830
+${sessionId}/6/playlist.m3u8
+#EXT-X-STREAM-INF:BANDWIDTH=4500000,RESOLUTION=1080x1920,CODECS="hvc1.1.6.L120.B0,mp4a.40.2",VIDEO-RANGE=SDR,FRAME-RATE=29.830
+${sessionId}/7/playlist.m3u8
+#EXT-X-STREAM-INF:BANDWIDTH=8000000,RESOLUTION=1080x1920,CODECS="avc1.640028,mp4a.40.2",VIDEO-RANGE=SDR,FRAME-RATE=29.830
+${sessionId}/8/playlist.m3u8
+`;
+
+describe(HlsService.name, () => {
+  let sut: HlsService;
+  let mocks: ServiceMocks;
+
+  beforeEach(() => {
+    ({ sut, mocks } = newTestService(HlsService));
+  });
+
+  describe('getMainPlaylist', () => {
+    const auth = factory.auth();
+    const assetId = 'asset-1';
+
+    const setup = (asset: typeof eiffelTower | typeof waterfall, accel: TranscodeHardwareAcceleration) => {
+      mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set([assetId]));
+      mocks.systemMetadata.get.mockResolvedValue({ ffmpeg: { realtime: { enabled: true }, accel } });
+      mocks.videoStream.getForMainPlaylist.mockResolvedValue(asset);
+      mocks.crypto.randomUUID.mockReturnValue(sessionId);
+      mocks.websocket.serverSend.mockImplementation((event, ...rest) => {
+        if (event === 'HlsSessionRequest') {
+          const { sessionId: id } = rest[0] as { sessionId: string };
+          queueMicrotask(() => sut.onSessionResult({ sessionId: id }));
+        }
+      });
+    };
+
+    it('returns main playlist for eiffel-tower (1080p portrait, no acceleration)', async () => {
+      setup(eiffelTower, TranscodeHardwareAcceleration.Disabled);
+      await expect(sut.getMainPlaylist(auth, assetId)).resolves.toBe(eiffelExpectedMasterDisabled);
+    });
+
+    it('returns main playlist for eiffel-tower with RKMPP (no AV1 variants)', async () => {
+      setup(eiffelTower, TranscodeHardwareAcceleration.Rkmpp);
+      await expect(sut.getMainPlaylist(auth, assetId)).resolves.toBe(eiffelExpectedMasterRkmpp);
+    });
+
+    it('returns main playlist for waterfall (4K landscape) with no acceleration', async () => {
+      setup(waterfall, TranscodeHardwareAcceleration.Disabled);
+      await expect(sut.getMainPlaylist(auth, assetId)).resolves.toBe(waterfallExpectedMasterDisabled);
+    });
+
+    it('throws BadRequestException when realtime transcoding is disabled', async () => {
+      mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set([assetId]));
+      mocks.systemMetadata.get.mockResolvedValue({ ffmpeg: { realtime: { enabled: false } } });
+      await expect(sut.getMainPlaylist(auth, assetId)).rejects.toBeInstanceOf(BadRequestException);
+    });
+
+    it('throws NotFoundException when asset is not yet ready for streaming', async () => {
+      mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set([assetId]));
+      mocks.systemMetadata.get.mockResolvedValue({ ffmpeg: { realtime: { enabled: true } } });
+      await expect(sut.getMainPlaylist(auth, assetId)).rejects.toBeInstanceOf(NotFoundException);
+    });
+  });
+
+  describe('getMediaPlaylist', () => {
+    const auth = factory.auth();
+    const assetId = 'asset-1';
+    const fixtures = [
+      { data: eiffelTower, playlist: eiffelExpectedMediaPlaylist },
+      { data: waterfall, playlist: waterfallExpectedMediaPlaylist },
+      { data: train, playlist: trainExpectedMediaPlaylist },
+    ];
+
+    it.each(fixtures)('matches FFmpeg for $data.originalPath', async ({ data, playlist }) => {
+      mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set([assetId]));
+      mocks.videoStream.getForMediaPlaylist.mockResolvedValue(data);
+      await expect(sut.getMediaPlaylist(auth, assetId, sessionId)).resolves.toBe(playlist);
+    });
+
+    it('throws NotFoundException when the session/asset cannot be loaded', async () => {
+      mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set([assetId]));
+      await expect(sut.getMediaPlaylist(auth, assetId, sessionId)).rejects.toBeInstanceOf(NotFoundException);
+    });
+  });
+
+  describe('getSegment', () => {
+    const auth = factory.auth();
+    const assetId = 'asset-1';
+    const variantIndex = 0;
+
+    beforeEach(() => {
+      mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set([assetId]));
+      mocks.videoStream.getSession.mockResolvedValue({ id: sessionId, assetId } as never);
+      mocks.storage.checkFileExists.mockResolvedValue(true);
+    });
+
+    it('emits HlsHeartbeat with segmentIndex 0 for the first init.mp4 request', async () => {
+      await sut.getSegment(auth, assetId, sessionId, variantIndex, 'init.mp4');
+      expect(mocks.websocket.serverSend).toHaveBeenCalledWith('HlsHeartbeat', {
+        sessionId,
+        variantIndex,
+        segmentIndex: 0,
+      });
+    });
+
+    it('emits HlsHeartbeat with the parsed segment number for seg_K.m4s', async () => {
+      await sut.getSegment(auth, assetId, sessionId, variantIndex, 'seg_5.m4s');
+      expect(mocks.websocket.serverSend).toHaveBeenCalledWith('HlsHeartbeat', {
+        sessionId,
+        variantIndex,
+        segmentIndex: 5,
+      });
+    });
+
+    it('returns lastRequested + 1 for init.mp4 after a segment has been served', async () => {
+      await sut.getSegment(auth, assetId, sessionId, variantIndex, 'seg_5.m4s');
+      mocks.websocket.serverSend.mockClear();
+      await sut.getSegment(auth, assetId, sessionId, variantIndex, 'init.mp4');
+      expect(mocks.websocket.serverSend).toHaveBeenCalledWith('HlsHeartbeat', {
+        sessionId,
+        variantIndex,
+        segmentIndex: 6,
+      });
+    });
+
+    it('updates lastRequested on a backward-seek segment request', async () => {
+      await sut.getSegment(auth, assetId, sessionId, variantIndex, 'seg_5.m4s');
+      await sut.getSegment(auth, assetId, sessionId, variantIndex, 'seg_3.m4s');
+      mocks.websocket.serverSend.mockClear();
+      await sut.getSegment(auth, assetId, sessionId, variantIndex, 'init.mp4');
+      expect(mocks.websocket.serverSend).toHaveBeenCalledWith('HlsHeartbeat', {
+        sessionId,
+        variantIndex,
+        segmentIndex: 4,
+      });
+    });
+
+    it('tracks segment state per session independently', async () => {
+      await sut.getSegment(auth, assetId, 'session-a', variantIndex, 'seg_5.m4s');
+      await sut.getSegment(auth, assetId, 'session-b', variantIndex, 'seg_2.m4s');
+      mocks.websocket.serverSend.mockClear();
+      await sut.getSegment(auth, assetId, 'session-a', variantIndex, 'init.mp4');
+      await sut.getSegment(auth, assetId, 'session-b', variantIndex, 'init.mp4');
+      expect(mocks.websocket.serverSend).toHaveBeenCalledWith('HlsHeartbeat', {
+        sessionId: 'session-a',
+        variantIndex,
+        segmentIndex: 6,
+      });
+      expect(mocks.websocket.serverSend).toHaveBeenCalledWith('HlsHeartbeat', {
+        sessionId: 'session-b',
+        variantIndex,
+        segmentIndex: 3,
+      });
+    });
+
+    it('rejects pending waiters for the previous variant on variant change', async () => {
+      mocks.storage.checkFileExists.mockResolvedValueOnce(false);
+
+      const pending = sut.getSegment(auth, assetId, sessionId, 0, 'seg_1.m4s');
+      await new Promise((resolve) => setImmediate(resolve));
+      await sut.getSegment(auth, assetId, sessionId, 1, 'seg_1.m4s');
+
+      await expect(pending).rejects.toThrow('Variant changed');
+    });
+
+    it('throws NotFoundException when the session does not exist', async () => {
+      mocks.videoStream.getSession.mockReset();
+      await expect(sut.getSegment(auth, assetId, sessionId, variantIndex, 'init.mp4')).rejects.toBeInstanceOf(
+        NotFoundException,
+      );
+    });
+  });
+
+  describe('endSession', () => {
+    it('emits HlsSessionEnd', async () => {
+      const auth = factory.auth();
+      const assetId = 'asset-1';
+      mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set([assetId]));
+      await sut.endSession(auth, assetId, sessionId);
+      expect(mocks.websocket.serverSend).toHaveBeenCalledWith('HlsSessionEnd', { sessionId });
+    });
+  });
+});
@@ -0,0 +1,198 @@
+import { BadRequestException, Injectable, NotFoundException } from '@nestjs/common';
+import { constants } from 'node:fs';
+import { join } from 'node:path';
+import {
+  HLS_SEGMENT_DURATION,
+  HLS_SEGMENT_FILENAME_REGEX,
+  HLS_VARIANTS,
+  HLS_VERSION,
+  SUPPORTED_HWA_CODECS,
+} from 'src/constants';
+import { StorageCore } from 'src/cores/storage.core';
+import { OnEvent } from 'src/decorators';
+import { AuthDto } from 'src/dtos/auth.dto';
+import { SystemConfigFFmpegDto } from 'src/dtos/system-config.dto';
+import { CacheControl, ImmichWorker, Permission } from 'src/enum';
+import { ArgOf } from 'src/repositories/event.repository';
+import { BaseService } from 'src/services/base.service';
+import { VideoPacketInfo, VideoStreamInfo } from 'src/types';
+import { PendingEvents } from 'src/utils/event';
+import { ImmichFileResponse } from 'src/utils/file';
+import { getOutputSize } from 'src/utils/media';
+
+type AssetWithStreamInfo = { videoStream: VideoStreamInfo & { timeBase: number }; packets: VideoPacketInfo };
+type ApiSession = { lastRequestedSegment: number | null; lastVariantIndex: number | null };
+
+@Injectable()
+export class HlsService extends BaseService {
+  private pendingSegments = new PendingEvents<'HlsSegmentResult'>({ timeoutMs: 15_000 });
+  private pendingSessions = new PendingEvents<'HlsSessionResult'>({ timeoutMs: 5000 });
+  private sessions = new Map<string, ApiSession>();
+
+  @OnEvent({ name: 'HlsSessionResult', server: true, workers: [ImmichWorker.Api] })
+  onSessionResult(event: ArgOf<'HlsSessionResult'>) {
+    this.pendingSessions.complete(event.sessionId, event);
+    if (event.error) {
+      this.sessions.delete(event.sessionId);
+      this.pendingSegments.rejectByPrefix(`${event.sessionId}:`, event.error);
+    }
+  }
+
+  @OnEvent({ name: 'HlsSessionEnd', server: true, workers: [ImmichWorker.Api] })
+  onSessionEnd({ sessionId }: ArgOf<'HlsSessionEnd'>) {
+    this.sessions.delete(sessionId);
+    this.pendingSegments.rejectByPrefix(`${sessionId}:`, 'Session ended');
+  }
+
+  @OnEvent({ name: 'HlsSegmentResult', server: true, workers: [ImmichWorker.Api] })
+  onSegmentResult(event: ArgOf<'HlsSegmentResult'>) {
+    this.pendingSegments.complete(this.getSegmentKey(event), event);
+  }
+
+  async getMainPlaylist(auth: AuthDto, assetId: string) {
+    await this.requireAccess({ auth, permission: Permission.AssetView, ids: [assetId] });
+    const { ffmpeg } = await this.getConfig({ withCache: true });
+    if (!ffmpeg.realtime.enabled) {
+      throw new BadRequestException('Real-time transcoding is not enabled');
+    }
+
+    const asset = await this.videoStreamRepository.getForMainPlaylist(assetId);
+    if (!asset) {
+      throw new NotFoundException('Asset is not yet ready for streaming');
+    }
+
+    // Sharing the sessionId allows only one microservices worker to successfully insert to the session table.
+    // The microservices worker that creates a session owns the transcoding lifecycle for it.
+    const sessionId = this.cryptoRepository.randomUUID();
+    this.websocketRepository.serverSend('HlsSessionRequest', { sessionId, assetId, ownerId: auth.user.id });
+    await this.pendingSessions.wait(sessionId);
+    this.trackSession(sessionId);
+
+    return this.generateMainPlaylist(sessionId, ffmpeg, asset);
+  }
+
+  async getMediaPlaylist(auth: AuthDto, assetId: string, sessionId: string) {
+    await this.requireAccess({ auth, permission: Permission.AssetView, ids: [assetId] });
+
+    const asset = await this.videoStreamRepository.getForMediaPlaylist(assetId, sessionId);
+    if (!asset) {
+      throw new NotFoundException('Asset not found or not yet ready for streaming');
+    }
+
+    return this.generateMediaPlaylist(asset);
+  }
+
+  async getSegment(auth: AuthDto, assetId: string, sessionId: string, variantIndex: number, filename: string) {
+    await this.requireAccess({ auth, permission: Permission.AssetView, ids: [assetId] });
+
+    const session = await this.videoStreamRepository.getSession(sessionId);
+    if (!session) {
+      throw new NotFoundException('Session not found');
+    }
+
+    const variantDir = StorageCore.getHlsVariantFolder({ ownerId: auth.user.id, sessionId, variantIndex });
+    const path = join(variantDir, filename);
+    const response = new ImmichFileResponse({
+      path,
+      contentType: 'video/mp4',
+      cacheControl: CacheControl.PrivateWithCache,
+    });
+
+    const apiSession = this.trackSession(sessionId, variantIndex);
+    const segmentIndex = this.getSegmentIndex(apiSession, filename);
+    this.websocketRepository.serverSend('HlsHeartbeat', { sessionId, variantIndex, segmentIndex });
+
+    if (await this.storageRepository.checkFileExists(path, constants.R_OK)) {
+      return response;
+    }
+
+    this.websocketRepository.serverSend('HlsSegmentRequest', { sessionId, assetId, variantIndex, segmentIndex });
+    await this.pendingSegments.wait(this.getSegmentKey({ sessionId, variantIndex, segmentIndex }));
+
+    return response;
+  }
+
+  async endSession(auth: AuthDto, assetId: string, sessionId: string): Promise<void> {
+    await this.requireAccess({ auth, permission: Permission.AssetView, ids: [assetId] });
+
+    this.websocketRepository.serverSend('HlsSessionEnd', { sessionId });
+  }
+
+  private generateMainPlaylist(sessionId: string, ffmpeg: SystemConfigFFmpegDto, asset: AssetWithStreamInfo) {
+    const fps = ((asset.packets.packetCount * asset.videoStream.timeBase) / asset.packets.totalDuration).toFixed(3);
+    const sourceResolution = Math.min(asset.videoStream.height, asset.videoStream.width);
+    const targetResolution = Math.max(sourceResolution, HLS_VARIANTS[0].resolution);
+    const lines = ['#EXTM3U', `#EXT-X-VERSION:${HLS_VERSION}`];
+    for (let i = 0; i < HLS_VARIANTS.length; i++) {
+      const { resolution, bitrate, codec, codecString } = HLS_VARIANTS[i];
+      if (resolution > targetResolution || !SUPPORTED_HWA_CODECS[ffmpeg.accel].includes(codec)) {
+        continue;
+      }
+      const { width, height } = getOutputSize(asset.videoStream, resolution);
+      lines.push(
+        `#EXT-X-STREAM-INF:BANDWIDTH=${bitrate},RESOLUTION=${width}x${height},CODECS="${codecString},mp4a.40.2",VIDEO-RANGE=SDR,FRAME-RATE=${fps}`,
+        `${sessionId}/${i}/playlist.m3u8`,
+      );
+    }
+    lines.push('');
+
+    if (lines.length === 3) {
+      throw new NotFoundException('No supported variants for this video');
+    }
+
+    return lines.join('\n');
+  }
+
+  private generateMediaPlaylist({ videoStream, packets }: AssetWithStreamInfo) {
+    const fps = (packets.packetCount * videoStream.timeBase) / packets.totalDuration;
+    const framesPerSegment = Math.ceil(HLS_SEGMENT_DURATION * fps);
+    const fullSegmentDuration = framesPerSegment / fps;
+    const segmentCount = Math.ceil(packets.outputFrames / framesPerSegment);
+    const lastSegmentFrames = packets.outputFrames - framesPerSegment * (segmentCount - 1);
+    const lastSegmentDuration = lastSegmentFrames / fps;
+
+    const lines = [
+      '#EXTM3U',
+      `#EXT-X-VERSION:${HLS_VERSION}`,
+      `#EXT-X-TARGETDURATION:${HLS_SEGMENT_DURATION}`,
+      '#EXT-X-MEDIA-SEQUENCE:0',
+      '#EXT-X-PLAYLIST-TYPE:VOD',
+      '#EXT-X-MAP:URI="init.mp4"',
+    ];
+
+    for (let i = 0; i < segmentCount - 1; i++) {
+      lines.push(`#EXTINF:${fullSegmentDuration.toFixed(6)},`, `seg_${i}.m4s`);
+    }
+    lines.push(`#EXTINF:${lastSegmentDuration.toFixed(6)},`, `seg_${segmentCount - 1}.m4s`, '#EXT-X-ENDLIST', '');
+
+    return lines.join('\n');
+  }
+
+  private getSegmentKey({ sessionId, variantIndex, segmentIndex }: ArgOf<'HlsSegmentResult'>) {
+    return `${sessionId}:${variantIndex}:${segmentIndex}`;
+  }
+
+  private getSegmentIndex(session: ApiSession, filename: string) {
+    if (filename.endsWith('.mp4')) {
+      return (session.lastRequestedSegment ?? -1) + 1;
+    }
+    const segmentIndex = Number.parseInt(HLS_SEGMENT_FILENAME_REGEX.exec(filename)![1]);
+    session.lastRequestedSegment = segmentIndex;
+    return segmentIndex;
+  }
+
+  private trackSession(id: string, variantIndex: number | null = null) {
+    const session = this.sessions.get(id);
+    if (!session) {
+      const newSession = { lastRequestedSegment: null, lastVariantIndex: variantIndex };
+      this.sessions.set(id, newSession);
+      return newSession;
+    }
+
+    if (session.lastVariantIndex !== null && session.lastVariantIndex !== variantIndex) {
+      this.pendingSegments.rejectByPrefix(`${id}:${session.lastVariantIndex}:`, 'Variant changed');
+    }
+    session.lastVariantIndex = variantIndex;
+    return session;
+  }
+}
@@ -11,6 +11,7 @@ import { DatabaseBackupService } from 'src/services/database-backup.service';
 import { DatabaseService } from 'src/services/database.service';
 import { DownloadService } from 'src/services/download.service';
 import { DuplicateService } from 'src/services/duplicate.service';
+import { HlsService } from 'src/services/hls.service';
 import { JobService } from 'src/services/job.service';
 import { LibraryService } from 'src/services/library.service';
 import { MaintenanceService } from 'src/services/maintenance.service';
@@ -39,6 +40,7 @@ import { SystemMetadataService } from 'src/services/system-metadata.service';
 import { TagService } from 'src/services/tag.service';
 import { TelemetryService } from 'src/services/telemetry.service';
 import { TimelineService } from 'src/services/timeline.service';
+import { TranscodingService } from 'src/services/transcoding.service';
 import { TrashService } from 'src/services/trash.service';
 import { UserAdminService } from 'src/services/user-admin.service';
 import { UserService } from 'src/services/user.service';
@@ -61,6 +63,7 @@ export const services = [
  DatabaseService,
  DownloadService,
  DuplicateService,
+  HlsService,
  JobService,
  LibraryService,
  MaintenanceService,
@@ -89,6 +92,7 @@ export const services = [
  TagService,
  TelemetryService,
  TimelineService,
+  TranscodingService,
  TrashService,
  UserAdminService,
  UserService,
@@ -57,7 +57,6 @@ describe(PersonService.name, () => {
        ],
      });
      expect(mocks.person.getAllForUser).toHaveBeenCalledWith({ skip: 0, take: 10 }, auth.user.id, {
-        minimumFaceCount: 3,
        withHidden: true,
      });
    });
@@ -84,7 +83,6 @@ describe(PersonService.name, () => {
        ],
      });
      expect(mocks.person.getAllForUser).toHaveBeenCalledWith({ skip: 0, take: 10 }, auth.user.id, {
-        minimumFaceCount: 3,
        withHidden: false,
      });
    });
@@ -454,6 +452,30 @@ describe(PersonService.name, () => {
      expect(mocks.person.update).not.toHaveBeenCalled();
      expect(mocks.job.queueAll).not.toHaveBeenCalled();
    });
+
+    it('should reject creating a face on an asset the user does not own', async () => {
+      const auth = AuthFactory.create();
+      const asset = AssetFactory.create();
+      const person = PersonFactory.create({ faceAssetId: null });
+
+      mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set());
+      mocks.access.person.checkOwnerAccess.mockResolvedValue(new Set([person.id]));
+
+      await expect(
+        sut.createFace(auth, {
+          assetId: asset.id,
+          personId: person.id,
+          imageHeight: 500,
+          imageWidth: 400,
+          x: 10,
+          y: 20,
+          width: 100,
+          height: 110,
+        }),
+      ).rejects.toBeInstanceOf(BadRequestException);
+
+      expect(mocks.person.createAssetFace).not.toHaveBeenCalled();
+    });
  });

  describe('createNewFeaturePhoto', () => {
@@ -63,9 +63,7 @@ export class PersonService extends BaseService {
      }
      closestFaceAssetId = person.faceAssetId;
    }
-    const { machineLearning } = await this.getConfig({ withCache: false });
    const { items, hasNextPage } = await this.personRepository.getAllForUser(pagination, auth.user.id, {
-      minimumFaceCount: machineLearning.facialRecognition.minFaces,
      withHidden,
      closestFaceAssetId,
    });
@@ -627,7 +625,7 @@ export class PersonService extends BaseService {
  // TODO return a asset face response
  async createFace(auth: AuthDto, dto: AssetFaceCreateDto): Promise<void> {
    await Promise.all([
-      this.requireAccess({ auth, permission: Permission.AssetRead, ids: [dto.assetId] }),
+      this.requireAccess({ auth, permission: Permission.AssetUpdate, ids: [dto.assetId] }),
      this.requireAccess({ auth, permission: Permission.PersonRead, ids: [dto.personId] }),
    ]);

@@ -41,6 +41,7 @@ describe(QueueService.name, () => {
        { name: JobName.PersonCleanup },
        { name: JobName.MemoryCleanup },
        { name: JobName.SessionCleanup },
+        { name: JobName.HlsSessionCleanup },
        { name: JobName.AuditTableCleanup },
        { name: JobName.MemoryGenerate },
        { name: JobName.UserSyncUsage },
@@ -269,6 +269,7 @@ export class QueueService extends BaseService {
        { name: JobName.PersonCleanup },
        { name: JobName.MemoryCleanup },
        { name: JobName.SessionCleanup },
+        { name: JobName.HlsSessionCleanup },
        { name: JobName.AuditTableCleanup },
      );
    }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Min Idzelis	a29dc703b6	refactor(web): expose scaled image dimensions from AdaptiveImage Change-Id: Iae105fb749525739ba8df5b944a73ea66a6a6964	2026-06-03 03:56:29 +00:00
immich-tofu[bot]	92841f311f	Added Code of conduct	2026-06-02 21:57:50 +00:00
immich-tofu[bot]	9d2e576630	chore: modify .github/FUNDING.yml	2026-06-02 21:57:47 +00:00
immich-tofu[bot]	936418a464	chore: use immich.app email for security reports (#10594 ) chore: use immich.app email for security reports	2026-06-02 21:57:45 +00:00
Daniel Dietzler	84c75d95c7	fix: migration order (#28779 )	2026-06-02 21:33:13 +00:00
shenlong	9287fa08c6	fix!: unauthorized face creation (#28561 ) * fix: unauthorized face creation * review changes --------- Co-authored-by: shenlong-tanwen <139912620+shalong-tanwen@users.noreply.github.com>	2026-06-02 22:44:11 +05:30
renovate[bot]	408e1180ca	chore(deps): update machine-learning (#28239 ) * chore(deps): update machine-learning * fix typing * fix deprecation log * no control socket --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: mertalev <101130780+mertalev@users.noreply.github.com>	2026-06-02 16:44:50 +00:00
renovate[bot]	07f19d2caa	chore(deps): update base-image to v202606021219 (#28771 )	2026-06-02 18:31:52 +02:00
Tim Jones	368cb7a4ad	feat: minimum face count per user (#27452 ) * add user metadata table and use to filter persons in person.getAllForUser query * update PersonRepository.getAllForUser query * remove minFaces from PersonSearchOptions interface * fix person.getAllForUser query * update types and openapi specs * add minFaces field to user settings page * remove old arg from tests * add e2e test to verify minimumFace user preference * add i18n label and description for english * update default min faces * fetch minFaces ML default and use as per-user default in frontend * update e2e tests * fix bugs in people getAllForUser query * update person getNumberOfPeople query to reflect correct number of people according to minFaces threshold * updated mobile openapi specs? * use subquery in coalesce instead of join * remove out of scope query update	2026-06-02 18:05:55 +02:00
Timon	109e0a7ad0	fix(mobile): invisible ink splashes in asset sheet (#28756 )	2026-06-02 10:37:20 -05:00
Timon	59750dad7d	feat: places in context search (#28768 )	2026-06-02 17:19:59 +02:00
okxint	13ecfc8876	fix(web): prevent partner assets from being selected in geolocation utility (#28737 ) Co-authored-by: Daniel Dietzler <mail@ddietzler.dev>	2026-06-02 15:05:15 +00:00
Min Idzelis	65d8b35f8b	refactor(web): align gallery-viewer viewport naming and tunables (#28743 )	2026-06-02 14:54:44 +02:00
renovate[bot]	942d3c648c	chore(deps): lock file maintenance (npm) (#28729 )	2026-06-02 14:51:55 +02:00
renovate[bot]	82db8be5ff	chore(deps): update dependency testcontainers to v12 (#28763 )	2026-06-02 12:05:42 +00:00
Min Idzelis	03554b24ad	fix(web): skip thumbhash fade for offscreen thumbnails (#27335 )	2026-06-02 13:42:33 +02:00
renovate[bot]	c5fb67c004	chore(deps): update dependency prettier-plugin-svelte to v4 (#28762 )	2026-06-02 13:38:57 +02:00
renovate[bot]	40983b46c8	chore(deps): update dependency @vitest/coverage-v8 to v4 (#28761 )	2026-06-02 13:37:34 +02:00
renovate[bot]	5dcdbf04ea	chore(deps): update base-image to v202605121138 (#28760 )	2026-06-02 11:47:20 +02:00
renovate[bot]	da8ed3eceb	chore(deps): update docker.io/valkey/valkey:9 docker digest to 4963247 (#28622 )	2026-06-02 08:09:27 +00:00
renovate[bot]	2afde23a5d	chore(deps): update github-actions (#28750 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-06-02 00:39:19 -04:00
renovate[bot]	d57a152040	chore(deps): update prom/prometheus docker digest to 69f5241 (#28757 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-06-02 00:37:42 -04:00
renovate[bot]	728e92ea33	chore(deps): update dependency @immich/ui to v0.79.3 (#28758 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-06-02 00:37:10 -04:00
Mert	138e2d9158	feat(web): hls player (#28312 ) * update e2e * hls player * fix transcoding restart on explicit quality selection * move level filtering to manager * move init to manager declaration * refactor commit on release * these lints... * fix seek sometimes being ignored * fix panic downswitch	2026-06-01 15:49:57 -04:00
Mert	7eabac6702	feat(server): hls with real-time transcoding (#28230 ) * hls implementation * fix stale state after ffmpeg exit	2026-06-01 18:52:29 +00:00
renovate[bot]	cf4789e008	chore(deps): update github-actions (major) (#28752 )	2026-06-01 18:35:36 +00:00
renovate[bot]	412884fce3	chore(deps): update ghcr.io/jdx/mise docker tag to v2026.5.18 (#28749 )	2026-06-01 19:47:53 +02:00
Jason Rasmussen	16aee2b869	fix: album name (#28751 )	2026-06-01 19:45:24 +02:00
Daniel Dietzler	3f7af51531	fix: version check (#28746 )	2026-06-01 13:41:08 -04:00
Brandon Wees	4eb100327e	fix: disallow cross origin/non http protocols for continueUrl on login (#28706 ) * fix: disallow cross origin/non http protocols for continueUrl on login * chore: use Route helper * fix: also use Route.continue in pin code prompt * fix: typecheck	2026-06-01 13:38:26 -04:00
bo0tzz	69b1946484	feat: handle prereleases in publish workflows (#28701 )	2026-06-01 17:11:45 +02:00
bo0tzz	61cd69a286	fix: strip rc suffix from iOS marketing version (#28741 )	2026-06-01 09:56:43 -05:00
Daniel Dietzler	c8a1d0e400	feat: release candidate support (#28665 ) Co-authored-by: shenlong-tanwen <139912620+shalong-tanwen@users.noreply.github.com>	2026-06-01 16:10:07 +02:00
Paul Makles	d120444a87	fix(devcontainer): update build cache volume (#28736 )	2026-06-01 12:41:53 +00:00
				`@@ -1 +0,0 @@`
				`custom: ['https://buy.immich.app', 'https://immich.store']`