haos-hacs-immich-album-watcher

alexei.dolgolyov/haos-hacs-immich-album-watcher

Fork 0

Commit Graph

Author	SHA1	Message	Date
alexei.dolgolyov	43f83acda9	Fix Phase 5 review issues: SSTI, FK violation, sync rebuild Some checks failed Validate / Hassfest (push) Has been cancelled Details Fixes 5 issues identified by code-reviewer agent: 1. (Critical) EventLog.tracker_id now nullable - use None instead of 0 when tracker name doesn't match, avoiding FK constraint violations on PostgreSQL 2. (Critical) Replace jinja2.Environment with SandboxedEnvironment in all 3 server template rendering locations to prevent SSTI 3. (Important) Rebuild sync_client in _async_update_listener when server URL/key options change, propagate to all coordinators 4. (Important) Validate partial server config - require both URL and API key or neither, with clear error message 5. (Important) Name fire-and-forget sync task for debugging Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-19 14:17:59 +03:00
alexei.dolgolyov	ab1c7ac0db	Add HAOS-Server sync for optional centralized management (Phase 5) Some checks failed Validate / Hassfest (push) Has been cancelled Details Enable the HAOS integration to optionally connect to the standalone Immich Watcher server for config sync and event reporting. Server-side: - New /api/sync/* endpoints: GET trackers, POST template render, POST event report - API key auth via X-API-Key header (accepts JWT access tokens) Integration-side: - New sync.py: ServerSyncClient with graceful error handling (all methods return defaults on connection failure) - Options flow: optional server_url and server_api_key fields with connection validation - Coordinator: fire-and-forget event reporting to server when album changes are detected - Translations: en.json and ru.json updated with new fields The connection is fully additive -- the integration works identically without a server URL configured. Server failures never break HA. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-19 14:10:29 +03:00
alexei.dolgolyov	58b2281dc6	Add standalone FastAPI server backend (Phase 3) Some checks failed Validate / Hassfest (push) Has been cancelled Details Build a complete standalone web server for Immich album change notifications, independent of Home Assistant. Uses the shared core library from Phase 1. Server features: - FastAPI with async SQLite (SQLModel + aiosqlite) - Multi-user auth with JWT (admin/user roles, setup wizard) - CRUD APIs: Immich servers, album trackers, message templates, notification targets (Telegram + webhook), user management - APScheduler background polling per tracker - Jinja2 template rendering with live preview - Album browser proxied from Immich API - Event logging and dashboard status endpoint - Docker deployment (single container, SQLite in volume) 39 API routes, 14 integration tests passing. Also adds Phase 6 (Claude AI Telegram bot enhancement) to the primary plan as an optional future phase. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-19 12:56:22 +03:00

Author

SHA1

Message

Date

alexei.dolgolyov

43f83acda9

Fix Phase 5 review issues: SSTI, FK violation, sync rebuild

Validate / Hassfest (push) Has been cancelled

Details

Fixes 5 issues identified by code-reviewer agent:

1. (Critical) EventLog.tracker_id now nullable - use None instead
   of 0 when tracker name doesn't match, avoiding FK constraint
   violations on PostgreSQL
2. (Critical) Replace jinja2.Environment with SandboxedEnvironment
   in all 3 server template rendering locations to prevent SSTI
3. (Important) Rebuild sync_client in _async_update_listener when
   server URL/key options change, propagate to all coordinators
4. (Important) Validate partial server config - require both URL
   and API key or neither, with clear error message
5. (Important) Name fire-and-forget sync task for debugging

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-19 14:17:59 +03:00

alexei.dolgolyov

ab1c7ac0db

Add HAOS-Server sync for optional centralized management (Phase 5)

Validate / Hassfest (push) Has been cancelled

Details

Enable the HAOS integration to optionally connect to the standalone
Immich Watcher server for config sync and event reporting.

Server-side:
- New /api/sync/* endpoints: GET trackers, POST template render,
  POST event report
- API key auth via X-API-Key header (accepts JWT access tokens)

Integration-side:
- New sync.py: ServerSyncClient with graceful error handling
  (all methods return defaults on connection failure)
- Options flow: optional server_url and server_api_key fields
  with connection validation
- Coordinator: fire-and-forget event reporting to server when
  album changes are detected
- Translations: en.json and ru.json updated with new fields

The connection is fully additive -- the integration works identically
without a server URL configured. Server failures never break HA.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-19 14:10:29 +03:00

alexei.dolgolyov

58b2281dc6

Add standalone FastAPI server backend (Phase 3)

Validate / Hassfest (push) Has been cancelled

Details

Build a complete standalone web server for Immich album change
notifications, independent of Home Assistant. Uses the shared
core library from Phase 1.

Server features:
- FastAPI with async SQLite (SQLModel + aiosqlite)
- Multi-user auth with JWT (admin/user roles, setup wizard)
- CRUD APIs: Immich servers, album trackers, message templates,
  notification targets (Telegram + webhook), user management
- APScheduler background polling per tracker
- Jinja2 template rendering with live preview
- Album browser proxied from Immich API
- Event logging and dashboard status endpoint
- Docker deployment (single container, SQLite in volume)

39 API routes, 14 integration tests passing.

Also adds Phase 6 (Claude AI Telegram bot enhancement) to the
primary plan as an optional future phase.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-19 12:56:22 +03:00

3 Commits