diff --git a/frontend/src/lib/api.ts b/frontend/src/lib/api.ts
index 833ce2d..14a4267 100644
--- a/frontend/src/lib/api.ts
+++ b/frontend/src/lib/api.ts
@@ -55,9 +55,11 @@ async function doRefreshAccessToken(): Promise<boolean> {
 	return false;
 }
 
+const DEFAULT_TIMEOUT_MS = 30_000;
+
 export async function api<T = any>(
 	path: string,
-	options: RequestInit = {}
+	options: RequestInit & { timeoutMs?: number } = {}
 ): Promise<T> {
 	const token = getToken();
 	const headers: Record<string, string> = {
@@ -68,31 +70,40 @@ export async function api<T = any>(
 		headers['Authorization'] = `Bearer ${token}`;
 	}
 
-	let res = await fetch(`${API_BASE}${path}`, { ...options, headers });
+	const { timeoutMs, ...fetchOptions } = options;
+	const controller = new AbortController();
+	const timeout = setTimeout(() => controller.abort(), timeoutMs ?? DEFAULT_TIMEOUT_MS);
+	const signal = options.signal ?? controller.signal;
 
-	// Try token refresh on 401
-	if (res.status === 401 && token) {
-		const refreshed = await refreshAccessToken();
-		if (refreshed) {
-			headers['Authorization'] = `Bearer ${getToken()}`;
-			res = await fetch(`${API_BASE}${path}`, { ...options, headers });
+	try {
+		let res = await fetch(`${API_BASE}${path}`, { ...fetchOptions, headers, signal });
+
+		// Try token refresh on 401
+		if (res.status === 401 && token) {
+			const refreshed = await refreshAccessToken();
+			if (refreshed) {
+				headers['Authorization'] = `Bearer ${getToken()}`;
+				res = await fetch(`${API_BASE}${path}`, { ...fetchOptions, headers, signal });
+			}
 		}
-	}
 
-	if (res.status === 401) {
-		clearTokens();
-		if (typeof window !== 'undefined') {
-			window.location.href = '/login';
+		if (res.status === 401) {
+			clearTokens();
+			if (typeof window !== 'undefined') {
+				window.location.href = '/login';
+			}
+			throw new Error('Unauthorized');
 		}
-		throw new Error('Unauthorized');
+
+		if (res.status === 204) return undefined as T;
+
+		if (!res.ok) {
+			const err = await res.json().catch(() => ({ detail: res.statusText }));
+			throw new Error(err.detail || `HTTP ${res.status}`);
+		}
+
+		return res.json();
+	} finally {
+		clearTimeout(timeout);
 	}
-
-	if (res.status === 204) return undefined as T;
-
-	if (!res.ok) {
-		const err = await res.json().catch(() => ({ detail: res.statusText }));
-		throw new Error(err.detail || `HTTP ${res.status}`);
-	}
-
-	return res.json();
 }
diff --git a/frontend/src/lib/components/SearchPalette.svelte b/frontend/src/lib/components/SearchPalette.svelte
index 40ba56f..cf6f348 100644
--- a/frontend/src/lib/components/SearchPalette.svelte
+++ b/frontend/src/lib/components/SearchPalette.svelte
@@ -136,6 +136,7 @@
 	});
 
 	const flatResults = $derived(results);
+	const flatIndexMap = $derived(new Map(flatResults.map((item, idx) => [item, idx])));
 
 	async function openPalette() {
 		open = true;
@@ -239,7 +240,7 @@
 						{group.label}
 					</div>
 					{#each group.items as item, i}
-						{@const flatIdx = flatResults.indexOf(item)}
+						{@const flatIdx = flatIndexMap.get(item) ?? -1}
 						<button
 							class="sp-item"
 							class:sp-active={flatIdx === activeIndex}
diff --git a/frontend/src/routes/command-template-configs/+page.svelte b/frontend/src/routes/command-template-configs/+page.svelte
index bf97b36..799c92e 100644
--- a/frontend/src/routes/command-template-configs/+page.svelte
+++ b/frontend/src/routes/command-template-configs/+page.svelte
@@ -58,6 +58,12 @@
 	let slotErrorLines = $state<Record<string, number | null>>({});
 	let slotErrorTypes = $state<Record<string, string>>({});
 	let validateTimers: Record<string, ReturnType<typeof setTimeout>> = {};
+	/** Clean up validate timers on unmount */
+	onMount(() => {
+		return () => {
+			for (const timer of Object.values(validateTimers)) clearTimeout(timer);
+		};
+	});
 	let varsRef = $state<Record<string, any>>({});
 	let showVarsFor = $state<string | null>(null);
 	let activeLocale = $state<string>('en');
@@ -110,10 +116,12 @@
 		return form.slots[slotName]?.[activeLocale] || '';
 	}
 
-	/** Set slot template for current locale. */
+	/** Set slot template for current locale (immutable update). */
 	function setSlotValue(slotName: string, value: string) {
-		if (!form.slots[slotName]) form.slots[slotName] = {};
-		form.slots[slotName][activeLocale] = value;
+		form.slots = {
+			...form.slots,
+			[slotName]: { ...(form.slots[slotName] || {}), [activeLocale]: value }
+		};
 	}
 
 	onMount(load);
@@ -425,9 +433,9 @@
 							<p class="font-medium">{config.name}</p>
 							<span class="text-xs px-1.5 py-0.5 rounded bg-[var(--color-muted)] text-[var(--color-muted-foreground)]">{config.provider_type}</span>
 							{#if config.user_id === 0}
-								<span class="text-xs px-1.5 py-0.5 rounded bg-[var(--color-muted)] text-[var(--color-muted-foreground)]">System</span>
+								<span class="text-xs px-1.5 py-0.5 rounded bg-[var(--color-muted)] text-[var(--color-muted-foreground)]">{t('common.system')}</span>
 							{/if}
-							<span class="text-xs px-1.5 py-0.5 rounded bg-[var(--color-muted)] text-[var(--color-muted-foreground)]">{Object.keys(config.slots).length} slots</span>
+							<span class="text-xs px-1.5 py-0.5 rounded bg-[var(--color-muted)] text-[var(--color-muted-foreground)]">{Object.keys(config.slots).length} {t('templateConfig.slots')}</span>
 						</div>
 						{#if config.description}
 							<p class="text-sm text-[var(--color-muted-foreground)] mt-1">{config.description}</p>
diff --git a/frontend/src/routes/providers/+page.svelte b/frontend/src/routes/providers/+page.svelte
index 168ea1b..4d6ee4e 100644
--- a/frontend/src/routes/providers/+page.svelte
+++ b/frontend/src/routes/providers/+page.svelte
@@ -56,8 +56,8 @@
 		} catch (err: any) {
 			loadError = err.message || t('providers.loadError');
 		} finally { loaded = true; highlightFromUrl(); }
-		// Ping all providers in background
-		for (const p of providers) {
+		// Ping all providers in background (use unfiltered list)
+		for (const p of allProviders) {
 			health = { ...health, [p.id]: null };
 			api(`/providers/${p.id}/test`, { method: 'POST' })
 				.then((r: any) => { health = { ...health, [p.id]: r.ok }; })
diff --git a/packages/core/src/notify_bridge_core/providers/base.py b/packages/core/src/notify_bridge_core/providers/base.py
index c3b9d40..ef99bf9 100644
--- a/packages/core/src/notify_bridge_core/providers/base.py
+++ b/packages/core/src/notify_bridge_core/providers/base.py
@@ -19,6 +19,7 @@ class ServiceProviderType(str, Enum):
     PLANKA = "planka"
     SCHEDULER = "scheduler"
     NUT = "nut"
+    GOOGLE_PHOTOS = "google_photos"
 
 
 class ServiceProvider(ABC):
diff --git a/packages/core/src/notify_bridge_core/providers/capabilities.py b/packages/core/src/notify_bridge_core/providers/capabilities.py
index 23a06fc..d402055 100644
--- a/packages/core/src/notify_bridge_core/providers/capabilities.py
+++ b/packages/core/src/notify_bridge_core/providers/capabilities.py
@@ -352,6 +352,61 @@ NUT_CAPABILITIES = ProviderCapabilities(
     ],
 )
 
+# ---------------------------------------------------------------------------
+# Google Photos provider capabilities
+# ---------------------------------------------------------------------------
+
+GOOGLE_PHOTOS_CAPABILITIES = ProviderCapabilities(
+    provider_type="google_photos",
+    display_name="Google Photos",
+    webhook_based=False,
+    supported_filters=[
+        {"key": "collections", "label": "Albums", "type": "select", "source": "api"},
+    ],
+    notification_slots=[
+        {"name": "message_assets_added", "description": "New media added to album"},
+        {"name": "message_assets_removed", "description": "Media removed from album"},
+        {"name": "message_collection_renamed", "description": "Album renamed"},
+        {"name": "message_collection_deleted", "description": "Album deleted"},
+        {"name": "message_sharing_changed", "description": "Sharing status changed"},
+    ],
+    events=[
+        {"name": "assets_added", "description": "New media detected in album"},
+        {"name": "assets_removed", "description": "Media removed from album"},
+        {"name": "collection_renamed", "description": "Album was renamed"},
+        {"name": "collection_deleted", "description": "Album was deleted"},
+        {"name": "sharing_changed", "description": "Album sharing status changed"},
+    ],
+    command_slots=[
+        {"name": "start", "description": "/start greeting message"},
+        {"name": "help", "description": "/help command listing"},
+        {"name": "status", "description": "/status tracker summary"},
+        {"name": "albums", "description": "/albums tracked albums list"},
+        {"name": "latest", "description": "/latest recent photos"},
+        {"name": "search", "description": "/search by category or date"},
+        {"name": "random", "description": "/random random photos"},
+        {"name": "rate_limited", "description": "Rate limit warning message"},
+        {"name": "no_results", "description": "Empty results fallback"},
+        {"name": "desc_help", "description": "Menu description for /help"},
+        {"name": "desc_status", "description": "Menu description for /status"},
+        {"name": "desc_albums", "description": "Menu description for /albums"},
+        {"name": "desc_latest", "description": "Menu description for /latest"},
+        {"name": "usage_latest", "description": "Usage example for /latest"},
+        {"name": "desc_search", "description": "Menu description for /search"},
+        {"name": "usage_search", "description": "Usage example for /search"},
+        {"name": "desc_random", "description": "Menu description for /random"},
+        {"name": "usage_random", "description": "Usage example for /random"},
+    ],
+    commands=[
+        {"name": "status", "description": "Show tracker status"},
+        {"name": "albums", "description": "List tracked albums"},
+        {"name": "latest", "description": "Show latest photos"},
+        {"name": "search", "description": "Search media"},
+        {"name": "random", "description": "Random photos"},
+        {"name": "help", "description": "Show commands"},
+    ],
+)
+
 # ---------------------------------------------------------------------------
 # Registry
 # ---------------------------------------------------------------------------
@@ -362,6 +417,7 @@ _REGISTRY: dict[str, ProviderCapabilities] = {
     "planka": PLANKA_CAPABILITIES,
     "scheduler": SCHEDULER_CAPABILITIES,
     "nut": NUT_CAPABILITIES,
+    "google_photos": GOOGLE_PHOTOS_CAPABILITIES,
 }
 
 
diff --git a/packages/core/src/notify_bridge_core/providers/google_photos/__init__.py b/packages/core/src/notify_bridge_core/providers/google_photos/__init__.py
new file mode 100644
index 0000000..39d0eb5
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/providers/google_photos/__init__.py
@@ -0,0 +1,17 @@
+"""Google Photos service provider implementation."""
+
+from notify_bridge_core.providers.base import ServiceProviderType
+from notify_bridge_core.templates.variables import registry
+
+from .client import GooglePhotosClient, GooglePhotosApiError
+from .provider import GooglePhotosServiceProvider, GOOGLE_PHOTOS_VARIABLES
+
+# Register Google Photos variables in the global registry
+registry.register_provider_variables(ServiceProviderType.GOOGLE_PHOTOS, GOOGLE_PHOTOS_VARIABLES)
+
+__all__ = [
+    "GooglePhotosClient",
+    "GooglePhotosApiError",
+    "GooglePhotosServiceProvider",
+    "GOOGLE_PHOTOS_VARIABLES",
+]
diff --git a/packages/core/src/notify_bridge_core/providers/google_photos/client.py b/packages/core/src/notify_bridge_core/providers/google_photos/client.py
new file mode 100644
index 0000000..0aef5ed
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/providers/google_photos/client.py
@@ -0,0 +1,275 @@
+"""Google Photos Library API async client with OAuth2 token refresh."""
+
+from __future__ import annotations
+
+import logging
+import time
+from typing import Any
+
+import aiohttp
+
+from .constants import (
+    API_BASE_URL,
+    MAX_BATCH_GET,
+    MAX_PAGE_SIZE,
+    TOKEN_URL,
+)
+from .models import GooglePhotosAlbumData, GooglePhotosMediaItem
+
+_LOGGER = logging.getLogger(__name__)
+
+
+class GooglePhotosApiError(Exception):
+    """Raised when the Google Photos API returns an error."""
+
+    def __init__(self, status: int, message: str) -> None:
+        self.status = status
+        super().__init__(f"Google Photos API error {status}: {message}")
+
+
+class GooglePhotosClient:
+    """Async HTTP client for the Google Photos Library API."""
+
+    def __init__(
+        self,
+        session: aiohttp.ClientSession,
+        client_id: str,
+        client_secret: str,
+        refresh_token: str,
+    ) -> None:
+        self._session = session
+        self._client_id = client_id
+        self._client_secret = client_secret
+        self._refresh_token = refresh_token
+        self._access_token: str | None = None
+        self._token_expires_at: float = 0.0
+
+    @property
+    def access_token(self) -> str | None:
+        """Current access token (may be expired)."""
+        return self._access_token
+
+    async def _ensure_token(self) -> None:
+        """Refresh the OAuth2 access token if expired or missing."""
+        if self._access_token and time.monotonic() < self._token_expires_at:
+            return
+
+        _LOGGER.debug("Refreshing Google Photos access token")
+        data = {
+            "client_id": self._client_id,
+            "client_secret": self._client_secret,
+            "refresh_token": self._refresh_token,
+            "grant_type": "refresh_token",
+        }
+        async with self._session.post(TOKEN_URL, data=data) as resp:
+            if resp.status != 200:
+                body = await resp.text()
+                raise GooglePhotosApiError(resp.status, f"Token refresh failed: {body}")
+            result = await resp.json()
+
+        self._access_token = result["access_token"]
+        # Refresh ~60s before actual expiry to avoid races
+        expires_in = result.get("expires_in", 3600)
+        self._token_expires_at = time.monotonic() + expires_in - 60
+
+    async def _request(
+        self,
+        method: str,
+        path: str,
+        *,
+        params: dict[str, Any] | None = None,
+        json_body: dict[str, Any] | None = None,
+    ) -> dict[str, Any]:
+        """Make an authenticated API request."""
+        await self._ensure_token()
+        url = f"{API_BASE_URL}/{path}"
+        headers = {"Authorization": f"Bearer {self._access_token}"}
+
+        async with self._session.request(
+            method, url, headers=headers, params=params, json=json_body,
+        ) as resp:
+            if resp.status == 200:
+                return await resp.json()
+            body = await resp.text()
+            raise GooglePhotosApiError(resp.status, body)
+
+    # ------------------------------------------------------------------
+    # Albums
+    # ------------------------------------------------------------------
+
+    async def ping(self) -> bool:
+        """Test connectivity by listing a single album."""
+        try:
+            await self._request("GET", "albums", params={"pageSize": "1"})
+            return True
+        except Exception:
+            _LOGGER.exception("Google Photos ping failed")
+            return False
+
+    async def list_albums(self, *, include_shared: bool = True) -> list[dict[str, Any]]:
+        """List all albums (owned + optionally shared)."""
+        albums: list[dict[str, Any]] = []
+
+        # Owned albums
+        page_token: str | None = None
+        while True:
+            params: dict[str, str] = {"pageSize": str(MAX_PAGE_SIZE)}
+            if page_token:
+                params["pageToken"] = page_token
+            result = await self._request("GET", "albums", params=params)
+            albums.extend(result.get("albums", []))
+            page_token = result.get("nextPageToken")
+            if not page_token:
+                break
+
+        # Shared albums
+        if include_shared:
+            page_token = None
+            while True:
+                params = {"pageSize": str(MAX_PAGE_SIZE)}
+                if page_token:
+                    params["pageToken"] = page_token
+                result = await self._request("GET", "sharedAlbums", params=params)
+                shared = result.get("sharedAlbums", [])
+                # Deduplicate: shared albums the user owns are already in the owned list
+                existing_ids = {a["id"] for a in albums}
+                albums.extend(a for a in shared if a.get("id") not in existing_ids)
+                page_token = result.get("nextPageToken")
+                if not page_token:
+                    break
+
+        return albums
+
+    async def get_album(self, album_id: str) -> dict[str, Any] | None:
+        """Get a single album by ID."""
+        try:
+            return await self._request("GET", f"albums/{album_id}")
+        except GooglePhotosApiError as e:
+            if e.status == 404:
+                return None
+            raise
+
+    async def get_album_with_items(self, album_id: str) -> GooglePhotosAlbumData | None:
+        """Fetch album metadata + all media items."""
+        album_data = await self.get_album(album_id)
+        if album_data is None:
+            return None
+
+        items = await self.list_media_items(album_id)
+        return GooglePhotosAlbumData.from_api_response(album_data, items)
+
+    # ------------------------------------------------------------------
+    # Media items
+    # ------------------------------------------------------------------
+
+    async def list_media_items(self, album_id: str) -> list[GooglePhotosMediaItem]:
+        """List all media items in an album (handles pagination)."""
+        items: list[GooglePhotosMediaItem] = []
+        page_token: str | None = None
+
+        while True:
+            body: dict[str, Any] = {
+                "albumId": album_id,
+                "pageSize": MAX_PAGE_SIZE,
+            }
+            if page_token:
+                body["pageToken"] = page_token
+
+            result = await self._request("POST", "mediaItems:search", json_body=body)
+            for raw in result.get("mediaItems", []):
+                items.append(GooglePhotosMediaItem.from_api_response(raw))
+
+            page_token = result.get("nextPageToken")
+            if not page_token:
+                break
+
+        return items
+
+    async def get_media_item(self, media_item_id: str) -> GooglePhotosMediaItem | None:
+        """Get a single media item (with fresh baseUrl)."""
+        try:
+            data = await self._request("GET", f"mediaItems/{media_item_id}")
+            return GooglePhotosMediaItem.from_api_response(data)
+        except GooglePhotosApiError as e:
+            if e.status == 404:
+                return None
+            raise
+
+    async def get_media_items_batch(
+        self, media_item_ids: list[str],
+    ) -> dict[str, GooglePhotosMediaItem]:
+        """Batch-get media items (up to 50 per call). Returns dict keyed by ID."""
+        result: dict[str, GooglePhotosMediaItem] = {}
+
+        for i in range(0, len(media_item_ids), MAX_BATCH_GET):
+            chunk = media_item_ids[i : i + MAX_BATCH_GET]
+
+            # batchGet requires repeated query params (mediaItemIds=a&mediaItemIds=b)
+            # which _request() doesn't support, so we make the request manually.
+            await self._ensure_token()
+            url = f"{API_BASE_URL}/mediaItems:batchGet"
+            headers = {"Authorization": f"Bearer {self._access_token}"}
+            query_params = "&".join(f"mediaItemIds={mid}" for mid in chunk)
+            async with self._session.get(f"{url}?{query_params}", headers=headers) as resp:
+                if resp.status != 200:
+                    body = await resp.text()
+                    _LOGGER.error("batchGet failed: %s %s", resp.status, body)
+                    continue
+                data = await resp.json()
+
+            for item_result in data.get("mediaItemResults", []):
+                media_item = item_result.get("mediaItem")
+                if media_item:
+                    parsed = GooglePhotosMediaItem.from_api_response(media_item)
+                    result[parsed.id] = parsed
+
+        return result
+
+    async def search_media_items(
+        self,
+        *,
+        album_id: str | None = None,
+        category: str | None = None,
+        media_type: str | None = None,
+        date_start: str | None = None,
+        date_end: str | None = None,
+        page_size: int = 25,
+    ) -> list[GooglePhotosMediaItem]:
+        """Search media items with filters."""
+        body: dict[str, Any] = {"pageSize": min(page_size, MAX_PAGE_SIZE)}
+
+        if album_id:
+            body["albumId"] = album_id
+        else:
+            filters: dict[str, Any] = {}
+            if category:
+                filters["contentFilter"] = {
+                    "includedContentCategories": [category.upper()],
+                }
+            if media_type:
+                filters["mediaTypeFilter"] = {"mediaTypes": [media_type.upper()]}
+            if date_start or date_end:
+                date_filter: dict[str, Any] = {}
+                if date_start:
+                    parts = date_start.split("-")
+                    date_filter["startDate"] = {
+                        "year": int(parts[0]),
+                        "month": int(parts[1]),
+                        "day": int(parts[2]),
+                    }
+                if date_end:
+                    parts = date_end.split("-")
+                    date_filter["endDate"] = {
+                        "year": int(parts[0]),
+                        "month": int(parts[1]),
+                        "day": int(parts[2]),
+                    }
+                filters["dateFilter"] = {"ranges": [date_filter]}
+            if filters:
+                body["filters"] = filters
+
+        result = await self._request("POST", "mediaItems:search", json_body=body)
+        return [
+            GooglePhotosMediaItem.from_api_response(raw)
+            for raw in result.get("mediaItems", [])
+        ]
diff --git a/packages/core/src/notify_bridge_core/providers/google_photos/constants.py b/packages/core/src/notify_bridge_core/providers/google_photos/constants.py
new file mode 100644
index 0000000..b08f227
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/providers/google_photos/constants.py
@@ -0,0 +1,26 @@
+"""Google Photos provider constants."""
+
+from typing import Final
+
+# Google Photos Library API
+API_BASE_URL: Final = "https://photoslibrary.googleapis.com/v1"
+TOKEN_URL: Final = "https://oauth2.googleapis.com/token"
+
+# OAuth scopes
+SCOPE_READONLY: Final = "https://www.googleapis.com/auth/photoslibrary.readonly"
+SCOPE_SHARING: Final = "https://www.googleapis.com/auth/photoslibrary.sharing"
+
+# API limits
+MAX_PAGE_SIZE: Final = 100  # max items per page
+MAX_BATCH_GET: Final = 50  # max items per batchGet call
+
+# Asset URL suffixes (appended to baseUrl)
+PHOTO_DOWNLOAD_SUFFIX: Final = "=w2048-h2048"  # max resolution photo
+PHOTO_THUMBNAIL_SUFFIX: Final = "=w512-h512"
+VIDEO_DOWNLOAD_SUFFIX: Final = "=dv"  # video download
+
+# Cache key prefix for Telegram file_id cache
+CACHE_HOST: Final = "photos.googleapis.com"
+
+# Defaults
+DEFAULT_SCAN_INTERVAL: Final = 120  # seconds (Google API quota is tighter than Immich)
diff --git a/packages/core/src/notify_bridge_core/providers/google_photos/models.py b/packages/core/src/notify_bridge_core/providers/google_photos/models.py
new file mode 100644
index 0000000..270793b
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/providers/google_photos/models.py
@@ -0,0 +1,108 @@
+"""Google Photos data models."""
+
+from __future__ import annotations
+
+from dataclasses import dataclass, field
+from typing import Any
+
+
+@dataclass
+class GooglePhotosMediaItem:
+    """A media item from the Google Photos Library API."""
+
+    id: str
+    filename: str
+    mime_type: str
+    created_at: str  # mediaMetadata.creationTime (ISO 8601)
+    base_url: str  # temporary download URL (expires ~60 min)
+    product_url: str  # permanent link to Google Photos UI
+    width: int | None = None
+    height: int | None = None
+    description: str = ""
+    is_video: bool = False
+
+    @property
+    def is_processed(self) -> bool:
+        """A media item is considered processed if it has a base_url."""
+        return bool(self.base_url)
+
+    @classmethod
+    def from_api_response(cls, data: dict[str, Any]) -> GooglePhotosMediaItem:
+        """Parse a mediaItem response from the Google Photos API."""
+        metadata = data.get("mediaMetadata", {})
+        mime_type = data.get("mimeType", "")
+        is_video = mime_type.startswith("video/") or "video" in metadata
+
+        width = None
+        height = None
+        if "width" in metadata:
+            try:
+                width = int(metadata["width"])
+            except (ValueError, TypeError):
+                pass
+        if "height" in metadata:
+            try:
+                height = int(metadata["height"])
+            except (ValueError, TypeError):
+                pass
+
+        return cls(
+            id=data["id"],
+            filename=data.get("filename", ""),
+            mime_type=mime_type,
+            created_at=metadata.get("creationTime", ""),
+            base_url=data.get("baseUrl", ""),
+            product_url=data.get("productUrl", ""),
+            width=width,
+            height=height,
+            description=data.get("description", ""),
+            is_video=is_video,
+        )
+
+
+@dataclass
+class GooglePhotosAlbumData:
+    """Full album data assembled from Google Photos API responses."""
+
+    id: str
+    name: str
+    asset_count: int
+    product_url: str
+    is_shared: bool
+    cover_photo_id: str | None = None
+    share_info: dict[str, Any] = field(default_factory=dict)
+    asset_ids: set[str] = field(default_factory=set)
+    assets: dict[str, GooglePhotosMediaItem] = field(default_factory=dict)
+
+    @property
+    def photo_count(self) -> int:
+        return sum(1 for a in self.assets.values() if not a.is_video)
+
+    @property
+    def video_count(self) -> int:
+        return sum(1 for a in self.assets.values() if a.is_video)
+
+    @classmethod
+    def from_api_response(
+        cls, album_data: dict[str, Any], media_items: list[GooglePhotosMediaItem],
+    ) -> GooglePhotosAlbumData:
+        """Build album data from album metadata + fetched media items."""
+        asset_ids: set[str] = set()
+        assets: dict[str, GooglePhotosMediaItem] = {}
+        for item in media_items:
+            asset_ids.add(item.id)
+            assets[item.id] = item
+
+        share_info = album_data.get("shareInfo", {})
+
+        return cls(
+            id=album_data["id"],
+            name=album_data.get("title", "Untitled"),
+            asset_count=int(album_data.get("mediaItemsCount", len(asset_ids))),
+            product_url=album_data.get("productUrl", ""),
+            is_shared=bool(share_info),
+            cover_photo_id=album_data.get("coverPhotoMediaItemId"),
+            share_info=share_info,
+            asset_ids=asset_ids,
+            assets=assets,
+        )
diff --git a/packages/core/src/notify_bridge_core/providers/google_photos/provider.py b/packages/core/src/notify_bridge_core/providers/google_photos/provider.py
new file mode 100644
index 0000000..4e49e07
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/providers/google_photos/provider.py
@@ -0,0 +1,226 @@
+"""Google Photos service provider — concrete implementation of ServiceProvider."""
+
+from __future__ import annotations
+
+import logging
+from typing import Any
+
+import aiohttp
+
+from notify_bridge_core.models.events import ServiceEvent
+from notify_bridge_core.providers.base import ServiceProvider, ServiceProviderType
+from notify_bridge_core.templates.variables import TemplateVariableDefinition
+
+from .change_detector import detect_album_changes
+from .client import GooglePhotosClient
+from .models import GooglePhotosAlbumData
+
+_LOGGER = logging.getLogger(__name__)
+
+
+# Google Photos specific template variables
+GOOGLE_PHOTOS_VARIABLES: list[TemplateVariableDefinition] = [
+    TemplateVariableDefinition(
+        name="album_name",
+        type="string",
+        description="Album name (alias for collection_name)",
+        example="Vacation 2026",
+        provider_type=ServiceProviderType.GOOGLE_PHOTOS,
+    ),
+    TemplateVariableDefinition(
+        name="album_id",
+        type="string",
+        description="Album ID (alias for collection_id)",
+        example="ABc123...",
+        provider_type=ServiceProviderType.GOOGLE_PHOTOS,
+    ),
+    TemplateVariableDefinition(
+        name="album_url",
+        type="string",
+        description="Web URL to the album in Google Photos",
+        example="https://photos.google.com/lr/album/ABc123...",
+        provider_type=ServiceProviderType.GOOGLE_PHOTOS,
+    ),
+    TemplateVariableDefinition(
+        name="photo_count",
+        type="int",
+        description="Number of photos in album",
+        example="42",
+        provider_type=ServiceProviderType.GOOGLE_PHOTOS,
+    ),
+    TemplateVariableDefinition(
+        name="video_count",
+        type="int",
+        description="Number of videos in album",
+        example="8",
+        provider_type=ServiceProviderType.GOOGLE_PHOTOS,
+    ),
+    TemplateVariableDefinition(
+        name="shared",
+        type="bool",
+        description="Whether the album is shared",
+        example="true",
+        provider_type=ServiceProviderType.GOOGLE_PHOTOS,
+    ),
+    TemplateVariableDefinition(
+        name="old_album_name",
+        type="string",
+        description="Previous album name (for rename events)",
+        example="Old Name",
+        provider_type=ServiceProviderType.GOOGLE_PHOTOS,
+    ),
+    TemplateVariableDefinition(
+        name="new_album_name",
+        type="string",
+        description="New album name (for rename events)",
+        example="New Name",
+        provider_type=ServiceProviderType.GOOGLE_PHOTOS,
+    ),
+]
+
+
+class GooglePhotosServiceProvider(ServiceProvider):
+    """Google Photos Library API provider."""
+
+    provider_type = ServiceProviderType.GOOGLE_PHOTOS
+
+    def __init__(
+        self,
+        session: aiohttp.ClientSession,
+        client_id: str,
+        client_secret: str,
+        refresh_token: str,
+        name: str = "Google Photos",
+    ) -> None:
+        self._client = GooglePhotosClient(session, client_id, client_secret, refresh_token)
+        self._name = name
+
+    @property
+    def client(self) -> GooglePhotosClient:
+        return self._client
+
+    async def connect(self) -> bool:
+        return await self._client.ping()
+
+    async def disconnect(self) -> None:
+        pass  # session lifecycle managed by caller
+
+    async def poll(
+        self,
+        collection_ids: list[str],
+        tracker_state: dict[str, Any],
+    ) -> tuple[list[ServiceEvent], dict[str, Any]]:
+        events: list[ServiceEvent] = []
+        new_state = dict(tracker_state)
+
+        for album_id in collection_ids:
+            album = await self._client.get_album_with_items(album_id)
+            if album is None:
+                # Album deleted or inaccessible
+                if album_id in new_state:
+                    from notify_bridge_core.models.events import EventType
+                    from datetime import datetime, timezone
+
+                    events.append(ServiceEvent(
+                        event_type=EventType.COLLECTION_DELETED,
+                        provider_type=ServiceProviderType.GOOGLE_PHOTOS,
+                        provider_name=self._name,
+                        collection_id=album_id,
+                        collection_name=new_state.get(album_id, {}).get("name", "Unknown"),
+                        timestamp=datetime.now(timezone.utc),
+                    ))
+                    del new_state[album_id]
+                continue
+
+            # Get previous state
+            prev = new_state.get(album_id)
+            if prev is None:
+                # First time seeing this album — store state, no event
+                new_state[album_id] = _serialize_album_state(album)
+                continue
+
+            # Reconstruct previous album data for comparison
+            old_album = _deserialize_album_state(album_id, prev)
+            pending = set(prev.get("pending_asset_ids", []))
+
+            detected_events, updated_pending = detect_album_changes(
+                old_album, album, pending, self._name,
+            )
+
+            if detected_events:
+                events.extend(detected_events)
+
+            # Update state
+            state = _serialize_album_state(album)
+            state["pending_asset_ids"] = list(updated_pending)
+            new_state[album_id] = state
+
+        return events, new_state
+
+    def get_available_variables(self) -> list[TemplateVariableDefinition]:
+        return list(GOOGLE_PHOTOS_VARIABLES)
+
+    def get_provider_config_schema(self) -> dict[str, Any]:
+        return {
+            "type": "object",
+            "properties": {
+                "client_id": {
+                    "type": "string",
+                    "description": "Google OAuth2 Client ID",
+                },
+                "client_secret": {
+                    "type": "string",
+                    "description": "Google OAuth2 Client Secret",
+                    "secret": True,
+                },
+                "refresh_token": {
+                    "type": "string",
+                    "description": "OAuth2 Refresh Token (from Google OAuth Playground)",
+                    "secret": True,
+                },
+            },
+            "required": ["client_id", "client_secret", "refresh_token"],
+        }
+
+    async def list_collections(self) -> list[dict[str, Any]]:
+        albums = await self._client.list_albums(include_shared=True)
+        return [
+            {
+                "id": a.get("id", ""),
+                "name": a.get("title", "Untitled"),
+                "asset_count": int(a.get("mediaItemsCount", 0)),
+            }
+            for a in albums
+        ]
+
+    async def test_connection(self) -> dict[str, Any]:
+        ok = await self._client.ping()
+        if ok:
+            albums = await self._client.list_albums(include_shared=False)
+            return {
+                "ok": True,
+                "message": f"Connected to Google Photos ({len(albums)} albums found)",
+            }
+        return {"ok": False, "message": "Failed to connect to Google Photos"}
+
+
+def _serialize_album_state(album: GooglePhotosAlbumData) -> dict[str, Any]:
+    """Serialize album state for persistence."""
+    return {
+        "name": album.name,
+        "asset_ids": list(album.asset_ids),
+        "shared": album.is_shared,
+        "pending_asset_ids": [],
+    }
+
+
+def _deserialize_album_state(album_id: str, state: dict[str, Any]) -> GooglePhotosAlbumData:
+    """Create a minimal GooglePhotosAlbumData from saved state for comparison."""
+    return GooglePhotosAlbumData(
+        id=album_id,
+        name=state.get("name", ""),
+        asset_count=len(state.get("asset_ids", [])),
+        product_url="",
+        is_shared=state.get("shared", False),
+        asset_ids=set(state.get("asset_ids", [])),
+    )
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/albums.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/albums.jinja2
new file mode 100644
index 0000000..c557527
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/albums.jinja2
@@ -0,0 +1,8 @@
+📚 Tracked albums:
+{%- if albums %}
+{%- for album in albums %}
+  • {{ album.name }} ({{ album.asset_count }} items)
+{%- endfor %}
+{%- else %}
+  (none)
+{%- endif %}
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/desc_albums.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/desc_albums.jinja2
new file mode 100644
index 0000000..b955486
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/desc_albums.jinja2
@@ -0,0 +1 @@
+List tracked albums
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/desc_help.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/desc_help.jinja2
new file mode 100644
index 0000000..11b9c33
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/desc_help.jinja2
@@ -0,0 +1 @@
+Show available commands
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/desc_latest.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/desc_latest.jinja2
new file mode 100644
index 0000000..9e414dc
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/desc_latest.jinja2
@@ -0,0 +1 @@
+Show latest photos
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/desc_random.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/desc_random.jinja2
new file mode 100644
index 0000000..df56926
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/desc_random.jinja2
@@ -0,0 +1 @@
+Random photos
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/desc_search.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/desc_search.jinja2
new file mode 100644
index 0000000..c4fda60
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/desc_search.jinja2
@@ -0,0 +1 @@
+Search photos by category
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/desc_status.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/desc_status.jinja2
new file mode 100644
index 0000000..bd33199
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/desc_status.jinja2
@@ -0,0 +1 @@
+Show tracker status
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/help.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/help.jinja2
new file mode 100644
index 0000000..4da05f9
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/help.jinja2
@@ -0,0 +1,4 @@
+📷 <b>Available Commands</b>
+{%- for cmd in commands %}
+/{{ cmd.name }} — {{ cmd.description }}
+{%- endfor %}
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/latest.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/latest.jinja2
new file mode 100644
index 0000000..da93f6f
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/latest.jinja2
@@ -0,0 +1,4 @@
+📸 Latest:
+{%- for asset in assets %}
+  • {{ asset.originalFileName }}{% if asset.year %} ({{ asset.year }}){% endif %}
+{%- endfor %}
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/no_results.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/no_results.jinja2
new file mode 100644
index 0000000..bb280ad
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/no_results.jinja2
@@ -0,0 +1 @@
+No results found.
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/random.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/random.jinja2
new file mode 100644
index 0000000..ff857ed
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/random.jinja2
@@ -0,0 +1,4 @@
+🎲 Random:
+{%- for asset in assets %}
+  • {{ asset.originalFileName }}
+{%- endfor %}
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/rate_limited.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/rate_limited.jinja2
new file mode 100644
index 0000000..28aa37f
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/rate_limited.jinja2
@@ -0,0 +1 @@
+⏳ Too many requests. Please wait a moment before trying again.
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/search.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/search.jinja2
new file mode 100644
index 0000000..0cd9e05
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/search.jinja2
@@ -0,0 +1,4 @@
+🔍 Results for "{{ query }}":
+{%- for asset in assets %}
+  • {{ asset.originalFileName }}{% if asset.year %} ({{ asset.year }}){% endif %}
+{%- endfor %}
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/start.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/start.jinja2
new file mode 100644
index 0000000..9261f99
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/start.jinja2
@@ -0,0 +1,2 @@
+👋 Hi! I'm your Notify Bridge bot for <b>Google Photos</b>.
+Use /help to see available commands.
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/status.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/status.jinja2
new file mode 100644
index 0000000..67f0ae3
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/status.jinja2
@@ -0,0 +1,6 @@
+📷 <b>Google Photos Status</b>
+Service: {{ service_name }}
+Tracked albums: {{ album_count }}
+{%- if last_event %}
+Last event: {{ last_event.type }} ({{ last_event.time }})
+{%- endif %}
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/usage_latest.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/usage_latest.jinja2
new file mode 100644
index 0000000..ec24199
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/usage_latest.jinja2
@@ -0,0 +1 @@
+/latest [count]
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/usage_random.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/usage_random.jinja2
new file mode 100644
index 0000000..11368d2
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/usage_random.jinja2
@@ -0,0 +1 @@
+/random [count]
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/usage_search.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/usage_search.jinja2
new file mode 100644
index 0000000..e97ea35
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/en/google_photos/usage_search.jinja2
@@ -0,0 +1 @@
+/search [category]
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/loader.py b/packages/core/src/notify_bridge_core/templates/command_defaults/loader.py
index b0c8e15..70f1d13 100644
--- a/packages/core/src/notify_bridge_core/templates/command_defaults/loader.py
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/loader.py
@@ -47,6 +47,16 @@ PROVIDER_COMMAND_SLOTS: dict[str, list[str]] = {
         # Description slots
         "desc_help", "desc_status", "desc_devices", "desc_battery",
     ],
+    "google_photos": [
+        # Response templates
+        "start", "help", "status", "albums", "latest", "search", "random",
+        "rate_limited", "no_results",
+        # Description slots
+        "desc_help", "desc_status", "desc_albums",
+        "desc_latest", "desc_search", "desc_random",
+        # Usage example slots
+        "usage_latest", "usage_search", "usage_random",
+    ],
 }
 
 # Backward-compatible aliases
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/albums.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/albums.jinja2
new file mode 100644
index 0000000..cfbe60e
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/albums.jinja2
@@ -0,0 +1,8 @@
+📚 Отслеживаемые альбомы:
+{%- if albums %}
+{%- for album in albums %}
+  • {{ album.name }} ({{ album.asset_count }} элементов)
+{%- endfor %}
+{%- else %}
+  (нет)
+{%- endif %}
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/desc_albums.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/desc_albums.jinja2
new file mode 100644
index 0000000..1e36ffa
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/desc_albums.jinja2
@@ -0,0 +1 @@
+Список отслеживаемых альбомов
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/desc_help.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/desc_help.jinja2
new file mode 100644
index 0000000..3e8f915
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/desc_help.jinja2
@@ -0,0 +1 @@
+Показать доступные команды
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/desc_latest.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/desc_latest.jinja2
new file mode 100644
index 0000000..22d6a67
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/desc_latest.jinja2
@@ -0,0 +1 @@
+Последние фото
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/desc_random.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/desc_random.jinja2
new file mode 100644
index 0000000..f4c53ec
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/desc_random.jinja2
@@ -0,0 +1 @@
+Случайные фото
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/desc_search.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/desc_search.jinja2
new file mode 100644
index 0000000..06c6307
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/desc_search.jinja2
@@ -0,0 +1 @@
+Поиск фото по категории
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/desc_status.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/desc_status.jinja2
new file mode 100644
index 0000000..1b21014
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/desc_status.jinja2
@@ -0,0 +1 @@
+Показать статус трекера
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/help.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/help.jinja2
new file mode 100644
index 0000000..490a9b0
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/help.jinja2
@@ -0,0 +1,4 @@
+📷 <b>Доступные команды</b>
+{%- for cmd in commands %}
+/{{ cmd.name }} — {{ cmd.description }}
+{%- endfor %}
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/latest.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/latest.jinja2
new file mode 100644
index 0000000..b73a947
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/latest.jinja2
@@ -0,0 +1,4 @@
+📸 Последние:
+{%- for asset in assets %}
+  • {{ asset.originalFileName }}{% if asset.year %} ({{ asset.year }}){% endif %}
+{%- endfor %}
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/no_results.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/no_results.jinja2
new file mode 100644
index 0000000..9020b20
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/no_results.jinja2
@@ -0,0 +1 @@
+Ничего не найдено.
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/random.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/random.jinja2
new file mode 100644
index 0000000..12273ff
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/random.jinja2
@@ -0,0 +1,4 @@
+🎲 Случайные:
+{%- for asset in assets %}
+  • {{ asset.originalFileName }}
+{%- endfor %}
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/rate_limited.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/rate_limited.jinja2
new file mode 100644
index 0000000..c3aaf41
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/rate_limited.jinja2
@@ -0,0 +1 @@
+⏳ Слишком много запросов. Подождите немного.
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/search.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/search.jinja2
new file mode 100644
index 0000000..2f42fb9
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/search.jinja2
@@ -0,0 +1,4 @@
+🔍 Результаты по запросу "{{ query }}":
+{%- for asset in assets %}
+  • {{ asset.originalFileName }}{% if asset.year %} ({{ asset.year }}){% endif %}
+{%- endfor %}
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/start.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/start.jinja2
new file mode 100644
index 0000000..7057dca
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/start.jinja2
@@ -0,0 +1,2 @@
+👋 Привет! Я бот Notify Bridge для <b>Google Фото</b>.
+Используйте /help для просмотра доступных команд.
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/status.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/status.jinja2
new file mode 100644
index 0000000..5010610
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/status.jinja2
@@ -0,0 +1,6 @@
+📷 <b>Статус Google Фото</b>
+Сервис: {{ service_name }}
+Отслеживаемые альбомы: {{ album_count }}
+{%- if last_event %}
+Последнее событие: {{ last_event.type }} ({{ last_event.time }})
+{%- endif %}
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/usage_latest.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/usage_latest.jinja2
new file mode 100644
index 0000000..f960f14
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/usage_latest.jinja2
@@ -0,0 +1 @@
+/latest [количество]
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/usage_random.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/usage_random.jinja2
new file mode 100644
index 0000000..7b942cd
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/usage_random.jinja2
@@ -0,0 +1 @@
+/random [количество]
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/usage_search.jinja2 b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/usage_search.jinja2
new file mode 100644
index 0000000..f679e2c
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/command_defaults/ru/google_photos/usage_search.jinja2
@@ -0,0 +1 @@
+/search [категория]
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/defaults/en/gp_assets_added.jinja2 b/packages/core/src/notify_bridge_core/templates/defaults/en/gp_assets_added.jinja2
new file mode 100644
index 0000000..c7e47b5
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/defaults/en/gp_assets_added.jinja2
@@ -0,0 +1,12 @@
+📎 {{ added_count }} new file(s) added to album {% if album_url %}<a href="{{ album_url }}">{{ album_name }}</a>{% else %}"{{ album_name }}"{% endif %}.
+{%- if added_assets %}
+{%- for asset in added_assets %}
+  • {%- if asset.type == "VIDEO" %} 🎬{% else %} 🖼️{% endif %} {{ asset.filename }}
+    {%- if asset.is_favorite %} ❤️{% endif %}
+    {%- if asset.oversized %} ⚠️{% endif %}
+{%- endfor %}
+{%- endif %}
+{%- if has_oversized_videos %}
+
+⚠️ Some videos exceed the {{ max_video_size_mb }} MB file size limit and may not be sent.
+{%- endif %}
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/defaults/en/gp_assets_removed.jinja2 b/packages/core/src/notify_bridge_core/templates/defaults/en/gp_assets_removed.jinja2
new file mode 100644
index 0000000..281f470
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/defaults/en/gp_assets_removed.jinja2
@@ -0,0 +1 @@
+🗑️ {{ removed_count }} file(s) removed from album {% if album_url %}<a href="{{ album_url }}">{{ album_name }}</a>{% else %}"{{ album_name }}"{% endif %}.
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/defaults/en/gp_collection_deleted.jinja2 b/packages/core/src/notify_bridge_core/templates/defaults/en/gp_collection_deleted.jinja2
new file mode 100644
index 0000000..a4b7882
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/defaults/en/gp_collection_deleted.jinja2
@@ -0,0 +1 @@
+🗑️ Album "{{ collection_name }}" was deleted.
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/defaults/en/gp_collection_renamed.jinja2 b/packages/core/src/notify_bridge_core/templates/defaults/en/gp_collection_renamed.jinja2
new file mode 100644
index 0000000..0b8da4c
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/defaults/en/gp_collection_renamed.jinja2
@@ -0,0 +1 @@
+✏️ Album "{{ old_name }}" renamed to {% if album_url %}<a href="{{ album_url }}">{{ new_name }}</a>{% else %}"{{ new_name }}"{% endif %}.
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/defaults/en/gp_sharing_changed.jinja2 b/packages/core/src/notify_bridge_core/templates/defaults/en/gp_sharing_changed.jinja2
new file mode 100644
index 0000000..1953648
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/defaults/en/gp_sharing_changed.jinja2
@@ -0,0 +1 @@
+🔗 Sharing changed for album {% if album_url %}<a href="{{ album_url }}">{{ album_name }}</a>{% else %}"{{ album_name }}"{% endif %}.
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/defaults/loader.py b/packages/core/src/notify_bridge_core/templates/defaults/loader.py
index 0d6b829..77c78de 100644
--- a/packages/core/src/notify_bridge_core/templates/defaults/loader.py
+++ b/packages/core/src/notify_bridge_core/templates/defaults/loader.py
@@ -53,6 +53,13 @@ PROVIDER_SLOT_FILE_MAP: dict[str, dict[str, str]] = {
     "scheduler": {
         "message_scheduled_message": "scheduled_message.jinja2",
     },
+    "google_photos": {
+        "message_assets_added": "gp_assets_added.jinja2",
+        "message_assets_removed": "gp_assets_removed.jinja2",
+        "message_collection_renamed": "gp_collection_renamed.jinja2",
+        "message_collection_deleted": "gp_collection_deleted.jinja2",
+        "message_sharing_changed": "gp_sharing_changed.jinja2",
+    },
     "nut": {
         "message_ups_online": "nut_ups_online.jinja2",
         "message_ups_on_battery": "nut_ups_on_battery.jinja2",
diff --git a/packages/core/src/notify_bridge_core/templates/defaults/ru/gp_assets_added.jinja2 b/packages/core/src/notify_bridge_core/templates/defaults/ru/gp_assets_added.jinja2
new file mode 100644
index 0000000..b18abdd
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/defaults/ru/gp_assets_added.jinja2
@@ -0,0 +1,12 @@
+📎 {{ added_count }} новых файл(ов) добавлено в альбом {% if album_url %}<a href="{{ album_url }}">{{ album_name }}</a>{% else %}"{{ album_name }}"{% endif %}.
+{%- if added_assets %}
+{%- for asset in added_assets %}
+  • {%- if asset.type == "VIDEO" %} 🎬{% else %} 🖼️{% endif %} {{ asset.filename }}
+    {%- if asset.is_favorite %} ❤️{% endif %}
+    {%- if asset.oversized %} ⚠️{% endif %}
+{%- endfor %}
+{%- endif %}
+{%- if has_oversized_videos %}
+
+⚠️ Некоторые видео превышают лимит {{ max_video_size_mb }} МБ и могут не отправиться.
+{%- endif %}
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/defaults/ru/gp_assets_removed.jinja2 b/packages/core/src/notify_bridge_core/templates/defaults/ru/gp_assets_removed.jinja2
new file mode 100644
index 0000000..7abb94d
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/defaults/ru/gp_assets_removed.jinja2
@@ -0,0 +1 @@
+🗑️ {{ removed_count }} файл(ов) удалено из альбома {% if album_url %}<a href="{{ album_url }}">{{ album_name }}</a>{% else %}"{{ album_name }}"{% endif %}.
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/defaults/ru/gp_collection_deleted.jinja2 b/packages/core/src/notify_bridge_core/templates/defaults/ru/gp_collection_deleted.jinja2
new file mode 100644
index 0000000..956d447
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/defaults/ru/gp_collection_deleted.jinja2
@@ -0,0 +1 @@
+🗑️ Альбом "{{ collection_name }}" был удалён.
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/defaults/ru/gp_collection_renamed.jinja2 b/packages/core/src/notify_bridge_core/templates/defaults/ru/gp_collection_renamed.jinja2
new file mode 100644
index 0000000..d1d06a9
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/defaults/ru/gp_collection_renamed.jinja2
@@ -0,0 +1 @@
+✏️ Альбом "{{ old_name }}" переименован в {% if album_url %}<a href="{{ album_url }}">{{ new_name }}</a>{% else %}"{{ new_name }}"{% endif %}.
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/defaults/ru/gp_sharing_changed.jinja2 b/packages/core/src/notify_bridge_core/templates/defaults/ru/gp_sharing_changed.jinja2
new file mode 100644
index 0000000..bf3ae09
--- /dev/null
+++ b/packages/core/src/notify_bridge_core/templates/defaults/ru/gp_sharing_changed.jinja2
@@ -0,0 +1 @@
+🔗 Изменён доступ к альбому {% if album_url %}<a href="{{ album_url }}">{{ album_name }}</a>{% else %}"{{ album_name }}"{% endif %}.
\ No newline at end of file
diff --git a/packages/core/src/notify_bridge_core/templates/renderer.py b/packages/core/src/notify_bridge_core/templates/renderer.py
index 72e4860..8b302dc 100644
--- a/packages/core/src/notify_bridge_core/templates/renderer.py
+++ b/packages/core/src/notify_bridge_core/templates/renderer.py
@@ -22,4 +22,4 @@ def render_template(template_str: str, context: dict[str, Any]) -> str:
         return _env.from_string(template_str).render(**context)
     except jinja2.TemplateError as e:
         _LOGGER.error("Template render error: %s", e)
-        return template_str
+        return "[Template rendering error]"
diff --git a/packages/server/src/notify_bridge_server/api/command_template_configs.py b/packages/server/src/notify_bridge_server/api/command_template_configs.py
index ffd4e47..5bf25bb 100644
--- a/packages/server/src/notify_bridge_server/api/command_template_configs.py
+++ b/packages/server/src/notify_bridge_server/api/command_template_configs.py
@@ -104,7 +104,9 @@ async def _get(session: AsyncSession, config_id: int, user_id: int) -> CommandTe
 # ---------------------------------------------------------------------------
 
 @router.get("/variables")
-async def get_command_variables():
+async def get_command_variables(
+    user: User = Depends(get_current_user),
+):
     """Get variable reference for each command template slot."""
     common_vars = {
         "locale": "Current locale (en/ru)",
diff --git a/packages/server/src/notify_bridge_server/api/providers.py b/packages/server/src/notify_bridge_server/api/providers.py
index dc96372..3f9f1c2 100644
--- a/packages/server/src/notify_bridge_server/api/providers.py
+++ b/packages/server/src/notify_bridge_server/api/providers.py
@@ -13,7 +13,7 @@ import aiohttp
 from ..auth.dependencies import get_current_user
 from ..database.engine import get_session
 from ..database.models import ServiceProvider, User
-from ..services import make_immich_provider, make_gitea_provider, make_planka_provider, make_nut_provider
+from ..services import make_immich_provider, make_gitea_provider, make_planka_provider, make_nut_provider, make_google_photos_provider
 
 _LOGGER = logging.getLogger(__name__)
 
@@ -76,12 +76,19 @@ class NutProviderConfig(BaseModel):
     password: str | None = None
 
 
+class GooglePhotosProviderConfig(BaseModel):
+    client_id: str
+    client_secret: str
+    refresh_token: str
+
+
 _PROVIDER_CONFIG_MODELS: dict[str, type[BaseModel]] = {
     "immich": ImmichProviderConfig,
     "gitea": GiteaProviderConfig,
     "planka": PlankaProviderConfig,
     "scheduler": SchedulerProviderConfig,
     "nut": NutProviderConfig,
+    "google_photos": GooglePhotosProviderConfig,
 }
 
 
@@ -122,65 +129,93 @@ async def create_provider(
     _validate_provider_config(body.type, body.config)
 
     # Validate connection for known provider types
-    if body.type == "immich":
-        from notify_bridge_core.providers.immich import ImmichServiceProvider
-        config = body.config
-        async with aiohttp.ClientSession() as http_session:
-            immich = ImmichServiceProvider(
-                http_session, config.get("url", ""), config.get("api_key", ""),
-                config.get("external_domain"), body.name,
-            )
-            test_result = await immich.test_connection()
+    try:
+        if body.type == "immich":
+            from notify_bridge_core.providers.immich import ImmichServiceProvider
+            config = body.config
+            async with aiohttp.ClientSession() as http_session:
+                immich = ImmichServiceProvider(
+                    http_session, config.get("url", ""), config.get("api_key", ""),
+                    config.get("external_domain"), body.name,
+                )
+                test_result = await immich.test_connection()
+                if not test_result.get("ok"):
+                    raise HTTPException(
+                        status_code=status.HTTP_400_BAD_REQUEST,
+                        detail=test_result.get("message", f"Cannot connect to {body.type} provider"),
+                    )
+                # Store external_domain from server config if available
+                if test_result.get("external_domain"):
+                    config["external_domain"] = test_result["external_domain"]
+
+        elif body.type == "gitea":
+            config = body.config
+            # api_token is optional (webhook_secret is required, but token only for repo listing)
+            if config.get("api_token"):
+                async with aiohttp.ClientSession() as http_session:
+                    from notify_bridge_core.providers.gitea import GiteaServiceProvider
+                    gitea = GiteaServiceProvider(
+                        http_session, config.get("url", ""), config.get("api_token", ""), body.name,
+                    )
+                    test_result = await gitea.test_connection()
+                    if not test_result.get("ok"):
+                        raise HTTPException(
+                            status_code=status.HTTP_400_BAD_REQUEST,
+                            detail=test_result.get("message", "Cannot connect to Gitea"),
+                        )
+
+        elif body.type == "planka":
+            config = body.config
+            if config.get("api_key"):
+                async with aiohttp.ClientSession() as http_session:
+                    from notify_bridge_core.providers.planka import PlankaServiceProvider
+                    planka = PlankaServiceProvider(
+                        http_session, config.get("url", ""), config.get("api_key", ""), body.name,
+                    )
+                    test_result = await planka.test_connection()
+                    if not test_result.get("ok"):
+                        raise HTTPException(
+                            status_code=status.HTTP_400_BAD_REQUEST,
+                            detail=test_result.get("message", "Cannot connect to Planka"),
+                        )
+
+        elif body.type == "nut":
+            nut = make_nut_provider(ServiceProvider(
+                id=0, user_id=0, type="nut", name=body.name, config=body.config,
+            ))
+            test_result = await nut.test_connection()
             if not test_result.get("ok"):
                 raise HTTPException(
                     status_code=status.HTTP_400_BAD_REQUEST,
-                    detail=test_result.get("message", f"Cannot connect to {body.type} provider"),
+                    detail=test_result.get("message", "Cannot connect to NUT server"),
                 )
-            # Store external_domain from server config if available
-            if test_result.get("external_domain"):
-                config["external_domain"] = test_result["external_domain"]
 
-    elif body.type == "gitea":
-        config = body.config
-        # api_token is optional (webhook_secret is required, but token only for repo listing)
-        if config.get("api_token"):
+        elif body.type == "google_photos":
+            config = body.config
             async with aiohttp.ClientSession() as http_session:
-                from notify_bridge_core.providers.gitea import GiteaServiceProvider
-                gitea = GiteaServiceProvider(
-                    http_session, config.get("url", ""), config.get("api_token", ""), body.name,
+                from notify_bridge_core.providers.google_photos import GooglePhotosServiceProvider
+                gp = GooglePhotosServiceProvider(
+                    http_session, config.get("client_id", ""), config.get("client_secret", ""),
+                    config.get("refresh_token", ""), body.name,
                 )
-                test_result = await gitea.test_connection()
+                test_result = await gp.test_connection()
                 if not test_result.get("ok"):
                     raise HTTPException(
                         status_code=status.HTTP_400_BAD_REQUEST,
-                        detail=test_result.get("message", "Cannot connect to Gitea"),
+                        detail=test_result.get("message", "Cannot connect to Google Photos"),
                     )
-
-    elif body.type == "planka":
-        config = body.config
-        if config.get("api_key"):
-            async with aiohttp.ClientSession() as http_session:
-                from notify_bridge_core.providers.planka import PlankaServiceProvider
-                planka = PlankaServiceProvider(
-                    http_session, config.get("url", ""), config.get("api_key", ""), body.name,
-                )
-                test_result = await planka.test_connection()
-                if not test_result.get("ok"):
-                    raise HTTPException(
-                        status_code=status.HTTP_400_BAD_REQUEST,
-                        detail=test_result.get("message", "Cannot connect to Planka"),
-                    )
-
-    elif body.type == "nut":
-        nut = make_nut_provider(ServiceProvider(
-            id=0, user_id=0, type="nut", name=body.name, config=body.config,
-        ))
-        test_result = await nut.test_connection()
-        if not test_result.get("ok"):
-            raise HTTPException(
-                status_code=status.HTTP_400_BAD_REQUEST,
-                detail=test_result.get("message", "Cannot connect to NUT server"),
-            )
+    except HTTPException:
+        raise
+    except aiohttp.ClientError as err:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=f"Connection error: {err}",
+        )
+    except OSError as err:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=f"Connection error: {err}",
+        )
 
     # Scheduler: no validation needed (virtual provider)
 
@@ -198,7 +233,9 @@ async def create_provider(
 
 
 @router.get("/capabilities")
-async def list_provider_capabilities():
+async def list_provider_capabilities(
+    user: User = Depends(get_current_user),
+):
     """List capabilities for all registered provider types."""
     from notify_bridge_core.providers.capabilities import get_all_capabilities
     result = {}
@@ -218,7 +255,10 @@ async def list_provider_capabilities():
 
 
 @router.get("/capabilities/{provider_type}")
-async def get_provider_capabilities(provider_type: str):
+async def get_provider_capabilities(
+    provider_type: str,
+    user: User = Depends(get_current_user),
+):
     """Get capabilities for a provider type (events, slots, commands)."""
     from notify_bridge_core.providers.capabilities import get_capabilities
     caps = get_capabilities(provider_type)
@@ -324,6 +364,21 @@ async def update_provider(
                 status_code=status.HTTP_400_BAD_REQUEST,
                 detail=test_result.get("message", "Cannot connect to NUT server"),
             )
+    elif config_changed and provider.type == "google_photos":
+        try:
+            async with aiohttp.ClientSession() as http_session:
+                gp = make_google_photos_provider(http_session, provider)
+                test_result = await gp.test_connection()
+                if not test_result.get("ok"):
+                    raise HTTPException(
+                        status_code=status.HTTP_400_BAD_REQUEST,
+                        detail=test_result.get("message", "Cannot connect to Google Photos"),
+                    )
+        except aiohttp.ClientError as err:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail=f"Connection error: {err}",
+            )
 
     session.add(provider)
     await session.commit()
@@ -380,6 +435,11 @@ async def test_provider(
         nut = make_nut_provider(provider)
         return await nut.test_connection()
 
+    if provider.type == "google_photos":
+        async with aiohttp.ClientSession() as http_session:
+            gp = make_google_photos_provider(http_session, provider)
+            return await gp.test_connection()
+
     return {"ok": False, "message": f"Unknown provider type: {provider.type}"}
 
 
@@ -400,22 +460,8 @@ async def list_people(
                 provider.config.get("url", ""),
                 provider.config.get("api_key", ""),
             )
-            try:
-                async with http_session.get(
-                    f"{client.url}/api/people",
-                    headers={"x-api-key": client.api_key},
-                    ssl=False,
-                ) as response:
-                    if response.status == 200:
-                        data = await response.json()
-                        people_list = data.get("people", data) if isinstance(data, dict) else data
-                        return [
-                            {"id": p["id"], "name": p.get("name", "")}
-                            for p in people_list
-                            if p.get("name")
-                        ]
-            except Exception as e:
-                _LOGGER.error("Failed to fetch people: %s", e)
+            people = await client.get_people()
+            return [{"id": pid, "name": name} for pid, name in people.items()]
 
     return []
 
@@ -452,6 +498,11 @@ async def list_collections(
         nut = make_nut_provider(provider)
         return await nut.list_collections()
 
+    if provider.type == "google_photos":
+        async with aiohttp.ClientSession() as http_session:
+            gp = make_google_photos_provider(http_session, provider)
+            return await gp.list_collections()
+
     return []
 
 
@@ -510,10 +561,11 @@ def _provider_response(p: ServiceProvider) -> dict:
     """Build a safe response dict for a provider."""
     config = dict(p.config)
     # Mask sensitive fields
-    for secret_field in ("api_key", "api_token", "webhook_secret", "password"):
+    for secret_field in ("api_key", "api_token", "webhook_secret", "password",
+                          "client_secret", "refresh_token"):
         if secret_field in config:
             key = config[secret_field]
-            config[secret_field] = f"{key[:8]}...{key[-4:]}" if len(key) > 12 else "***"
+            config[secret_field] = f"***{key[-4:]}" if len(key) > 4 else "***"
     return {
         "id": p.id,
         "type": p.type,
diff --git a/packages/server/src/notify_bridge_server/api/targets.py b/packages/server/src/notify_bridge_server/api/targets.py
index c5ddf8f..4fabb25 100644
--- a/packages/server/src/notify_bridge_server/api/targets.py
+++ b/packages/server/src/notify_bridge_server/api/targets.py
@@ -79,17 +79,20 @@ async def list_targets(
     )
     targets = result.all()
 
-    # Load receivers for each target
-    target_receivers: dict[int, list[TargetReceiver]] = {}
-    for tgt in targets:
+    # Batch-load all receivers for the user's targets in one query
+    target_ids = [tgt.id for tgt in targets]
+    target_receivers: dict[int, list[TargetReceiver]] = {tid: [] for tid in target_ids}
+    if target_ids:
         recv_result = await session.exec(
-            select(TargetReceiver).where(TargetReceiver.target_id == tgt.id)
+            select(TargetReceiver).where(TargetReceiver.target_id.in_(target_ids))
         )
-        target_receivers[tgt.id] = list(recv_result.all())
+        for recv in recv_result.all():
+            target_receivers[recv.target_id].append(recv)
 
-    # Resolve chat names and languages from receivers for telegram targets
+    # Batch-load chat names and languages for all telegram targets
     chat_names: dict[str, str] = {}
     chat_languages: dict[str, str] = {}
+    chat_lookups: list[tuple[int, str]] = []  # (bot_id, chat_id)
     for tgt in targets:
         if tgt.type == "telegram":
             bot_id = tgt.config.get("bot_id")
@@ -98,18 +101,23 @@ async def list_targets(
             for recv in target_receivers.get(tgt.id, []):
                 chat_id = str(recv.config.get("chat_id", ""))
                 if chat_id:
-                    chat_result = await session.exec(
-                        select(TelegramChat).where(
-                            TelegramChat.bot_id == bot_id,
-                            TelegramChat.chat_id == chat_id,
-                        )
-                    )
-                    chat = chat_result.first()
-                    if chat:
-                        chat_names[f"{bot_id}_{chat_id}"] = chat.title or chat.username or ""
-                        lang = getattr(chat, 'language_override', '') or getattr(chat, 'language_code', '') or ''
-                        if lang:
-                            chat_languages[f"{bot_id}_{chat_id}"] = lang
+                    chat_lookups.append((bot_id, chat_id))
+
+    if chat_lookups:
+        all_bot_ids = list({bl[0] for bl in chat_lookups})
+        all_chat_ids = list({bl[1] for bl in chat_lookups})
+        chat_result = await session.exec(
+            select(TelegramChat).where(
+                TelegramChat.bot_id.in_(all_bot_ids),
+                TelegramChat.chat_id.in_(all_chat_ids),
+            )
+        )
+        for chat in chat_result.all():
+            key = f"{chat.bot_id}_{chat.chat_id}"
+            chat_names[key] = chat.title or chat.username or ""
+            lang = getattr(chat, 'language_override', '') or getattr(chat, 'language_code', '') or ''
+            if lang:
+                chat_languages[key] = lang
 
     # Build lookup for broadcast child target resolution
     target_map = {t.id: t for t in targets}
diff --git a/packages/server/src/notify_bridge_server/api/template_configs.py b/packages/server/src/notify_bridge_server/api/template_configs.py
index 51a5986..357cd60 100644
--- a/packages/server/src/notify_bridge_server/api/template_configs.py
+++ b/packages/server/src/notify_bridge_server/api/template_configs.py
@@ -130,7 +130,9 @@ async def list_configs(
 
 
 @router.get("/variables")
-async def get_template_variables():
+async def get_template_variables(
+    user: User = Depends(get_current_user),
+):
     """Get template variable reference grouped by slot.
 
     Returns a dict keyed by template slot name, each containing:
diff --git a/packages/server/src/notify_bridge_server/api/template_vars.py b/packages/server/src/notify_bridge_server/api/template_vars.py
index 3b26ab1..0100e30 100644
--- a/packages/server/src/notify_bridge_server/api/template_vars.py
+++ b/packages/server/src/notify_bridge_server/api/template_vars.py
@@ -1,16 +1,22 @@
 """Template variable documentation endpoint."""
 
-from fastapi import APIRouter
+from fastapi import APIRouter, Depends
 
 from notify_bridge_core.providers.base import ServiceProviderType
 from notify_bridge_core.providers.immich import ImmichServiceProvider  # noqa: F401 — triggers registration
 from notify_bridge_core.templates.variables import registry
 
+from ..auth.dependencies import get_current_user
+from ..database.models import User
+
 router = APIRouter(prefix="/api/template-vars", tags=["template-vars"])
 
 
 @router.get("")
-async def get_template_variables(provider_type: str | None = None):
+async def get_template_variables(
+    provider_type: str | None = None,
+    user: User = Depends(get_current_user),
+):
     """Get available template variables, optionally filtered by provider type."""
     if provider_type:
         try:
diff --git a/packages/server/src/notify_bridge_server/api/users.py b/packages/server/src/notify_bridge_server/api/users.py
index 480e268..0bea51b 100644
--- a/packages/server/src/notify_bridge_server/api/users.py
+++ b/packages/server/src/notify_bridge_server/api/users.py
@@ -55,6 +55,9 @@ async def create_user(
     if result.first():
         raise HTTPException(status_code=409, detail="Username already exists")
 
+    if len(body.password) < 8:
+        raise HTTPException(status_code=400, detail="Password must be at least 8 characters")
+
     user = User(
         username=body.username,
         hashed_password=bcrypt.hashpw(body.password.encode(), bcrypt.gensalt()).decode(),
@@ -81,8 +84,8 @@ async def reset_user_password(
     user = await session.get(User, user_id)
     if not user:
         raise HTTPException(status_code=404, detail="User not found")
-    if len(body.new_password) < 6:
-        raise HTTPException(status_code=400, detail="Password must be at least 6 characters")
+    if len(body.new_password) < 8:
+        raise HTTPException(status_code=400, detail="Password must be at least 8 characters")
     user.hashed_password = bcrypt.hashpw(body.new_password.encode(), bcrypt.gensalt()).decode()
     session.add(user)
     await session.commit()
diff --git a/packages/server/src/notify_bridge_server/api/webhooks.py b/packages/server/src/notify_bridge_server/api/webhooks.py
index c3411d1..f285212 100644
--- a/packages/server/src/notify_bridge_server/api/webhooks.py
+++ b/packages/server/src/notify_bridge_server/api/webhooks.py
@@ -156,7 +156,6 @@ async def gitea_webhook(provider_id: int, request: Request):
                     )},
                 },
             ))
-            await session.commit()
 
             # Dispatch to targets
             dispatcher = NotificationDispatcher()
@@ -172,6 +171,8 @@ async def gitea_webhook(provider_id: int, request: Request):
                             tracker.id, r.get("error", "unknown"),
                         )
 
+        await session.commit()
+
     return {"ok": True, "dispatched": dispatched}
 
 
@@ -268,7 +269,6 @@ async def planka_webhook(provider_id: int, request: Request):
                     )},
                 },
             ))
-            await session.commit()
 
             # Dispatch to targets
             dispatcher = NotificationDispatcher()
@@ -284,6 +284,8 @@ async def planka_webhook(provider_id: int, request: Request):
                             tracker.id, r.get("error", "unknown"),
                         )
 
+        await session.commit()
+
     return {"ok": True, "dispatched": dispatched}
 
 
diff --git a/packages/server/src/notify_bridge_server/commands/webhook.py b/packages/server/src/notify_bridge_server/commands/webhook.py
index 972f456..f7e514f 100644
--- a/packages/server/src/notify_bridge_server/commands/webhook.py
+++ b/packages/server/src/notify_bridge_server/commands/webhook.py
@@ -2,6 +2,7 @@
 
 from __future__ import annotations
 
+import hmac
 import logging
 from typing import Any
 
@@ -40,7 +41,7 @@ async def telegram_webhook(
     """Handle incoming Telegram messages — route commands to handlers."""
     # Validate webhook secret if configured
     if _webhook_secret:
-        if x_telegram_bot_api_secret_token != _webhook_secret:
+        if not hmac.compare_digest(x_telegram_bot_api_secret_token or "", _webhook_secret):
             raise HTTPException(status_code=403, detail="Invalid webhook secret")
 
     # Find bot by opaque webhook path ID (not by token — token must not appear in URLs)
diff --git a/packages/server/src/notify_bridge_server/config.py b/packages/server/src/notify_bridge_server/config.py
index f2dc373..3073b52 100644
--- a/packages/server/src/notify_bridge_server/config.py
+++ b/packages/server/src/notify_bridge_server/config.py
@@ -33,8 +33,8 @@ class Settings(BaseSettings):
 
     telegram_webhook_secret: str = ""
 
-    cors_allowed_origins: str = "*"
-    """Comma-separated allowed origins for CORS (e.g. 'http://localhost:5173,https://myapp.com'). Use '*' for dev."""
+    cors_allowed_origins: str = "http://localhost:5173"
+    """Comma-separated allowed origins for CORS (e.g. 'http://localhost:5173,https://myapp.com')."""
 
     static_dir: str = ""
     """Path to frontend static files. Set to serve SvelteKit build via FastAPI (e.g. /app/static in Docker)."""
diff --git a/packages/server/src/notify_bridge_server/database/seeds.py b/packages/server/src/notify_bridge_server/database/seeds.py
index 16e0aeb..9c8313b 100644
--- a/packages/server/src/notify_bridge_server/database/seeds.py
+++ b/packages/server/src/notify_bridge_server/database/seeds.py
@@ -152,6 +152,7 @@ async def _seed_default_templates() -> None:
         await _seed_provider_template(session, "planka", "Planka")
         await _seed_provider_template(session, "scheduler", "Scheduler")
         await _seed_provider_template(session, "nut", "NUT")
+        await _seed_provider_template(session, "google_photos", "Google Photos")
         await session.commit()
 
 
@@ -175,6 +176,9 @@ async def _seed_default_command_templates() -> None:
         await _seed_provider_command_template(
             session, "nut", "Default NUT Commands", "Default NUT command templates",
         )
+        await _seed_provider_command_template(
+            session, "google_photos", "Default Google Photos Commands", "Default Google Photos command templates",
+        )
         await session.commit()
 
 
@@ -305,6 +309,16 @@ async def _seed_default_command_configs() -> None:
                 "default_count": 5,
                 "rate_limits": {"api": 15, "default": 10},
             },
+            {
+                "provider_type": "google_photos",
+                "name": "Default Google Photos",
+                "enabled_commands": [
+                    "help", "status", "albums", "latest", "search", "random",
+                ],
+                "response_mode": "media",
+                "default_count": 5,
+                "rate_limits": {"search": 30, "default": 10},
+            },
         ]
 
         for cfg in defaults:
diff --git a/packages/server/src/notify_bridge_server/main.py b/packages/server/src/notify_bridge_server/main.py
index d5c7d61..02254f4 100644
--- a/packages/server/src/notify_bridge_server/main.py
+++ b/packages/server/src/notify_bridge_server/main.py
@@ -11,8 +11,11 @@ from slowapi.middleware import SlowAPIMiddleware
 
 # Ensure app-level loggers are visible
 logging.basicConfig(level=logging.INFO)
-logging.getLogger("notify_bridge_server").setLevel(logging.DEBUG)
-logging.getLogger("notify_bridge_core").setLevel(logging.DEBUG)
+
+from .config import settings as _log_cfg
+_log_level = logging.DEBUG if _log_cfg.debug else logging.INFO
+logging.getLogger("notify_bridge_server").setLevel(_log_level)
+logging.getLogger("notify_bridge_core").setLevel(_log_level)
 
 from .database.engine import init_db
 from .database.models import *  # noqa: F401,F403 — ensure all models registered
@@ -77,6 +80,24 @@ async def lifespan(app: FastAPI):
 
 app = FastAPI(title="Notify Bridge", version="0.1.0", lifespan=lifespan)
 
+# --- Security headers ---
+from starlette.middleware.base import BaseHTTPMiddleware
+from starlette.requests import Request as StarletteRequest
+from starlette.responses import Response as StarletteResponse
+
+
+class SecurityHeadersMiddleware(BaseHTTPMiddleware):
+    async def dispatch(self, request: StarletteRequest, call_next):
+        response: StarletteResponse = await call_next(request)
+        response.headers["X-Content-Type-Options"] = "nosniff"
+        response.headers["X-Frame-Options"] = "DENY"
+        response.headers["X-XSS-Protection"] = "1; mode=block"
+        response.headers["Referrer-Policy"] = "strict-origin-when-cross-origin"
+        return response
+
+
+app.add_middleware(SecurityHeadersMiddleware)
+
 # --- Rate limiting ---
 from .auth.routes import limiter
 app.state.limiter = limiter
diff --git a/packages/server/src/notify_bridge_server/services/__init__.py b/packages/server/src/notify_bridge_server/services/__init__.py
index 8724e19..3f46259 100644
--- a/packages/server/src/notify_bridge_server/services/__init__.py
+++ b/packages/server/src/notify_bridge_server/services/__init__.py
@@ -4,6 +4,7 @@ from notify_bridge_core.providers.immich import ImmichServiceProvider
 from notify_bridge_core.providers.gitea import GiteaServiceProvider
 from notify_bridge_core.providers.planka import PlankaServiceProvider
 from notify_bridge_core.providers.nut import NutServiceProvider
+from notify_bridge_core.providers.google_photos import GooglePhotosServiceProvider
 
 from ..database.models import ServiceProvider
 
@@ -52,3 +53,15 @@ def make_nut_provider(provider: ServiceProvider) -> NutServiceProvider:
         password=config.get("password"),
         name=provider.name,
     )
+
+
+def make_google_photos_provider(http_session, provider: ServiceProvider) -> GooglePhotosServiceProvider:
+    """Create a GooglePhotosServiceProvider from a DB provider model."""
+    config = provider.config or {}
+    return GooglePhotosServiceProvider(
+        http_session,
+        config.get("client_id", ""),
+        config.get("client_secret", ""),
+        config.get("refresh_token", ""),
+        provider.name,
+    )
diff --git a/packages/server/src/notify_bridge_server/services/watcher.py b/packages/server/src/notify_bridge_server/services/watcher.py
index 8398fb0..befdfab 100644
--- a/packages/server/src/notify_bridge_server/services/watcher.py
+++ b/packages/server/src/notify_bridge_server/services/watcher.py
@@ -2,6 +2,7 @@
 
 from __future__ import annotations
 
+import asyncio
 import logging
 from typing import Any
 
@@ -28,6 +29,7 @@ _LOGGER = logging.getLogger(__name__)
 # Module-level Telegram file caches — shared across dispatches for reuse
 _url_cache: TelegramFileCache | None = None
 _asset_cache: TelegramFileCache | None = None
+_cache_lock = asyncio.Lock()
 
 
 async def _get_telegram_caches() -> tuple[TelegramFileCache | None, TelegramFileCache | None]:
@@ -35,18 +37,24 @@ async def _get_telegram_caches() -> tuple[TelegramFileCache | None, TelegramFile
     global _url_cache, _asset_cache
     if _url_cache is not None:
         return _url_cache, _asset_cache
-    import os
-    from pathlib import Path
-    data_dir = os.environ.get("NOTIFY_BRIDGE_DATA_DIR")
-    if not data_dir:
-        return None, None
-    cache_dir = Path(data_dir) / "cache"
-    _url_cache = TelegramFileCache(JsonFileBackend(cache_dir / "telegram_url_cache.json"))
-    _asset_cache = TelegramFileCache(JsonFileBackend(cache_dir / "telegram_asset_cache.json"))
-    await _url_cache.async_load()
-    await _asset_cache.async_load()
-    _LOGGER.info("Initialized Telegram file caches in %s", cache_dir)
-    return _url_cache, _asset_cache
+    async with _cache_lock:
+        # Double-check after acquiring lock
+        if _url_cache is not None:
+            return _url_cache, _asset_cache
+        import os
+        from pathlib import Path
+        data_dir = os.environ.get("NOTIFY_BRIDGE_DATA_DIR")
+        if not data_dir:
+            return None, None
+        cache_dir = Path(data_dir) / "cache"
+        url_cache = TelegramFileCache(JsonFileBackend(cache_dir / "telegram_url_cache.json"))
+        asset_cache = TelegramFileCache(JsonFileBackend(cache_dir / "telegram_asset_cache.json"))
+        await url_cache.async_load()
+        await asset_cache.async_load()
+        _url_cache = url_cache
+        _asset_cache = asset_cache
+        _LOGGER.info("Initialized Telegram file caches in %s", cache_dir)
+        return _url_cache, _asset_cache
 
 
 async def check_tracker(tracker_id: int) -> dict[str, Any]:
@@ -133,6 +141,20 @@ async def check_tracker(tracker_id: int) -> dict[str, Any]:
             name=provider_name,
         )
         events, new_state = await nut.poll(collection_ids, state_dict)
+    elif provider_type == "google_photos":
+        from notify_bridge_core.providers.google_photos import GooglePhotosServiceProvider
+        async with aiohttp.ClientSession() as http_session:
+            gp = GooglePhotosServiceProvider(
+                http_session,
+                provider_config.get("client_id", ""),
+                provider_config.get("client_secret", ""),
+                provider_config.get("refresh_token", ""),
+                provider_name,
+            )
+            connected = await gp.connect()
+            if not connected:
+                return {"status": "error", "reason": "failed to connect to Google Photos"}
+            events, new_state = await gp.poll(collection_ids, state_dict)
     else:
         return {"status": "error", "reason": f"unsupported provider type: {provider_type}"}