Backend: Fix CORS wildcard+credentials, add secret key warning, remove raw
API keys from sync endpoint, fix N+1 queries in watcher/sync, fix
AttributeError on event_types, delete dead scheduled.py/templates.py,
add limit cap on history, re-validate server on URL/key update, apply
tracking/template config IDs in update_target.
HA Integration: Replace datetime.now() with dt_util.now(), fix notification
queue to only remove successfully sent items, use album UUID for entity
unique IDs, add shared links dirty flag and users cache hourly refresh,
deduplicate _is_quiet_hours, add HTTP timeouts, cache albums in config
flow, change iot_class to local_polling.
Frontend: Make i18n reactive via $state (remove window.location.reload),
add Modal transitions/a11y/Escape key, create ConfirmModal replacing all
confirm() calls, add error handling to all pages, replace Unicode nav
icons with MDI SVGs, add card hover effects, dashboard stat icons, global
focus-visible styles, form slide transitions, mobile responsive bottom
nav, fix password error color, add ~20 i18n keys (EN/RU).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fixes 5 issues identified by code-reviewer agent:
1. (Critical) EventLog.tracker_id now nullable - use None instead
of 0 when tracker name doesn't match, avoiding FK constraint
violations on PostgreSQL
2. (Critical) Replace jinja2.Environment with SandboxedEnvironment
in all 3 server template rendering locations to prevent SSTI
3. (Important) Rebuild sync_client in _async_update_listener when
server URL/key options change, propagate to all coordinators
4. (Important) Validate partial server config - require both URL
and API key or neither, with clear error message
5. (Important) Name fire-and-forget sync task for debugging
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Enable the HAOS integration to optionally connect to the standalone
Immich Watcher server for config sync and event reporting.
Server-side:
- New /api/sync/* endpoints: GET trackers, POST template render,
POST event report
- API key auth via X-API-Key header (accepts JWT access tokens)
Integration-side:
- New sync.py: ServerSyncClient with graceful error handling
(all methods return defaults on connection failure)
- Options flow: optional server_url and server_api_key fields
with connection validation
- Coordinator: fire-and-forget event reporting to server when
album changes are detected
- Translations: en.json and ru.json updated with new fields
The connection is fully additive -- the integration works identically
without a server URL configured. Server failures never break HA.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Quiet hours are now specified per send_telegram_notification call via
quiet_hours_start/quiet_hours_end params instead of being a hub-wide
integration option. This allows different automations to use different
quiet hours windows (or none at all).
- Remove quiet_hours_start/end from config options UI and const.py
- Add quiet_hours_start/end as optional HH:MM params on the service
- Remove ignore_quiet_hours param (omit quiet hours params to send immediately)
- Queue stores quiet_hours_end per item; each unique end time gets its
own async_track_time_change timer for replay
- On startup, items whose quiet hours have passed are sent immediately
- Add async_remove_indices() to NotificationQueue for selective removal
- Timers are cleaned up when no more items need them
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add quiet hours support to queue notifications during configured time windows
- Fix UnboundLocalError when single-item document chunk exceeds max_asset_data_size
- Fix document-only multi-item chunks being silently dropped (missing skip guard)
- Fix notification queue entity lookup by storing entity_id in queued params
- Fix quiet hours using OS timezone instead of HA-configured timezone (dt_util.now)
- Fix chat_action schema rejecting empty string from "Disabled" selector
- Fix stale thumbhash cache entries not being removed on mismatch
- Fix translation descriptions for send_large_photos_as_documents
- Add batch async_set_many() to TelegramFileCache to reduce disk writes
- Add max-entries eviction (2000) for thumbhash cache to prevent unbounded growth
- Eliminate redundant _is_asset_id/get_asset_thumbhash lookups in media group loop
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Implement caching for Telegram file_ids to avoid re-uploading the same media.
Cached IDs are reused for subsequent sends, improving performance significantly.
Added configurable cache TTL option (1-168 hours, default 48).
Also added city, state, and country fields from Immich reverse geocoding
to asset data in events and get_assets service.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
