feat: session permissions

2026-03-01 11:20:12 +03:00 · 2025-10-07 14:25:36 -04:00
167 changed files with 2841 additions and 7838 deletions
--- a/.github/workflows/build-mobile.yml
+++ b/.github/workflows/build-mobile.yml
@@ -55,7 +55,7 @@ jobs:
    runs-on: mich

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          ref: ${{ inputs.ref || github.sha }}
          persist-credentials: false
@@ -66,7 +66,7 @@ jobs:
        working-directory: ./mobile
        run: printf "%s" $KEY_JKS | base64 -d > android/key.jks

-      - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+      - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
        with:
          distribution: 'zulu'
          java-version: '17'
--- a/.github/workflows/cache-cleanup.yml
+++ b/.github/workflows/cache-cleanup.yml
@@ -19,7 +19,7 @@ jobs:
      actions: write
    steps:
      - name: Check out code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false

--- a/.github/workflows/cli.yml
+++ b/.github/workflows/cli.yml
@@ -29,7 +29,7 @@ jobs:
        working-directory: ./cli

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false

@@ -37,7 +37,7 @@ jobs:
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0

      - name: Setup Node
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './cli/.nvmrc'
          registry-url: 'https://registry.npmjs.org'
@@ -65,7 +65,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false

--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -44,7 +44,7 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false

--- a/.github/workflows/docs-build.yml
+++ b/.github/workflows/docs-build.yml
@@ -47,7 +47,7 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false

@@ -55,7 +55,7 @@ jobs:
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0

      - name: Setup Node
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './docs/.nvmrc'
          cache: 'pnpm'
--- a/.github/workflows/docs-deploy.yml
+++ b/.github/workflows/docs-deploy.yml
@@ -20,7 +20,7 @@ jobs:
        run: echo 'The triggering workflow did not succeed' && exit 1
      - name: Get artifact
        id: get-artifact
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
        with:
          script: |
            let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
@@ -38,7 +38,7 @@ jobs:
            return { found: true, id: matchArtifact.id };
      - name: Determine deploy parameters
        id: parameters
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
        env:
          HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
        with:
@@ -108,13 +108,13 @@ jobs:
    if: ${{ fromJson(needs.checks.outputs.artifact).found && fromJson(needs.checks.outputs.parameters).shouldDeploy }}
    steps:
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false

      - name: Load parameters
        id: parameters
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
        env:
          PARAM_JSON: ${{ needs.checks.outputs.parameters }}
        with:
@@ -125,7 +125,7 @@ jobs:
            core.setOutput("shouldDeploy", parameters.shouldDeploy);

      - name: Download artifact
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
        env:
          ARTIFACT_JSON: ${{ needs.checks.outputs.artifact }}
        with:
--- a/.github/workflows/docs-destroy.yml
+++ b/.github/workflows/docs-destroy.yml
@@ -14,7 +14,7 @@ jobs:
      pull-requests: write
    steps:
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false

--- a/.github/workflows/fix-format.yml
+++ b/.github/workflows/fix-format.yml
@@ -22,7 +22,7 @@ jobs:
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: 'Checkout'
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          ref: ${{ github.event.pull_request.head.ref }}
          token: ${{ steps.generate-token.outputs.token }}
@@ -32,7 +32,7 @@ jobs:
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0

      - name: Setup Node
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
@@ -48,7 +48,7 @@ jobs:
          message: 'chore: fix formatting'

      - name: Remove label
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
        if: always()
        with:
          script: |
--- a/.github/workflows/pr-labeler.yml
+++ b/.github/workflows/pr-labeler.yml
@@ -11,4 +11,4 @@ jobs:
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1
+      - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
--- a/.github/workflows/prepare-release.yml
+++ b/.github/workflows/prepare-release.yml
@@ -55,20 +55,20 @@ jobs:
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: true
          ref: main

      - name: Install uv
-        uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6.8.0
+        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2

      - name: Setup pnpm
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0

      - name: Setup Node
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
@@ -117,13 +117,13 @@ jobs:
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: false

      - name: Download APK
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
        with:
          name: release-apk-signed

--- a/.github/workflows/preview-label.yaml
+++ b/.github/workflows/preview-label.yaml
@@ -24,7 +24,7 @@ jobs:
    permissions:
      pull-requests: write
    steps:
-      - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+      - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
        with:
          script: |
            github.rest.issues.removeLabel({
--- a/.github/workflows/sdk.yml
+++ b/.github/workflows/sdk.yml
@@ -16,7 +16,7 @@ jobs:
      run:
        working-directory: ./open-api/typescript-sdk
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false

@@ -24,7 +24,7 @@ jobs:
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0

      # Setup .npmrc file to publish to npm
-      - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './open-api/typescript-sdk/.nvmrc'
          registry-url: 'https://registry.npmjs.org'
--- a/.github/workflows/static_analysis.yml
+++ b/.github/workflows/static_analysis.yml
@@ -42,7 +42,7 @@ jobs:
        working-directory: ./mobile
    steps:
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false

--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -56,13 +56,13 @@ jobs:
        working-directory: ./server
    steps:
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
      - name: Setup pnpm
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
@@ -93,13 +93,13 @@ jobs:
        working-directory: ./cli
    steps:
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
      - name: Setup pnpm
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './cli/.nvmrc'
          cache: 'pnpm'
@@ -133,13 +133,13 @@ jobs:
        working-directory: ./cli
    steps:
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
      - name: Setup pnpm
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './cli/.nvmrc'
          cache: 'pnpm'
@@ -168,13 +168,13 @@ jobs:
        working-directory: ./web
    steps:
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
      - name: Setup pnpm
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './web/.nvmrc'
          cache: 'pnpm'
@@ -205,13 +205,13 @@ jobs:
        working-directory: ./web
    steps:
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
      - name: Setup pnpm
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './web/.nvmrc'
          cache: 'pnpm'
@@ -236,13 +236,13 @@ jobs:
      contents: read
    steps:
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
      - name: Setup pnpm
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './web/.nvmrc'
          cache: 'pnpm'
@@ -277,13 +277,13 @@ jobs:
        working-directory: ./e2e
    steps:
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
      - name: Setup pnpm
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './e2e/.nvmrc'
          cache: 'pnpm'
@@ -316,13 +316,13 @@ jobs:
        working-directory: ./server
    steps:
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
      - name: Setup pnpm
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
@@ -347,14 +347,14 @@ jobs:
        runner: [ubuntu-latest, ubuntu-24.04-arm]
    steps:
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
          submodules: 'recursive'
      - name: Setup pnpm
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './e2e/.nvmrc'
          cache: 'pnpm'
@@ -395,14 +395,14 @@ jobs:
        runner: [ubuntu-latest, ubuntu-24.04-arm]
    steps:
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
          submodules: 'recursive'
      - name: Setup pnpm
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './e2e/.nvmrc'
          cache: 'pnpm'
@@ -441,7 +441,7 @@ jobs:
    permissions:
      contents: read
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
      - name: Setup Flutter SDK
@@ -466,12 +466,12 @@ jobs:
      run:
        working-directory: ./machine-learning
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
      - name: Install uv
-        uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6.8.0
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        # TODO: add caching when supported (https://github.com/actions/setup-python/pull/818)
        # with:
        #   python-version: 3.11
@@ -503,13 +503,13 @@ jobs:
        working-directory: ./.github
    steps:
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
      - name: Setup pnpm
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './.github/.nvmrc'
          cache: 'pnpm'
@@ -525,7 +525,7 @@ jobs:
    permissions:
      contents: read
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
      - name: Run ShellCheck
@@ -540,13 +540,13 @@ jobs:
      contents: read
    steps:
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
      - name: Setup pnpm
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
@@ -595,13 +595,13 @@ jobs:
        working-directory: ./server
    steps:
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
      - name: Setup pnpm
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -18,20 +18,6 @@
      "name": "Immich Workers",
      "remoteRoot": "/usr/src/app/server",
      "localRoot": "${workspaceFolder}/server"
-    },
-    {
-      "type": "node",
-      "request": "launch",
-      "name": "Immich CLI",
-      "program": "${workspaceFolder}/cli/dist/index.js",
-      "args": ["upload", "--help"],
-      "runtimeArgs": ["--enable-source-maps"],
-      "console": "integratedTerminal",
-      "resolveSourceMapLocations": ["${workspaceFolder}/cli/dist/**/*.js.map"],
-      "sourceMaps": true,
-      "outFiles": ["${workspaceFolder}/cli/dist/**/*.js"],
-      "skipFiles": ["<node_internals>/**"],
-      "preLaunchTask": "Build Immich CLI"
    }
  ]
 }
--- a/.vscode/tasks.json
+++ b/.vscode/tasks.json
@@ -70,11 +70,6 @@
        "runOn": "folderOpen"
      },
      "problemMatcher": []
-    },
-    {
-      "label": "Build Immich CLI",
-      "type": "shell",
-      "command": "pnpm --filter cli build:dev"
    }
  ]
 }
--- a/README.md
+++ b/README.md
@@ -28,8 +28,7 @@
  <a href="readme_i18n/README_de_DE.md">Deutsch</a>
  <a href="readme_i18n/README_nl_NL.md">Nederlands</a>
  <a href="readme_i18n/README_tr_TR.md">Türkçe</a>
-  <a href="readme_i18n/README_zh_CN.md">简体中文</a>
-  <a href="readme_i18n/README_zh_TW.md">正體中文</a>
+  <a href="readme_i18n/README_zh_CN.md">中文</a>
  <a href="readme_i18n/README_uk_UA.md">Українська</a>
  <a href="readme_i18n/README_ru_RU.md">Русский</a>
  <a href="readme_i18n/README_pt_BR.md">Português Brasileiro</a>
--- a/cli/README.md
+++ b/cli/README.md
@@ -13,23 +13,15 @@ Then, to build the open-api client run the following in the open-api folder:

    $ ./bin/generate-open-api.sh

-## Run from build
-
-Go to the cli folder and build it:
+To run the Immich CLI from source, run the following in the cli folder:

    $ pnpm install
    $ pnpm run build
-    $ node dist/index.js
+    $ ts-node .

-## Run and Debug from source (VSCode)
+You'll need ts-node, the easiest way to install it is to use pnpm:

-With VScode you can run and debug the Immich CLI. Go to the launch.json file, find the Immich CLI config and change this with the command you need to debug
-
-`"args": ["upload", "--help"],`
-
-replace that for the command of your choice.
-
-## Install from build
+    $ pnpm i -g ts-node

 You can also build and install the CLI using

--- a/cli/package.json
+++ b/cli/package.json
@@ -20,7 +20,7 @@
    "@types/lodash-es": "^4.17.12",
    "@types/micromatch": "^4.0.9",
    "@types/mock-fs": "^4.13.1",
-    "@types/node": "^22.18.8",
+    "@types/node": "^22.18.1",
    "@vitest/coverage-v8": "^3.0.0",
    "byte-size": "^9.0.0",
    "cli-progress": "^3.12.0",
@@ -43,7 +43,6 @@
  },
  "scripts": {
    "build": "vite build",
-    "build:dev": "vite build --sourcemap true",
    "lint": "eslint \"src/**/*.ts\" --max-warnings 0",
    "lint:fix": "npm run lint -- --fix",
    "prepack": "npm run build",
--- a/docs/docs/features/libraries.md
+++ b/docs/docs/features/libraries.md
@@ -1,9 +1,5 @@
 # External Libraries

-:::info
-Currently an external library can only belong to a single user which is selected when the library is initially created.
-:::
-
 External libraries track assets stored in the filesystem outside of Immich. When the external library is scanned, Immich will load videos and photos from disk and create the corresponding assets. These assets will then be shown in the main timeline, and they will look and behave like any other asset, including viewing on the map, adding to albums, etc. Later, if a file is modified outside of Immich, you need to scan the library for the changes to show up.

 If an external asset is deleted from disk, Immich will move it to trash on rescan. To restore the asset, you need to restore the original file. After 30 days the file will be removed from trash, and any changes to metadata within Immich will be lost.
--- a/docs/docs/guides/external-library.md
+++ b/docs/docs/guides/external-library.md
@@ -21,10 +21,6 @@ Restart Immich by running `docker compose up -d`.

 # Create the library

-:::info
-External library management requires administrator access and the steps below assume you are using an admin account.
-:::
-
 In the Immich web UI:

 - click the **Administration** link in the upper right corner.
--- a/docs/package.json
+++ b/docs/package.json
@@ -17,9 +17,9 @@
    "write-heading-ids": "docusaurus write-heading-ids"
  },
  "dependencies": {
-    "@docusaurus/core": "~3.9.0",
-    "@docusaurus/preset-classic": "~3.9.0",
-    "@docusaurus/theme-common": "~3.9.0",
+    "@docusaurus/core": "~3.8.0",
+    "@docusaurus/preset-classic": "~3.8.0",
+    "@docusaurus/theme-common": "~3.8.0",
    "@mdi/js": "^7.3.67",
    "@mdi/react": "^1.6.1",
    "@mdx-js/react": "^3.0.0",
@@ -35,7 +35,7 @@
    "url": "^0.11.0"
  },
  "devDependencies": {
-    "@docusaurus/module-type-aliases": "~3.9.0",
+    "@docusaurus/module-type-aliases": "~3.8.0",
    "@docusaurus/tsconfig": "^3.7.0",
    "@docusaurus/types": "^3.7.0",
    "prettier": "^3.2.4",
--- a/docs/src/components/community-projects.tsx
+++ b/docs/src/components/community-projects.tsx
@@ -115,11 +115,6 @@ const projects: CommunityProjectProps[] = [
    description: 'Auto-stack photos with identical filenames and differing extensions (i.e. JPG+RAW)',
    url: 'https://github.com/sid3windr/immich-stack',
  },
-  {
-    title: 'Immich Stack',
-    description: 'Automatically groups similar photos into stacks within the Immich photo management system.',
-    url: 'https://github.com/Majorfi/immich-stack/',
-  },
 ];

 function CommunityProject({ title, description, url }: CommunityProjectProps): JSX.Element {
--- a/e2e/package.json
+++ b/e2e/package.json
@@ -25,7 +25,7 @@
    "@playwright/test": "^1.44.1",
    "@socket.io/component-emitter": "^3.1.2",
    "@types/luxon": "^3.4.2",
-    "@types/node": "^22.18.8",
+    "@types/node": "^22.18.1",
    "@types/oidc-provider": "^9.0.0",
    "@types/pg": "^8.15.1",
    "@types/pngjs": "^6.0.4",
@@ -43,7 +43,7 @@
    "pngjs": "^7.0.0",
    "prettier": "^3.2.5",
    "prettier-plugin-organize-imports": "^4.0.0",
-    "sharp": "^0.34.4",
+    "sharp": "^0.34.3",
    "socket.io-client": "^4.7.4",
    "supertest": "^7.0.0",
    "typescript": "^5.3.3",
@@ -53,8 +53,5 @@
  },
  "volta": {
    "node": "22.20.0"
-  },
-  "dependencies": {
-    "structured-headers": "^2.0.2"
  }
 }
--- a/e2e/src/api/specs/asset-upload.e2e-spec.ts
+++ b/e2e/src/api/specs/asset-upload.e2e-spec.ts
--- a/e2e/src/utils.ts
+++ b/e2e/src/utils.ts
@@ -561,16 +561,6 @@ export const utils = {
    await utils.waitForQueueFinish(accessToken, 'sidecar');
    await utils.waitForQueueFinish(accessToken, 'metadataExtraction');
  },
-
-  downloadAsset: async (accessToken: string, id: string) => {
-    const downloadedRes = await fetch(`${baseUrl}/api/assets/${id}/original`, {
-      headers: asBearerAuth(accessToken),
-    });
-    if (!downloadedRes.ok) {
-      throw new Error(`Failed to download asset ${id}: ${downloadedRes.status} ${await downloadedRes.text()}`);
-    }
-    return await downloadedRes.blob();
-  },
 };

 utils.initSdk();
--- a/i18n/en.json
+++ b/i18n/en.json
@@ -33,7 +33,6 @@
  "add_to_albums": "Add to albums",
  "add_to_albums_count": "Add to albums ({count})",
  "add_to_shared_album": "Add to shared album",
-  "add_upload_to_stack": "Add upload to stack",
  "add_url": "Add URL",
  "added_to_archive": "Added to archive",
  "added_to_favorites": "Added to favorites",
--- a/mise.toml
+++ b/mise.toml
@@ -1,7 +1,7 @@
 [tools]
 node = "22.20.0"
 flutter = "3.35.5"
-pnpm = "10.18.0"
+pnpm = "10.15.1"

 [tools."github:CQLabs/homebrew-dcm"]
 version = "1.30.0"
--- a/mobile/android/app/src/main/kotlin/app/alextran/immich/sync/Messages.g.kt
+++ b/mobile/android/app/src/main/kotlin/app/alextran/immich/sync/Messages.g.kt
@@ -304,7 +304,6 @@ interface NativeSyncApi {
  fun getAssetsCountSince(albumId: String, timestamp: Long): Long
  fun getAssetsForAlbum(albumId: String, updatedTimeCond: Long?): List<PlatformAsset>
  fun hashAssets(assetIds: List<String>, allowNetworkAccess: Boolean, callback: (Result<List<HashResult>>) -> Unit)
-  fun uploadAsset(callback: (Result<Boolean>) -> Unit)
  fun cancelHashing()

  companion object {
@@ -468,24 +467,6 @@ interface NativeSyncApi {
          channel.setMessageHandler(null)
        }
      }
-      run {
-        val channel = BasicMessageChannel<Any?>(binaryMessenger, "dev.flutter.pigeon.immich_mobile.NativeSyncApi.uploadAsset$separatedMessageChannelSuffix", codec)
-        if (api != null) {
-          channel.setMessageHandler { _, reply ->
-            api.uploadAsset{ result: Result<Boolean> ->
-              val error = result.exceptionOrNull()
-              if (error != null) {
-                reply.reply(MessagesPigeonUtils.wrapError(error))
-              } else {
-                val data = result.getOrNull()
-                reply.reply(MessagesPigeonUtils.wrapResult(data))
-              }
-            }
-          }
-        } else {
-          channel.setMessageHandler(null)
-        }
-      }
      run {
        val channel = BasicMessageChannel<Any?>(binaryMessenger, "dev.flutter.pigeon.immich_mobile.NativeSyncApi.cancelHashing$separatedMessageChannelSuffix", codec)
        if (api != null) {
--- a/mobile/ios/Podfile.lock
+++ b/mobile/ios/Podfile.lock
@@ -64,7 +64,7 @@ PODS:
    - Flutter
  - integration_test (0.0.1):
    - Flutter
-  - isar_community_flutter_libs (1.0.0):
+  - isar_flutter_libs (1.0.0):
    - Flutter
  - local_auth_darwin (0.0.1):
    - Flutter
@@ -149,7 +149,7 @@ DEPENDENCIES:
  - home_widget (from `.symlinks/plugins/home_widget/ios`)
  - image_picker_ios (from `.symlinks/plugins/image_picker_ios/ios`)
  - integration_test (from `.symlinks/plugins/integration_test/ios`)
-  - isar_community_flutter_libs (from `.symlinks/plugins/isar_community_flutter_libs/ios`)
+  - isar_flutter_libs (from `.symlinks/plugins/isar_flutter_libs/ios`)
  - local_auth_darwin (from `.symlinks/plugins/local_auth_darwin/darwin`)
  - maplibre_gl (from `.symlinks/plugins/maplibre_gl/ios`)
  - native_video_player (from `.symlinks/plugins/native_video_player/ios`)
@@ -210,8 +210,8 @@ EXTERNAL SOURCES:
    :path: ".symlinks/plugins/image_picker_ios/ios"
  integration_test:
    :path: ".symlinks/plugins/integration_test/ios"
-  isar_community_flutter_libs:
-    :path: ".symlinks/plugins/isar_community_flutter_libs/ios"
+  isar_flutter_libs:
+    :path: ".symlinks/plugins/isar_flutter_libs/ios"
  local_auth_darwin:
    :path: ".symlinks/plugins/local_auth_darwin/darwin"
  maplibre_gl:
@@ -264,7 +264,7 @@ SPEC CHECKSUMS:
  home_widget: f169fc41fd807b4d46ab6615dc44d62adbf9f64f
  image_picker_ios: 7fe1ff8e34c1790d6fff70a32484959f563a928a
  integration_test: 4a889634ef21a45d28d50d622cf412dc6d9f586e
-  isar_community_flutter_libs: bede843185a61a05ff364a05c9b23209523f7e0d
+  isar_flutter_libs: bc909e72c3d756c2759f14c8776c13b5b0556e26
  local_auth_darwin: 553ce4f9b16d3fdfeafce9cf042e7c9f77c1c391
  MapLibre: 69e572367f4ef6287e18246cfafc39c80cdcabcd
  maplibre_gl: 3c924e44725147b03dda33430ad216005b40555f
--- a/mobile/ios/Runner/Sync/Messages.g.swift
+++ b/mobile/ios/Runner/Sync/Messages.g.swift
@@ -363,7 +363,6 @@ protocol NativeSyncApi {
  func getAssetsCountSince(albumId: String, timestamp: Int64) throws -> Int64
  func getAssetsForAlbum(albumId: String, updatedTimeCond: Int64?) throws -> [PlatformAsset]
  func hashAssets(assetIds: [String], allowNetworkAccess: Bool, completion: @escaping (Result<[HashResult], Error>) -> Void)
-  func uploadAsset(completion: @escaping (Result<Bool, Error>) -> Void)
  func cancelHashing() throws
 }

@@ -520,21 +519,6 @@ class NativeSyncApiSetup {
    } else {
      hashAssetsChannel.setMessageHandler(nil)
    }
-    let uploadAssetChannel = FlutterBasicMessageChannel(name: "dev.flutter.pigeon.immich_mobile.NativeSyncApi.uploadAsset\(channelSuffix)", binaryMessenger: binaryMessenger, codec: codec)
-    if let api = api {
-      uploadAssetChannel.setMessageHandler { _, reply in
-        api.uploadAsset { result in
-          switch result {
-          case .success(let res):
-            reply(wrapResult(res))
-          case .failure(let error):
-            reply(wrapError(error))
-          }
-        }
-      }
-    } else {
-      uploadAssetChannel.setMessageHandler(nil)
-    }
    let cancelHashingChannel = FlutterBasicMessageChannel(name: "dev.flutter.pigeon.immich_mobile.NativeSyncApi.cancelHashing\(channelSuffix)", binaryMessenger: binaryMessenger, codec: codec)
    if let api = api {
      cancelHashingChannel.setMessageHandler { _, reply in
--- a/mobile/ios/Runner/Sync/MessagesImpl.swift
+++ b/mobile/ios/Runner/Sync/MessagesImpl.swift
@@ -363,38 +363,4 @@ class NativeSyncApiImpl: NativeSyncApi {
      PHAssetResourceManager.default().cancelDataRequest(requestId)
    })
  }
-
-  func uploadAsset(completion: @escaping (Result<Bool, Error>) -> Void) {
-    let bufferSize = 200 * 1024 * 1024
-    var buffer = Data(count: bufferSize)
-    buffer.withUnsafeMutableBytes { bufferPointer in
-        arc4random_buf(bufferPointer.baseAddress!, bufferSize)
-    }
-    var hasher = Insecure.SHA1()
-    hasher.update(data: buffer)
-    let checksum = Data(hasher.finalize()).base64EncodedString()
-    let tempDirectory = FileManager.default.temporaryDirectory
-
-    let tempFileURL = tempDirectory.appendingPathComponent("buffer.tmp")
-    do {
-        try buffer.write(to: tempFileURL)
-        print("File saved to: \(tempFileURL.path)")
-    } catch {
-        print("Error writing file: \(error)")
-        return completion(Result.failure(error))
-    }
-    
-    let config = URLSessionConfiguration.background(withIdentifier: "app.mertalev.immich.upload")
-    let session = URLSession(configuration: config)
-    
-    var request = URLRequest(url: URL(string: "https://<hardcoded-host>/api/upload")!)
-    request.httpMethod = "POST"
-    request.setValue("<hardcoded-api-key>", forHTTPHeaderField: "X-Api-Key")
-    request.setValue("filename=\"test-image.jpg\", device-asset-id=\"rufh\", device-id=\"test\", file-created-at=\"2025-01-02T00:00:00.000Z\", file-modified-at=\"2025-01-01T00:00:00.000Z\", is-favorite, icloud-id=\"example-icloud-id\"", forHTTPHeaderField: "X-Immich-Asset-Data")
-    request.setValue("sha=:\(checksum):", forHTTPHeaderField: "Repr-Digest")
-    
-    let task = session.uploadTask(with: request, fromFile: tempFileURL)
-    task.resume()
-    completion(Result.success(true))
-  }
 }
--- a/mobile/lib/domain/models/search_result.model.dart
+++ b/mobile/lib/domain/models/search_result.model.dart
@@ -3,30 +3,27 @@ import 'package:immich_mobile/domain/models/asset/base_asset.model.dart';

 class SearchResult {
  final List<BaseAsset> assets;
-  final double scrollOffset;
  final int? nextPage;

-  const SearchResult({required this.assets, this.scrollOffset = 0.0, this.nextPage});
+  const SearchResult({required this.assets, this.nextPage});

-  SearchResult copyWith({List<BaseAsset>? assets, int? nextPage, double? scrollOffset}) {
-    return SearchResult(
-      assets: assets ?? this.assets,
-      nextPage: nextPage ?? this.nextPage,
-      scrollOffset: scrollOffset ?? this.scrollOffset,
-    );
+  int get totalAssets => assets.length;
+
+  SearchResult copyWith({List<BaseAsset>? assets, int? nextPage}) {
+    return SearchResult(assets: assets ?? this.assets, nextPage: nextPage ?? this.nextPage);
  }

  @override
-  String toString() => 'SearchResult(assets: ${assets.length}, nextPage: $nextPage, scrollOffset: $scrollOffset)';
+  String toString() => 'SearchResult(assets: $assets, nextPage: $nextPage)';

  @override
  bool operator ==(covariant SearchResult other) {
    if (identical(this, other)) return true;
    final listEquals = const DeepCollectionEquality().equals;

-    return listEquals(other.assets, assets) && other.nextPage == nextPage && other.scrollOffset == scrollOffset;
+    return listEquals(other.assets, assets) && other.nextPage == nextPage;
  }

  @override
-  int get hashCode => assets.hashCode ^ nextPage.hashCode ^ scrollOffset.hashCode;
+  int get hashCode => assets.hashCode ^ nextPage.hashCode;
 }
--- a/mobile/lib/domain/services/timeline.service.dart
+++ b/mobile/lib/domain/services/timeline.service.dart
@@ -203,7 +203,7 @@ class TimelineService {
  Future<void> dispose() async {
    await _bucketSubscription?.cancel();
    _bucketSubscription = null;
-    _buffer = [];
+    _buffer.clear();
    _bufferOffset = 0;
  }
 }
--- a/mobile/lib/entities/album.entity.g.dart
+++ b/mobile/lib/entities/album.entity.g.dart
@@ -132,7 +132,7 @@ const AlbumSchema = CollectionSchema(
  getId: _albumGetId,
  getLinks: _albumGetLinks,
  attach: _albumAttach,
-  version: '3.3.0-dev.3',
+  version: '3.1.8',
 );

 int _albumEstimateSize(
--- a/mobile/lib/entities/android_device_asset.entity.g.dart
+++ b/mobile/lib/entities/android_device_asset.entity.g.dart
@@ -47,7 +47,7 @@ const AndroidDeviceAssetSchema = CollectionSchema(
  getId: _androidDeviceAssetGetId,
  getLinks: _androidDeviceAssetGetLinks,
  attach: _androidDeviceAssetAttach,
-  version: '3.3.0-dev.3',
+  version: '3.1.8',
 );

 int _androidDeviceAssetEstimateSize(
--- a/mobile/lib/entities/asset.entity.g.dart
+++ b/mobile/lib/entities/asset.entity.g.dart
@@ -168,7 +168,7 @@ const AssetSchema = CollectionSchema(
  getId: _assetGetId,
  getLinks: _assetGetLinks,
  attach: _assetAttach,
-  version: '3.3.0-dev.3',
+  version: '3.1.8',
 );

 int _assetEstimateSize(
--- a/mobile/lib/entities/backup_album.entity.g.dart
+++ b/mobile/lib/entities/backup_album.entity.g.dart
@@ -43,7 +43,7 @@ const BackupAlbumSchema = CollectionSchema(
  getId: _backupAlbumGetId,
  getLinks: _backupAlbumGetLinks,
  attach: _backupAlbumAttach,
-  version: '3.3.0-dev.3',
+  version: '3.1.8',
 );

 int _backupAlbumEstimateSize(
--- a/mobile/lib/entities/duplicated_asset.entity.g.dart
+++ b/mobile/lib/entities/duplicated_asset.entity.g.dart
@@ -32,7 +32,7 @@ const DuplicatedAssetSchema = CollectionSchema(
  getId: _duplicatedAssetGetId,
  getLinks: _duplicatedAssetGetLinks,
  attach: _duplicatedAssetAttach,
-  version: '3.3.0-dev.3',
+  version: '3.1.8',
 );

 int _duplicatedAssetEstimateSize(
--- a/mobile/lib/entities/etag.entity.g.dart
+++ b/mobile/lib/entities/etag.entity.g.dart
@@ -52,7 +52,7 @@ const ETagSchema = CollectionSchema(
  getId: _eTagGetId,
  getLinks: _eTagGetLinks,
  attach: _eTagAttach,
-  version: '3.3.0-dev.3',
+  version: '3.1.8',
 );

 int _eTagEstimateSize(
--- a/mobile/lib/entities/ios_device_asset.entity.g.dart
+++ b/mobile/lib/entities/ios_device_asset.entity.g.dart
@@ -60,7 +60,7 @@ const IOSDeviceAssetSchema = CollectionSchema(
  getId: _iOSDeviceAssetGetId,
  getLinks: _iOSDeviceAssetGetLinks,
  attach: _iOSDeviceAssetAttach,
-  version: '3.3.0-dev.3',
+  version: '3.1.8',
 );

 int _iOSDeviceAssetEstimateSize(
--- a/mobile/lib/infrastructure/entities/device_asset.entity.g.dart
+++ b/mobile/lib/infrastructure/entities/device_asset.entity.g.dart
@@ -65,7 +65,7 @@ const DeviceAssetEntitySchema = CollectionSchema(
  getId: _deviceAssetEntityGetId,
  getLinks: _deviceAssetEntityGetLinks,
  attach: _deviceAssetEntityAttach,
-  version: '3.3.0-dev.3',
+  version: '3.1.8',
 );

 int _deviceAssetEntityEstimateSize(
--- a/mobile/lib/infrastructure/entities/exif.entity.g.dart
+++ b/mobile/lib/infrastructure/entities/exif.entity.g.dart
@@ -68,7 +68,7 @@ const ExifInfoSchema = CollectionSchema(
  getId: _exifInfoGetId,
  getLinks: _exifInfoGetLinks,
  attach: _exifInfoAttach,
-  version: '3.3.0-dev.3',
+  version: '3.1.8',
 );

 int _exifInfoEstimateSize(
--- a/mobile/lib/infrastructure/entities/store.entity.g.dart
+++ b/mobile/lib/infrastructure/entities/store.entity.g.dart
@@ -37,7 +37,7 @@ const StoreValueSchema = CollectionSchema(
  getId: _storeValueGetId,
  getLinks: _storeValueGetLinks,
  attach: _storeValueAttach,
-  version: '3.3.0-dev.3',
+  version: '3.1.8',
 );

 int _storeValueEstimateSize(
--- a/mobile/lib/infrastructure/entities/user.entity.g.dart
+++ b/mobile/lib/infrastructure/entities/user.entity.g.dart
@@ -95,7 +95,7 @@ const UserSchema = CollectionSchema(
  getId: _userGetId,
  getLinks: _userGetLinks,
  attach: _userAttach,
-  version: '3.3.0-dev.3',
+  version: '3.1.8',
 );

 int _userEstimateSize(
--- a/mobile/lib/pages/backup/drift_backup.page.dart
+++ b/mobile/lib/pages/backup/drift_backup.page.dart
@@ -15,7 +15,6 @@ import 'package:immich_mobile/presentation/widgets/backup/backup_toggle_button.w
 import 'package:immich_mobile/providers/background_sync.provider.dart';
 import 'package:immich_mobile/providers/backup/backup_album.provider.dart';
 import 'package:immich_mobile/providers/backup/drift_backup.provider.dart';
-import 'package:immich_mobile/providers/infrastructure/platform.provider.dart';
 import 'package:immich_mobile/providers/sync_status.provider.dart';
 import 'package:immich_mobile/providers/user.provider.dart';
 import 'package:immich_mobile/routing/router.dart';
@@ -142,84 +141,6 @@ class _DriftBackupPageState extends ConsumerState<DriftBackupPage> {
                      await stopBackup();
                    },
                  ),
-                  Container(
-                    margin: const EdgeInsets.symmetric(horizontal: 4, vertical: 4),
-                    decoration: BoxDecoration(
-                      borderRadius: const BorderRadius.all(Radius.circular(20)),
-                      gradient: LinearGradient(
-                        colors: [
-                          context.primaryColor.withValues(alpha: 0.5),
-                          context.primaryColor.withValues(alpha: 0.4),
-                          context.primaryColor.withValues(alpha: 0.5),
-                        ],
-                        stops: const [0.0, 0.5, 1.0],
-                        begin: Alignment.topLeft,
-                        end: Alignment.bottomRight,
-                      ),
-                      boxShadow: [
-                        BoxShadow(
-                          color: context.primaryColor.withValues(alpha: 0.1),
-                          blurRadius: 12,
-                          offset: const Offset(0, 2),
-                        ),
-                      ],
-                    ),
-                    child: Container(
-                      margin: const EdgeInsets.all(1.5),
-                      decoration: BoxDecoration(
-                        borderRadius: const BorderRadius.all(Radius.circular(18.5)),
-                        color: context.colorScheme.surfaceContainerLow,
-                      ),
-                      child: Material(
-                        color: context.colorScheme.surfaceContainerLow,
-                        borderRadius: const BorderRadius.all(Radius.circular(20.5)),
-                        child: InkWell(
-                          borderRadius: const BorderRadius.all(Radius.circular(20.5)),
-                          onTap: () => ref.read(nativeSyncApiProvider).uploadAsset(),
-                          child: Padding(
-                            padding: const EdgeInsets.symmetric(horizontal: 20, vertical: 16),
-                            child: Row(
-                              children: [
-                                Container(
-                                  padding: const EdgeInsets.all(8),
-                                  decoration: BoxDecoration(
-                                    shape: BoxShape.circle,
-                                    gradient: LinearGradient(
-                                      colors: [
-                                        context.primaryColor.withValues(alpha: 0.2),
-                                        context.primaryColor.withValues(alpha: 0.1),
-                                      ],
-                                    ),
-                                  ),
-                                  child: Icon(Icons.upload, color: context.primaryColor, size: 24),
-                                ),
-                                const SizedBox(width: 16),
-                                Expanded(
-                                  child: Column(
-                                    crossAxisAlignment: CrossAxisAlignment.start,
-                                    children: [
-                                      Row(
-                                        crossAxisAlignment: CrossAxisAlignment.center,
-                                        children: [
-                                          Text(
-                                            "Upload Asset (for testing)",
-                                            style: context.textTheme.titleMedium?.copyWith(
-                                              fontWeight: FontWeight.w600,
-                                              color: context.primaryColor,
-                                            ),
-                                          ),
-                                        ],
-                                      ),
-                                    ],
-                                  ),
-                                ),
-                              ],
-                            ),
-                          ),
-                        ),
-                      ),
-                    ),
-                  ),
                  switch (error) {
                    BackupError.none => const SizedBox.shrink(),
                    BackupError.syncFailed => Padding(
--- a/mobile/lib/platform/native_sync_api.g.dart
+++ b/mobile/lib/platform/native_sync_api.g.dart
@@ -540,34 +540,6 @@ class NativeSyncApi {
    }
  }

-  Future<bool> uploadAsset() async {
-    final String pigeonVar_channelName =
-        'dev.flutter.pigeon.immich_mobile.NativeSyncApi.uploadAsset$pigeonVar_messageChannelSuffix';
-    final BasicMessageChannel<Object?> pigeonVar_channel = BasicMessageChannel<Object?>(
-      pigeonVar_channelName,
-      pigeonChannelCodec,
-      binaryMessenger: pigeonVar_binaryMessenger,
-    );
-    final Future<Object?> pigeonVar_sendFuture = pigeonVar_channel.send(null);
-    final List<Object?>? pigeonVar_replyList = await pigeonVar_sendFuture as List<Object?>?;
-    if (pigeonVar_replyList == null) {
-      throw _createConnectionError(pigeonVar_channelName);
-    } else if (pigeonVar_replyList.length > 1) {
-      throw PlatformException(
-        code: pigeonVar_replyList[0]! as String,
-        message: pigeonVar_replyList[1] as String?,
-        details: pigeonVar_replyList[2],
-      );
-    } else if (pigeonVar_replyList[0] == null) {
-      throw PlatformException(
-        code: 'null-error',
-        message: 'Host platform returned null value for non-null return value.',
-      );
-    } else {
-      return (pigeonVar_replyList[0] as bool?)!;
-    }
-  }
-
  Future<void> cancelHashing() async {
    final String pigeonVar_channelName =
        'dev.flutter.pigeon.immich_mobile.NativeSyncApi.cancelHashing$pigeonVar_messageChannelSuffix';
--- a/mobile/lib/presentation/pages/search/drift_search.page.dart
+++ b/mobile/lib/presentation/pages/search/drift_search.page.dart
@@ -599,9 +599,9 @@ class _SearchResultGrid extends ConsumerWidget {

  @override
  Widget build(BuildContext context, WidgetRef ref) {
-    final assets = ref.watch(paginatedSearchProvider.select((s) => s.assets));
+    final searchResult = ref.watch(paginatedSearchProvider);

-    if (assets.isEmpty) {
+    if (searchResult.totalAssets == 0) {
      return const _SearchEmptyContent();
    }

@@ -615,7 +615,6 @@ class _SearchResultGrid extends ConsumerWidget {

        if (metrics.pixels >= metrics.maxScrollExtent && isVerticalScroll && !isBottomSheetNotification) {
          onScrollEnd();
-          ref.read(paginatedSearchProvider.notifier).setScrollOffset(metrics.maxScrollExtent);
        }

        return true;
@@ -624,18 +623,17 @@ class _SearchResultGrid extends ConsumerWidget {
        child: ProviderScope(
          overrides: [
            timelineServiceProvider.overrideWith((ref) {
-              final timelineService = ref.watch(timelineFactoryProvider).fromAssets(assets);
+              final timelineService = ref.watch(timelineFactoryProvider).fromAssets(searchResult.assets);
              ref.onDispose(timelineService.dispose);
              return timelineService;
            }),
          ],
          child: Timeline(
-            key: ValueKey(assets.length),
+            key: ValueKey(searchResult.totalAssets),
            groupBy: GroupAssetsBy.none,
            appBar: null,
            bottomSheet: const GeneralBottomSheet(minChildSize: 0.20),
            snapToMonth: false,
-            initialScrollOffset: ref.read(paginatedSearchProvider.select((s) => s.scrollOffset)),
          ),
        ),
      ),
--- a/mobile/lib/presentation/pages/search/paginated_search.provider.dart
+++ b/mobile/lib/presentation/pages/search/paginated_search.provider.dart
@@ -24,20 +24,12 @@ class PaginatedSearchNotifier extends StateNotifier<SearchResult> {
      return false;
    }

-    state = SearchResult(
-      assets: [...state.assets, ...result.assets],
-      nextPage: result.nextPage,
-      scrollOffset: state.scrollOffset,
-    );
+    state = SearchResult(assets: [...state.assets, ...result.assets], nextPage: result.nextPage);

    return true;
  }

-  void setScrollOffset(double offset) {
-    state = state.copyWith(scrollOffset: offset);
-  }
-
  clear() {
-    state = const SearchResult(assets: [], nextPage: 1, scrollOffset: 0.0);
+    state = const SearchResult(assets: [], nextPage: 1);
  }
 }
--- a/mobile/lib/presentation/widgets/asset_viewer/bottom_sheet.widget.dart
+++ b/mobile/lib/presentation/widgets/asset_viewer/bottom_sheet.widget.dart
@@ -51,7 +51,7 @@ class AssetDetailBottomSheet extends ConsumerWidget {
      isArchived: isArchived,
      isTrashEnabled: isTrashEnable,
      isInLockedView: isInLockedView,
-      isStacked: asset is RemoteAsset && asset.stackId != null,
+      isStacked: asset.hasRemote && (asset as RemoteAsset).stackId != null,
      currentAlbum: currentAlbum,
      advancedTroubleshooting: advancedTroubleshooting,
      source: ActionSource.viewer,
--- a/mobile/lib/presentation/widgets/asset_viewer/video_viewer.widget.dart
+++ b/mobile/lib/presentation/widgets/asset_viewer/video_viewer.widget.dart
@@ -322,9 +322,6 @@ class NativeVideoViewer extends HookConsumerWidget {
        removeListeners(playerController);
      }

-      if (value != null) {
-        isVisible.value = _isCurrentAsset(value, asset);
-      }
      final curAsset = currentAsset.value;
      if (curAsset == asset) {
        return;
--- a/mobile/lib/presentation/widgets/timeline/timeline.widget.dart
+++ b/mobile/lib/presentation/widgets/timeline/timeline.widget.dart
@@ -40,7 +40,6 @@ class Timeline extends StatelessWidget {
    this.groupBy,
    this.withScrubber = true,
    this.snapToMonth = true,
-    this.initialScrollOffset,
  });

  final Widget? topSliverWidget;
@@ -52,7 +51,6 @@ class Timeline extends StatelessWidget {
  final GroupAssetsBy? groupBy;
  final bool withScrubber;
  final bool snapToMonth;
-  final double? initialScrollOffset;

  @override
  Widget build(BuildContext context) {
@@ -80,7 +78,6 @@ class Timeline extends StatelessWidget {
            bottomSheet: bottomSheet,
            withScrubber: withScrubber,
            snapToMonth: snapToMonth,
-            initialScrollOffset: initialScrollOffset,
          ),
        ),
      ),
@@ -96,7 +93,6 @@ class _SliverTimeline extends ConsumerStatefulWidget {
    this.bottomSheet,
    this.withScrubber = true,
    this.snapToMonth = true,
-    this.initialScrollOffset,
  });

  final Widget? topSliverWidget;
@@ -105,7 +101,6 @@ class _SliverTimeline extends ConsumerStatefulWidget {
  final Widget? bottomSheet;
  final bool withScrubber;
  final bool snapToMonth;
-  final double? initialScrollOffset;

  @override
  ConsumerState createState() => _SliverTimelineState();
@@ -129,10 +124,7 @@ class _SliverTimelineState extends ConsumerState<_SliverTimeline> {
  @override
  void initState() {
    super.initState();
-    _scrollController = ScrollController(
-      initialScrollOffset: widget.initialScrollOffset ?? 0.0,
-      onAttach: _restoreScalePosition,
-    );
+    _scrollController = ScrollController(onAttach: _restoreScalePosition);
    _eventSubscription = EventStream.shared.listen(_onEvent);

    final currentTilesPerRow = ref.read(settingsProvider).get(Setting.tilesPerRow);
--- a/mobile/lib/providers/infrastructure/action.provider.dart
+++ b/mobile/lib/providers/infrastructure/action.provider.dart
@@ -77,14 +77,11 @@ class ActionNotifier extends Notifier<void> {
    return _getAssets(source).whereType<RemoteAsset>().toIds().toList(growable: false);
  }

-  List<String> _getLocalIdsForSource(ActionSource source, {bool ignoreLocalOnly = false}) {
+  List<String> _getLocalIdsForSource(ActionSource source) {
    final Set<BaseAsset> assets = _getAssets(source);
    final List<String> localIds = [];

    for (final asset in assets) {
-      if (ignoreLocalOnly && asset.storage != AssetState.merged) {
-        continue;
-      }
      if (asset is LocalAsset) {
        localIds.add(asset.id);
      } else if (asset is RemoteAsset && asset.localId != null) {
@@ -192,7 +189,7 @@ class ActionNotifier extends Notifier<void> {

  Future<ActionResult> moveToLockFolder(ActionSource source) async {
    final ids = _getOwnedRemoteIdsForSource(source);
-    final localIds = _getLocalIdsForSource(source, ignoreLocalOnly: true);
+    final localIds = _getLocalIdsForSource(source);
    try {
      await _service.moveToLockFolder(ids, localIds);
      return ActionResult(count: ids.length, success: true);
--- a/mobile/lib/repositories/asset_media.repository.dart
+++ b/mobile/lib/repositories/asset_media.repository.dart
@@ -1,6 +1,5 @@
 import 'dart:io';

-import 'package:device_info_plus/device_info_plus.dart';
 import 'package:flutter/widgets.dart';
 import 'package:hooks_riverpod/hooks_riverpod.dart';
 import 'package:immich_mobile/domain/models/asset/base_asset.model.dart';
@@ -26,28 +25,7 @@ class AssetMediaRepository {

  const AssetMediaRepository(this._assetApiRepository);

-  Future<bool> _androidSupportsTrash() async {
-    if (Platform.isAndroid) {
-      DeviceInfoPlugin deviceInfo = DeviceInfoPlugin();
-      AndroidDeviceInfo androidInfo = await deviceInfo.androidInfo;
-      int sdkVersion = androidInfo.version.sdkInt;
-      return sdkVersion >= 31;
-    }
-    return false;
-  }
-
-  Future<List<String>> deleteAll(List<String> ids) async {
-    if (CurrentPlatform.isAndroid) {
-      if (await _androidSupportsTrash()) {
-        return PhotoManager.editor.android.moveToTrash(
-          ids.map((e) => AssetEntity(id: e, width: 1, height: 1, typeInt: 0)).toList(),
-        );
-      } else {
-        return PhotoManager.editor.deleteWithIds(ids);
-      }
-    }
-    return PhotoManager.editor.deleteWithIds(ids);
-  }
+  Future<List<String>> deleteAll(List<String> ids) => PhotoManager.editor.deleteWithIds(ids);

  Future<asset_entity.Asset?> get(String id) async {
    final entity = await AssetEntity.fromId(id);
--- a/mobile/lib/utils/openapi_patching.dart
+++ b/mobile/lib/utils/openapi_patching.dart
@@ -39,6 +39,17 @@ dynamic upgradeDto(dynamic value, String targetType) {
    case 'LoginResponseDto':
      if (value is Map) {
        addDefault(value, 'isOnboarded', false);
+        addDefault(value, 'permissions', ['all']);
+      }
+      break;
+    case 'SessionResponseDto':
+      if (value is Map) {
+        addDefault(value, 'permissions', ['all']);
+      }
+      break;
+    case 'SessionCreateResponseDto':
+      if (value is Map) {
+        addDefault(value, 'permissions', ['all']);
      }
      break;
    case 'SyncUserV1':
--- a/mobile/openapi/README.md
+++ b/mobile/openapi/README.md
@@ -263,11 +263,6 @@ Class | Method | HTTP request | Description
 *TrashApi* | [**emptyTrash**](doc//TrashApi.md#emptytrash) | **POST** /trash/empty | 
 *TrashApi* | [**restoreAssets**](doc//TrashApi.md#restoreassets) | **POST** /trash/restore/assets | 
 *TrashApi* | [**restoreTrash**](doc//TrashApi.md#restoretrash) | **POST** /trash/restore | 
-*UploadApi* | [**cancelUpload**](doc//UploadApi.md#cancelupload) | **DELETE** /upload/{id} | 
-*UploadApi* | [**getUploadOptions**](doc//UploadApi.md#getuploadoptions) | **OPTIONS** /upload | 
-*UploadApi* | [**getUploadStatus**](doc//UploadApi.md#getuploadstatus) | **HEAD** /upload/{id} | 
-*UploadApi* | [**resumeUpload**](doc//UploadApi.md#resumeupload) | **PATCH** /upload/{id} | 
-*UploadApi* | [**startUpload**](doc//UploadApi.md#startupload) | **POST** /upload | 
 *UsersApi* | [**createProfileImage**](doc//UsersApi.md#createprofileimage) | **POST** /users/profile-image | 
 *UsersApi* | [**deleteProfileImage**](doc//UsersApi.md#deleteprofileimage) | **DELETE** /users/profile-image | 
 *UsersApi* | [**deleteUserLicense**](doc//UsersApi.md#deleteuserlicense) | **DELETE** /users/me/license | 
@@ -577,8 +572,6 @@ Class | Method | HTTP request | Description
 - [UpdateAlbumUserDto](doc//UpdateAlbumUserDto.md)
 - [UpdateAssetDto](doc//UpdateAssetDto.md)
 - [UpdateLibraryDto](doc//UpdateLibraryDto.md)
- - [UploadBackupConfig](doc//UploadBackupConfig.md)
- - [UploadOkDto](doc//UploadOkDto.md)
 - [UsageByUserDto](doc//UsageByUserDto.md)
 - [UserAdminCreateDto](doc//UserAdminCreateDto.md)
 - [UserAdminDeleteDto](doc//UserAdminDeleteDto.md)
--- a/mobile/openapi/lib/api.dart
+++ b/mobile/openapi/lib/api.dart
@@ -60,7 +60,6 @@ part 'api/system_metadata_api.dart';
 part 'api/tags_api.dart';
 part 'api/timeline_api.dart';
 part 'api/trash_api.dart';
-part 'api/upload_api.dart';
 part 'api/users_api.dart';
 part 'api/users_admin_api.dart';
 part 'api/view_api.dart';
@@ -344,8 +343,6 @@ part 'model/update_album_dto.dart';
 part 'model/update_album_user_dto.dart';
 part 'model/update_asset_dto.dart';
 part 'model/update_library_dto.dart';
-part 'model/upload_backup_config.dart';
-part 'model/upload_ok_dto.dart';
 part 'model/usage_by_user_dto.dart';
 part 'model/user_admin_create_dto.dart';
 part 'model/user_admin_delete_dto.dart';
--- a/mobile/openapi/lib/api/upload_api.dart
+++ b/mobile/openapi/lib/api/upload_api.dart
@@ -1,379 +0,0 @@
-//
-// AUTO-GENERATED FILE, DO NOT MODIFY!
-//
-// @dart=2.18
-
-// ignore_for_file: unused_element, unused_import
-// ignore_for_file: always_put_required_named_parameters_first
-// ignore_for_file: constant_identifier_names
-// ignore_for_file: lines_longer_than_80_chars
-
-part of openapi.api;
-
-
-class UploadApi {
-  UploadApi([ApiClient? apiClient]) : apiClient = apiClient ?? defaultApiClient;
-
-  final ApiClient apiClient;
-
-  /// This endpoint requires the `asset.upload` permission.
-  ///
-  /// Note: This method returns the HTTP [Response].
-  ///
-  /// Parameters:
-  ///
-  /// * [String] id (required):
-  ///
-  /// * [String] key:
-  ///
-  /// * [String] slug:
-  Future<Response> cancelUploadWithHttpInfo(String id, { String? key, String? slug, }) async {
-    // ignore: prefer_const_declarations
-    final apiPath = r'/upload/{id}'
-      .replaceAll('{id}', id);
-
-    // ignore: prefer_final_locals
-    Object? postBody;
-
-    final queryParams = <QueryParam>[];
-    final headerParams = <String, String>{};
-    final formParams = <String, String>{};
-
-    if (key != null) {
-      queryParams.addAll(_queryParams('', 'key', key));
-    }
-    if (slug != null) {
-      queryParams.addAll(_queryParams('', 'slug', slug));
-    }
-
-    const contentTypes = <String>[];
-
-
-    return apiClient.invokeAPI(
-      apiPath,
-      'DELETE',
-      queryParams,
-      postBody,
-      headerParams,
-      formParams,
-      contentTypes.isEmpty ? null : contentTypes.first,
-    );
-  }
-
-  /// This endpoint requires the `asset.upload` permission.
-  ///
-  /// Parameters:
-  ///
-  /// * [String] id (required):
-  ///
-  /// * [String] key:
-  ///
-  /// * [String] slug:
-  Future<void> cancelUpload(String id, { String? key, String? slug, }) async {
-    final response = await cancelUploadWithHttpInfo(id,  key: key, slug: slug, );
-    if (response.statusCode >= HttpStatus.badRequest) {
-      throw ApiException(response.statusCode, await _decodeBodyBytes(response));
-    }
-  }
-
-  /// Performs an HTTP 'OPTIONS /upload' operation and returns the [Response].
-  Future<Response> getUploadOptionsWithHttpInfo() async {
-    // ignore: prefer_const_declarations
-    final apiPath = r'/upload';
-
-    // ignore: prefer_final_locals
-    Object? postBody;
-
-    final queryParams = <QueryParam>[];
-    final headerParams = <String, String>{};
-    final formParams = <String, String>{};
-
-    const contentTypes = <String>[];
-
-
-    return apiClient.invokeAPI(
-      apiPath,
-      'OPTIONS',
-      queryParams,
-      postBody,
-      headerParams,
-      formParams,
-      contentTypes.isEmpty ? null : contentTypes.first,
-    );
-  }
-
-  Future<void> getUploadOptions() async {
-    final response = await getUploadOptionsWithHttpInfo();
-    if (response.statusCode >= HttpStatus.badRequest) {
-      throw ApiException(response.statusCode, await _decodeBodyBytes(response));
-    }
-  }
-
-  /// This endpoint requires the `asset.upload` permission.
-  ///
-  /// Note: This method returns the HTTP [Response].
-  ///
-  /// Parameters:
-  ///
-  /// * [String] id (required):
-  ///
-  /// * [String] uploadDraftInteropVersion (required):
-  ///   Indicates the version of the RUFH protocol supported by the client.
-  ///
-  /// * [String] key:
-  ///
-  /// * [String] slug:
-  Future<Response> getUploadStatusWithHttpInfo(String id, String uploadDraftInteropVersion, { String? key, String? slug, }) async {
-    // ignore: prefer_const_declarations
-    final apiPath = r'/upload/{id}'
-      .replaceAll('{id}', id);
-
-    // ignore: prefer_final_locals
-    Object? postBody;
-
-    final queryParams = <QueryParam>[];
-    final headerParams = <String, String>{};
-    final formParams = <String, String>{};
-
-    if (key != null) {
-      queryParams.addAll(_queryParams('', 'key', key));
-    }
-    if (slug != null) {
-      queryParams.addAll(_queryParams('', 'slug', slug));
-    }
-
-    headerParams[r'upload-draft-interop-version'] = parameterToString(uploadDraftInteropVersion);
-
-    const contentTypes = <String>[];
-
-
-    return apiClient.invokeAPI(
-      apiPath,
-      'HEAD',
-      queryParams,
-      postBody,
-      headerParams,
-      formParams,
-      contentTypes.isEmpty ? null : contentTypes.first,
-    );
-  }
-
-  /// This endpoint requires the `asset.upload` permission.
-  ///
-  /// Parameters:
-  ///
-  /// * [String] id (required):
-  ///
-  /// * [String] uploadDraftInteropVersion (required):
-  ///   Indicates the version of the RUFH protocol supported by the client.
-  ///
-  /// * [String] key:
-  ///
-  /// * [String] slug:
-  Future<void> getUploadStatus(String id, String uploadDraftInteropVersion, { String? key, String? slug, }) async {
-    final response = await getUploadStatusWithHttpInfo(id, uploadDraftInteropVersion,  key: key, slug: slug, );
-    if (response.statusCode >= HttpStatus.badRequest) {
-      throw ApiException(response.statusCode, await _decodeBodyBytes(response));
-    }
-  }
-
-  /// This endpoint requires the `asset.upload` permission.
-  ///
-  /// Note: This method returns the HTTP [Response].
-  ///
-  /// Parameters:
-  ///
-  /// * [String] contentLength (required):
-  ///   Non-negative size of the request body in bytes.
-  ///
-  /// * [String] id (required):
-  ///
-  /// * [String] uploadComplete (required):
-  ///   Structured boolean indicating whether this request completes the file. Use Upload-Incomplete instead for version <= 3.
-  ///
-  /// * [String] uploadDraftInteropVersion (required):
-  ///   Indicates the version of the RUFH protocol supported by the client.
-  ///
-  /// * [String] uploadOffset (required):
-  ///   Non-negative byte offset indicating the starting position of the data in the request body within the entire file.
-  ///
-  /// * [String] key:
-  ///
-  /// * [String] slug:
-  Future<Response> resumeUploadWithHttpInfo(String contentLength, String id, String uploadComplete, String uploadDraftInteropVersion, String uploadOffset, { String? key, String? slug, }) async {
-    // ignore: prefer_const_declarations
-    final apiPath = r'/upload/{id}'
-      .replaceAll('{id}', id);
-
-    // ignore: prefer_final_locals
-    Object? postBody;
-
-    final queryParams = <QueryParam>[];
-    final headerParams = <String, String>{};
-    final formParams = <String, String>{};
-
-    if (key != null) {
-      queryParams.addAll(_queryParams('', 'key', key));
-    }
-    if (slug != null) {
-      queryParams.addAll(_queryParams('', 'slug', slug));
-    }
-
-    headerParams[r'content-length'] = parameterToString(contentLength);
-    headerParams[r'upload-complete'] = parameterToString(uploadComplete);
-    headerParams[r'upload-draft-interop-version'] = parameterToString(uploadDraftInteropVersion);
-    headerParams[r'upload-offset'] = parameterToString(uploadOffset);
-
-    const contentTypes = <String>[];
-
-
-    return apiClient.invokeAPI(
-      apiPath,
-      'PATCH',
-      queryParams,
-      postBody,
-      headerParams,
-      formParams,
-      contentTypes.isEmpty ? null : contentTypes.first,
-    );
-  }
-
-  /// This endpoint requires the `asset.upload` permission.
-  ///
-  /// Parameters:
-  ///
-  /// * [String] contentLength (required):
-  ///   Non-negative size of the request body in bytes.
-  ///
-  /// * [String] id (required):
-  ///
-  /// * [String] uploadComplete (required):
-  ///   Structured boolean indicating whether this request completes the file. Use Upload-Incomplete instead for version <= 3.
-  ///
-  /// * [String] uploadDraftInteropVersion (required):
-  ///   Indicates the version of the RUFH protocol supported by the client.
-  ///
-  /// * [String] uploadOffset (required):
-  ///   Non-negative byte offset indicating the starting position of the data in the request body within the entire file.
-  ///
-  /// * [String] key:
-  ///
-  /// * [String] slug:
-  Future<UploadOkDto?> resumeUpload(String contentLength, String id, String uploadComplete, String uploadDraftInteropVersion, String uploadOffset, { String? key, String? slug, }) async {
-    final response = await resumeUploadWithHttpInfo(contentLength, id, uploadComplete, uploadDraftInteropVersion, uploadOffset,  key: key, slug: slug, );
-    if (response.statusCode >= HttpStatus.badRequest) {
-      throw ApiException(response.statusCode, await _decodeBodyBytes(response));
-    }
-    // When a remote server returns no body with a status of 204, we shall not decode it.
-    // At the time of writing this, `dart:convert` will throw an "Unexpected end of input"
-    // FormatException when trying to decode an empty string.
-    if (response.body.isNotEmpty && response.statusCode != HttpStatus.noContent) {
-      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'UploadOkDto',) as UploadOkDto;
-    
-    }
-    return null;
-  }
-
-  /// This endpoint requires the `asset.upload` permission.
-  ///
-  /// Note: This method returns the HTTP [Response].
-  ///
-  /// Parameters:
-  ///
-  /// * [String] contentLength (required):
-  ///   Non-negative size of the request body in bytes.
-  ///
-  /// * [String] reprDigest (required):
-  ///   RFC 9651 structured dictionary containing an `sha` (bytesequence) checksum used to detect duplicate files and validate data integrity.
-  ///
-  /// * [String] xImmichAssetData (required):
-  ///   RFC 9651 structured dictionary containing asset metadata with the following keys: - device-asset-id (string, required): Unique device asset identifier - device-id (string, required): Device identifier - file-created-at (string/date, required): ISO 8601 date string or Unix timestamp - file-modified-at (string/date, required): ISO 8601 date string or Unix timestamp - filename (string, required): Original filename - is-favorite (boolean, optional): Favorite status - live-photo-video-id (string, optional): Live photo ID for assets from iOS devices - icloud-id (string, optional): iCloud identifier for assets from iOS devices
-  ///
-  /// * [String] key:
-  ///
-  /// * [String] slug:
-  ///
-  /// * [String] uploadComplete:
-  ///   Structured boolean indicating whether this request completes the file. Use Upload-Incomplete instead for version <= 3.
-  ///
-  /// * [String] uploadDraftInteropVersion:
-  ///   Indicates the version of the RUFH protocol supported by the client.
-  Future<Response> startUploadWithHttpInfo(String contentLength, String reprDigest, String xImmichAssetData, { String? key, String? slug, String? uploadComplete, String? uploadDraftInteropVersion, }) async {
-    // ignore: prefer_const_declarations
-    final apiPath = r'/upload';
-
-    // ignore: prefer_final_locals
-    Object? postBody;
-
-    final queryParams = <QueryParam>[];
-    final headerParams = <String, String>{};
-    final formParams = <String, String>{};
-
-    if (key != null) {
-      queryParams.addAll(_queryParams('', 'key', key));
-    }
-    if (slug != null) {
-      queryParams.addAll(_queryParams('', 'slug', slug));
-    }
-
-    headerParams[r'content-length'] = parameterToString(contentLength);
-    headerParams[r'repr-digest'] = parameterToString(reprDigest);
-    if (uploadComplete != null) {
-      headerParams[r'upload-complete'] = parameterToString(uploadComplete);
-    }
-    if (uploadDraftInteropVersion != null) {
-      headerParams[r'upload-draft-interop-version'] = parameterToString(uploadDraftInteropVersion);
-    }
-    headerParams[r'x-immich-asset-data'] = parameterToString(xImmichAssetData);
-
-    const contentTypes = <String>[];
-
-
-    return apiClient.invokeAPI(
-      apiPath,
-      'POST',
-      queryParams,
-      postBody,
-      headerParams,
-      formParams,
-      contentTypes.isEmpty ? null : contentTypes.first,
-    );
-  }
-
-  /// This endpoint requires the `asset.upload` permission.
-  ///
-  /// Parameters:
-  ///
-  /// * [String] contentLength (required):
-  ///   Non-negative size of the request body in bytes.
-  ///
-  /// * [String] reprDigest (required):
-  ///   RFC 9651 structured dictionary containing an `sha` (bytesequence) checksum used to detect duplicate files and validate data integrity.
-  ///
-  /// * [String] xImmichAssetData (required):
-  ///   RFC 9651 structured dictionary containing asset metadata with the following keys: - device-asset-id (string, required): Unique device asset identifier - device-id (string, required): Device identifier - file-created-at (string/date, required): ISO 8601 date string or Unix timestamp - file-modified-at (string/date, required): ISO 8601 date string or Unix timestamp - filename (string, required): Original filename - is-favorite (boolean, optional): Favorite status - live-photo-video-id (string, optional): Live photo ID for assets from iOS devices - icloud-id (string, optional): iCloud identifier for assets from iOS devices
-  ///
-  /// * [String] key:
-  ///
-  /// * [String] slug:
-  ///
-  /// * [String] uploadComplete:
-  ///   Structured boolean indicating whether this request completes the file. Use Upload-Incomplete instead for version <= 3.
-  ///
-  /// * [String] uploadDraftInteropVersion:
-  ///   Indicates the version of the RUFH protocol supported by the client.
-  Future<UploadOkDto?> startUpload(String contentLength, String reprDigest, String xImmichAssetData, { String? key, String? slug, String? uploadComplete, String? uploadDraftInteropVersion, }) async {
-    final response = await startUploadWithHttpInfo(contentLength, reprDigest, xImmichAssetData,  key: key, slug: slug, uploadComplete: uploadComplete, uploadDraftInteropVersion: uploadDraftInteropVersion, );
-    if (response.statusCode >= HttpStatus.badRequest) {
-      throw ApiException(response.statusCode, await _decodeBodyBytes(response));
-    }
-    // When a remote server returns no body with a status of 204, we shall not decode it.
-    // At the time of writing this, `dart:convert` will throw an "Unexpected end of input"
-    // FormatException when trying to decode an empty string.
-    if (response.body.isNotEmpty && response.statusCode != HttpStatus.noContent) {
-      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'UploadOkDto',) as UploadOkDto;
-    
-    }
-    return null;
-  }
-}
--- a/mobile/openapi/lib/api_client.dart
+++ b/mobile/openapi/lib/api_client.dart
@@ -740,10 +740,6 @@ class ApiClient {
          return UpdateAssetDto.fromJson(value);
        case 'UpdateLibraryDto':
          return UpdateLibraryDto.fromJson(value);
-        case 'UploadBackupConfig':
-          return UploadBackupConfig.fromJson(value);
-        case 'UploadOkDto':
-          return UploadOkDto.fromJson(value);
        case 'UsageByUserDto':
          return UsageByUserDto.fromJson(value);
        case 'UserAdminCreateDto':
--- a/mobile/openapi/lib/model/login_response_dto.dart
+++ b/mobile/openapi/lib/model/login_response_dto.dart
@@ -17,6 +17,7 @@ class LoginResponseDto {
    required this.isAdmin,
    required this.isOnboarded,
    required this.name,
+    this.permissions = const [],
    required this.profileImagePath,
    required this.shouldChangePassword,
    required this.userEmail,
@@ -31,6 +32,8 @@ class LoginResponseDto {

  String name;

+  List<Permission> permissions;
+
  String profileImagePath;

  bool shouldChangePassword;
@@ -45,6 +48,7 @@ class LoginResponseDto {
    other.isAdmin == isAdmin &&
    other.isOnboarded == isOnboarded &&
    other.name == name &&
+    _deepEquality.equals(other.permissions, permissions) &&
    other.profileImagePath == profileImagePath &&
    other.shouldChangePassword == shouldChangePassword &&
    other.userEmail == userEmail &&
@@ -57,13 +61,14 @@ class LoginResponseDto {
    (isAdmin.hashCode) +
    (isOnboarded.hashCode) +
    (name.hashCode) +
+    (permissions.hashCode) +
    (profileImagePath.hashCode) +
    (shouldChangePassword.hashCode) +
    (userEmail.hashCode) +
    (userId.hashCode);

  @override
-  String toString() => 'LoginResponseDto[accessToken=$accessToken, isAdmin=$isAdmin, isOnboarded=$isOnboarded, name=$name, profileImagePath=$profileImagePath, shouldChangePassword=$shouldChangePassword, userEmail=$userEmail, userId=$userId]';
+  String toString() => 'LoginResponseDto[accessToken=$accessToken, isAdmin=$isAdmin, isOnboarded=$isOnboarded, name=$name, permissions=$permissions, profileImagePath=$profileImagePath, shouldChangePassword=$shouldChangePassword, userEmail=$userEmail, userId=$userId]';

  Map<String, dynamic> toJson() {
    final json = <String, dynamic>{};
@@ -71,6 +76,7 @@ class LoginResponseDto {
      json[r'isAdmin'] = this.isAdmin;
      json[r'isOnboarded'] = this.isOnboarded;
      json[r'name'] = this.name;
+      json[r'permissions'] = this.permissions;
      json[r'profileImagePath'] = this.profileImagePath;
      json[r'shouldChangePassword'] = this.shouldChangePassword;
      json[r'userEmail'] = this.userEmail;
@@ -91,6 +97,7 @@ class LoginResponseDto {
        isAdmin: mapValueOfType<bool>(json, r'isAdmin')!,
        isOnboarded: mapValueOfType<bool>(json, r'isOnboarded')!,
        name: mapValueOfType<String>(json, r'name')!,
+        permissions: Permission.listFromJson(json[r'permissions']),
        profileImagePath: mapValueOfType<String>(json, r'profileImagePath')!,
        shouldChangePassword: mapValueOfType<bool>(json, r'shouldChangePassword')!,
        userEmail: mapValueOfType<String>(json, r'userEmail')!,
@@ -146,6 +153,7 @@ class LoginResponseDto {
    'isAdmin',
    'isOnboarded',
    'name',
+    'permissions',
    'profileImagePath',
    'shouldChangePassword',
    'userEmail',
--- a/mobile/openapi/lib/model/session_create_response_dto.dart
+++ b/mobile/openapi/lib/model/session_create_response_dto.dart
@@ -20,6 +20,7 @@ class SessionCreateResponseDto {
    this.expiresAt,
    required this.id,
    required this.isPendingSyncReset,
+    this.permissions = const [],
    required this.token,
    required this.updatedAt,
  });
@@ -44,6 +45,8 @@ class SessionCreateResponseDto {

  bool isPendingSyncReset;

+  List<Permission> permissions;
+
  String token;

  String updatedAt;
@@ -57,6 +60,7 @@ class SessionCreateResponseDto {
    other.expiresAt == expiresAt &&
    other.id == id &&
    other.isPendingSyncReset == isPendingSyncReset &&
+    _deepEquality.equals(other.permissions, permissions) &&
    other.token == token &&
    other.updatedAt == updatedAt;

@@ -70,11 +74,12 @@ class SessionCreateResponseDto {
    (expiresAt == null ? 0 : expiresAt!.hashCode) +
    (id.hashCode) +
    (isPendingSyncReset.hashCode) +
+    (permissions.hashCode) +
    (token.hashCode) +
    (updatedAt.hashCode);

  @override
-  String toString() => 'SessionCreateResponseDto[createdAt=$createdAt, current=$current, deviceOS=$deviceOS, deviceType=$deviceType, expiresAt=$expiresAt, id=$id, isPendingSyncReset=$isPendingSyncReset, token=$token, updatedAt=$updatedAt]';
+  String toString() => 'SessionCreateResponseDto[createdAt=$createdAt, current=$current, deviceOS=$deviceOS, deviceType=$deviceType, expiresAt=$expiresAt, id=$id, isPendingSyncReset=$isPendingSyncReset, permissions=$permissions, token=$token, updatedAt=$updatedAt]';

  Map<String, dynamic> toJson() {
    final json = <String, dynamic>{};
@@ -89,6 +94,7 @@ class SessionCreateResponseDto {
    }
      json[r'id'] = this.id;
      json[r'isPendingSyncReset'] = this.isPendingSyncReset;
+      json[r'permissions'] = this.permissions;
      json[r'token'] = this.token;
      json[r'updatedAt'] = this.updatedAt;
    return json;
@@ -110,6 +116,7 @@ class SessionCreateResponseDto {
        expiresAt: mapValueOfType<String>(json, r'expiresAt'),
        id: mapValueOfType<String>(json, r'id')!,
        isPendingSyncReset: mapValueOfType<bool>(json, r'isPendingSyncReset')!,
+        permissions: Permission.listFromJson(json[r'permissions']),
        token: mapValueOfType<String>(json, r'token')!,
        updatedAt: mapValueOfType<String>(json, r'updatedAt')!,
      );
@@ -165,6 +172,7 @@ class SessionCreateResponseDto {
    'deviceType',
    'id',
    'isPendingSyncReset',
+    'permissions',
    'token',
    'updatedAt',
  };
--- a/mobile/openapi/lib/model/session_response_dto.dart
+++ b/mobile/openapi/lib/model/session_response_dto.dart
@@ -20,6 +20,7 @@ class SessionResponseDto {
    this.expiresAt,
    required this.id,
    required this.isPendingSyncReset,
+    this.permissions = const [],
    required this.updatedAt,
  });

@@ -43,6 +44,8 @@ class SessionResponseDto {

  bool isPendingSyncReset;

+  List<Permission> permissions;
+
  String updatedAt;

  @override
@@ -54,6 +57,7 @@ class SessionResponseDto {
    other.expiresAt == expiresAt &&
    other.id == id &&
    other.isPendingSyncReset == isPendingSyncReset &&
+    _deepEquality.equals(other.permissions, permissions) &&
    other.updatedAt == updatedAt;

  @override
@@ -66,10 +70,11 @@ class SessionResponseDto {
    (expiresAt == null ? 0 : expiresAt!.hashCode) +
    (id.hashCode) +
    (isPendingSyncReset.hashCode) +
+    (permissions.hashCode) +
    (updatedAt.hashCode);

  @override
-  String toString() => 'SessionResponseDto[createdAt=$createdAt, current=$current, deviceOS=$deviceOS, deviceType=$deviceType, expiresAt=$expiresAt, id=$id, isPendingSyncReset=$isPendingSyncReset, updatedAt=$updatedAt]';
+  String toString() => 'SessionResponseDto[createdAt=$createdAt, current=$current, deviceOS=$deviceOS, deviceType=$deviceType, expiresAt=$expiresAt, id=$id, isPendingSyncReset=$isPendingSyncReset, permissions=$permissions, updatedAt=$updatedAt]';

  Map<String, dynamic> toJson() {
    final json = <String, dynamic>{};
@@ -84,6 +89,7 @@ class SessionResponseDto {
    }
      json[r'id'] = this.id;
      json[r'isPendingSyncReset'] = this.isPendingSyncReset;
+      json[r'permissions'] = this.permissions;
      json[r'updatedAt'] = this.updatedAt;
    return json;
  }
@@ -104,6 +110,7 @@ class SessionResponseDto {
        expiresAt: mapValueOfType<String>(json, r'expiresAt'),
        id: mapValueOfType<String>(json, r'id')!,
        isPendingSyncReset: mapValueOfType<bool>(json, r'isPendingSyncReset')!,
+        permissions: Permission.listFromJson(json[r'permissions']),
        updatedAt: mapValueOfType<String>(json, r'updatedAt')!,
      );
    }
@@ -158,6 +165,7 @@ class SessionResponseDto {
    'deviceType',
    'id',
    'isPendingSyncReset',
+    'permissions',
    'updatedAt',
  };
 }
--- a/mobile/openapi/lib/model/system_config_backups_dto.dart
+++ b/mobile/openapi/lib/model/system_config_backups_dto.dart
@@ -14,31 +14,25 @@ class SystemConfigBackupsDto {
  /// Returns a new [SystemConfigBackupsDto] instance.
  SystemConfigBackupsDto({
    required this.database,
-    required this.upload,
  });

  DatabaseBackupConfig database;

-  UploadBackupConfig upload;
-
  @override
  bool operator ==(Object other) => identical(this, other) || other is SystemConfigBackupsDto &&
-    other.database == database &&
-    other.upload == upload;
+    other.database == database;

  @override
  int get hashCode =>
    // ignore: unnecessary_parenthesis
-    (database.hashCode) +
-    (upload.hashCode);
+    (database.hashCode);

  @override
-  String toString() => 'SystemConfigBackupsDto[database=$database, upload=$upload]';
+  String toString() => 'SystemConfigBackupsDto[database=$database]';

  Map<String, dynamic> toJson() {
    final json = <String, dynamic>{};
      json[r'database'] = this.database;
-      json[r'upload'] = this.upload;
    return json;
  }

@@ -52,7 +46,6 @@ class SystemConfigBackupsDto {

      return SystemConfigBackupsDto(
        database: DatabaseBackupConfig.fromJson(json[r'database'])!,
-        upload: UploadBackupConfig.fromJson(json[r'upload'])!,
      );
    }
    return null;
@@ -101,7 +94,6 @@ class SystemConfigBackupsDto {
  /// The list of required keys that must be present in a JSON.
  static const requiredKeys = <String>{
    'database',
-    'upload',
  };
 }

--- a/mobile/openapi/lib/model/system_config_nightly_tasks_dto.dart
+++ b/mobile/openapi/lib/model/system_config_nightly_tasks_dto.dart
@@ -17,7 +17,6 @@ class SystemConfigNightlyTasksDto {
    required this.databaseCleanup,
    required this.generateMemories,
    required this.missingThumbnails,
-    required this.removeStaleUploads,
    required this.startTime,
    required this.syncQuotaUsage,
  });
@@ -30,8 +29,6 @@ class SystemConfigNightlyTasksDto {

  bool missingThumbnails;

-  bool removeStaleUploads;
-
  String startTime;

  bool syncQuotaUsage;
@@ -42,7 +39,6 @@ class SystemConfigNightlyTasksDto {
    other.databaseCleanup == databaseCleanup &&
    other.generateMemories == generateMemories &&
    other.missingThumbnails == missingThumbnails &&
-    other.removeStaleUploads == removeStaleUploads &&
    other.startTime == startTime &&
    other.syncQuotaUsage == syncQuotaUsage;

@@ -53,12 +49,11 @@ class SystemConfigNightlyTasksDto {
    (databaseCleanup.hashCode) +
    (generateMemories.hashCode) +
    (missingThumbnails.hashCode) +
-    (removeStaleUploads.hashCode) +
    (startTime.hashCode) +
    (syncQuotaUsage.hashCode);

  @override
-  String toString() => 'SystemConfigNightlyTasksDto[clusterNewFaces=$clusterNewFaces, databaseCleanup=$databaseCleanup, generateMemories=$generateMemories, missingThumbnails=$missingThumbnails, removeStaleUploads=$removeStaleUploads, startTime=$startTime, syncQuotaUsage=$syncQuotaUsage]';
+  String toString() => 'SystemConfigNightlyTasksDto[clusterNewFaces=$clusterNewFaces, databaseCleanup=$databaseCleanup, generateMemories=$generateMemories, missingThumbnails=$missingThumbnails, startTime=$startTime, syncQuotaUsage=$syncQuotaUsage]';

  Map<String, dynamic> toJson() {
    final json = <String, dynamic>{};
@@ -66,7 +61,6 @@ class SystemConfigNightlyTasksDto {
      json[r'databaseCleanup'] = this.databaseCleanup;
      json[r'generateMemories'] = this.generateMemories;
      json[r'missingThumbnails'] = this.missingThumbnails;
-      json[r'removeStaleUploads'] = this.removeStaleUploads;
      json[r'startTime'] = this.startTime;
      json[r'syncQuotaUsage'] = this.syncQuotaUsage;
    return json;
@@ -85,7 +79,6 @@ class SystemConfigNightlyTasksDto {
        databaseCleanup: mapValueOfType<bool>(json, r'databaseCleanup')!,
        generateMemories: mapValueOfType<bool>(json, r'generateMemories')!,
        missingThumbnails: mapValueOfType<bool>(json, r'missingThumbnails')!,
-        removeStaleUploads: mapValueOfType<bool>(json, r'removeStaleUploads')!,
        startTime: mapValueOfType<String>(json, r'startTime')!,
        syncQuotaUsage: mapValueOfType<bool>(json, r'syncQuotaUsage')!,
      );
@@ -139,7 +132,6 @@ class SystemConfigNightlyTasksDto {
    'databaseCleanup',
    'generateMemories',
    'missingThumbnails',
-    'removeStaleUploads',
    'startTime',
    'syncQuotaUsage',
  };
--- a/mobile/openapi/lib/model/upload_backup_config.dart
+++ b/mobile/openapi/lib/model/upload_backup_config.dart
@@ -1,100 +0,0 @@
-//
-// AUTO-GENERATED FILE, DO NOT MODIFY!
-//
-// @dart=2.18
-
-// ignore_for_file: unused_element, unused_import
-// ignore_for_file: always_put_required_named_parameters_first
-// ignore_for_file: constant_identifier_names
-// ignore_for_file: lines_longer_than_80_chars
-
-part of openapi.api;
-
-class UploadBackupConfig {
-  /// Returns a new [UploadBackupConfig] instance.
-  UploadBackupConfig({
-    required this.maxAgeHours,
-  });
-
-  /// Minimum value: 1
-  num maxAgeHours;
-
-  @override
-  bool operator ==(Object other) => identical(this, other) || other is UploadBackupConfig &&
-    other.maxAgeHours == maxAgeHours;
-
-  @override
-  int get hashCode =>
-    // ignore: unnecessary_parenthesis
-    (maxAgeHours.hashCode);
-
-  @override
-  String toString() => 'UploadBackupConfig[maxAgeHours=$maxAgeHours]';
-
-  Map<String, dynamic> toJson() {
-    final json = <String, dynamic>{};
-      json[r'maxAgeHours'] = this.maxAgeHours;
-    return json;
-  }
-
-  /// Returns a new [UploadBackupConfig] instance and imports its values from
-  /// [value] if it's a [Map], null otherwise.
-  // ignore: prefer_constructors_over_static_methods
-  static UploadBackupConfig? fromJson(dynamic value) {
-    upgradeDto(value, "UploadBackupConfig");
-    if (value is Map) {
-      final json = value.cast<String, dynamic>();
-
-      return UploadBackupConfig(
-        maxAgeHours: num.parse('${json[r'maxAgeHours']}'),
-      );
-    }
-    return null;
-  }
-
-  static List<UploadBackupConfig> listFromJson(dynamic json, {bool growable = false,}) {
-    final result = <UploadBackupConfig>[];
-    if (json is List && json.isNotEmpty) {
-      for (final row in json) {
-        final value = UploadBackupConfig.fromJson(row);
-        if (value != null) {
-          result.add(value);
-        }
-      }
-    }
-    return result.toList(growable: growable);
-  }
-
-  static Map<String, UploadBackupConfig> mapFromJson(dynamic json) {
-    final map = <String, UploadBackupConfig>{};
-    if (json is Map && json.isNotEmpty) {
-      json = json.cast<String, dynamic>(); // ignore: parameter_assignments
-      for (final entry in json.entries) {
-        final value = UploadBackupConfig.fromJson(entry.value);
-        if (value != null) {
-          map[entry.key] = value;
-        }
-      }
-    }
-    return map;
-  }
-
-  // maps a json object with a list of UploadBackupConfig-objects as value to a dart map
-  static Map<String, List<UploadBackupConfig>> mapListFromJson(dynamic json, {bool growable = false,}) {
-    final map = <String, List<UploadBackupConfig>>{};
-    if (json is Map && json.isNotEmpty) {
-      // ignore: parameter_assignments
-      json = json.cast<String, dynamic>();
-      for (final entry in json.entries) {
-        map[entry.key] = UploadBackupConfig.listFromJson(entry.value, growable: growable,);
-      }
-    }
-    return map;
-  }
-
-  /// The list of required keys that must be present in a JSON.
-  static const requiredKeys = <String>{
-    'maxAgeHours',
-  };
-}
-
--- a/mobile/openapi/lib/model/upload_ok_dto.dart
+++ b/mobile/openapi/lib/model/upload_ok_dto.dart
@@ -1,99 +0,0 @@
-//
-// AUTO-GENERATED FILE, DO NOT MODIFY!
-//
-// @dart=2.18
-
-// ignore_for_file: unused_element, unused_import
-// ignore_for_file: always_put_required_named_parameters_first
-// ignore_for_file: constant_identifier_names
-// ignore_for_file: lines_longer_than_80_chars
-
-part of openapi.api;
-
-class UploadOkDto {
-  /// Returns a new [UploadOkDto] instance.
-  UploadOkDto({
-    required this.id,
-  });
-
-  String id;
-
-  @override
-  bool operator ==(Object other) => identical(this, other) || other is UploadOkDto &&
-    other.id == id;
-
-  @override
-  int get hashCode =>
-    // ignore: unnecessary_parenthesis
-    (id.hashCode);
-
-  @override
-  String toString() => 'UploadOkDto[id=$id]';
-
-  Map<String, dynamic> toJson() {
-    final json = <String, dynamic>{};
-      json[r'id'] = this.id;
-    return json;
-  }
-
-  /// Returns a new [UploadOkDto] instance and imports its values from
-  /// [value] if it's a [Map], null otherwise.
-  // ignore: prefer_constructors_over_static_methods
-  static UploadOkDto? fromJson(dynamic value) {
-    upgradeDto(value, "UploadOkDto");
-    if (value is Map) {
-      final json = value.cast<String, dynamic>();
-
-      return UploadOkDto(
-        id: mapValueOfType<String>(json, r'id')!,
-      );
-    }
-    return null;
-  }
-
-  static List<UploadOkDto> listFromJson(dynamic json, {bool growable = false,}) {
-    final result = <UploadOkDto>[];
-    if (json is List && json.isNotEmpty) {
-      for (final row in json) {
-        final value = UploadOkDto.fromJson(row);
-        if (value != null) {
-          result.add(value);
-        }
-      }
-    }
-    return result.toList(growable: growable);
-  }
-
-  static Map<String, UploadOkDto> mapFromJson(dynamic json) {
-    final map = <String, UploadOkDto>{};
-    if (json is Map && json.isNotEmpty) {
-      json = json.cast<String, dynamic>(); // ignore: parameter_assignments
-      for (final entry in json.entries) {
-        final value = UploadOkDto.fromJson(entry.value);
-        if (value != null) {
-          map[entry.key] = value;
-        }
-      }
-    }
-    return map;
-  }
-
-  // maps a json object with a list of UploadOkDto-objects as value to a dart map
-  static Map<String, List<UploadOkDto>> mapListFromJson(dynamic json, {bool growable = false,}) {
-    final map = <String, List<UploadOkDto>>{};
-    if (json is Map && json.isNotEmpty) {
-      // ignore: parameter_assignments
-      json = json.cast<String, dynamic>();
-      for (final entry in json.entries) {
-        map[entry.key] = UploadOkDto.listFromJson(entry.value, growable: growable,);
-      }
-    }
-    return map;
-  }
-
-  /// The list of required keys that must be present in a JSON.
-  static const requiredKeys = <String>{
-    'id',
-  };
-}
-
--- a/mobile/pigeon/native_sync_api.dart
+++ b/mobile/pigeon/native_sync_api.dart
@@ -106,8 +106,5 @@ abstract class NativeSyncApi {
  @TaskQueue(type: TaskQueueType.serialBackgroundThread)
  List<HashResult> hashAssets(List<String> assetIds, {bool allowNetworkAccess = false});

-  @async
-  bool uploadAsset();
-
  void cancelHashing();
 }
--- a/mobile/pubspec.lock
+++ b/mobile/pubspec.lock
@@ -317,10 +317,10 @@ packages:
    dependency: "direct main"
    description:
      name: connectivity_plus
-      sha256: b5e72753cf63becce2c61fd04dfe0f1c430cc5278b53a1342dc5ad839eab29ec
+      sha256: "04bf81bb0b77de31557b58d052b24b3eee33f09a6e7a8c68a3e247c7df19ec27"
      url: "https://pub.dev"
    source: hosted
-    version: "6.1.5"
+    version: "6.1.3"
  connectivity_plus_platform_interface:
    dependency: transitive
    description:
@@ -1022,34 +1022,25 @@ packages:
  isar:
    dependency: "direct main"
    description:
-      path: "packages/isar"
-      ref: bb1dca40fe87a001122e5d43bc6254718cb49f3a
-      resolved-ref: bb1dca40fe87a001122e5d43bc6254718cb49f3a
-      url: "https://github.com/immich-app/isar"
-    source: git
-    version: "3.1.8"
-  isar_community:
-    dependency: transitive
-    description:
-      name: isar_community
-      sha256: "28f59e54636c45ba0bb1b3b7f2656f1c50325f740cea6efcd101900be3fba546"
-      url: "https://pub.dev"
+      name: isar
+      sha256: e17a9555bc7f22ff26568b8c64d019b4ffa2dc6bd4cb1c8d9b269aefd32e53ad
+      url: "https://pub.isar-community.dev"
    source: hosted
-    version: "3.3.0-dev.3"
-  isar_community_flutter_libs:
+    version: "3.1.8"
+  isar_flutter_libs:
    dependency: "direct main"
    description:
-      name: isar_community_flutter_libs
-      sha256: c2934fe755bb3181cb67602fd5df0d080b3d3eb52799f98623aa4fc5acbea010
-      url: "https://pub.dev"
+      name: isar_flutter_libs
+      sha256: "78710781e658ce4bff59b3f38c5b2735e899e627f4e926e1221934e77b95231a"
+      url: "https://pub.isar-community.dev"
    source: hosted
-    version: "3.3.0-dev.3"
+    version: "3.1.8"
  isar_generator:
    dependency: "direct dev"
    description:
      path: "packages/isar_generator"
-      ref: bb1dca40fe87a001122e5d43bc6254718cb49f3a
-      resolved-ref: bb1dca40fe87a001122e5d43bc6254718cb49f3a
+      ref: v3
+      resolved-ref: ad574f60ed6f39d2995cd16fc7dc3de9a646ef30
      url: "https://github.com/immich-app/isar"
    source: git
    version: "3.1.8"
--- a/mobile/pubspec.yaml
+++ b/mobile/pubspec.yaml
@@ -8,6 +8,8 @@ environment:
  sdk: '>=3.8.0 <4.0.0'
  flutter: 3.35.4

+isar_version: &isar_version 3.1.8
+
 dependencies:
  flutter:
    sdk: flutter
@@ -79,11 +81,11 @@ dependencies:
  openapi:
    path: openapi
  isar:
-    git:
-      url: https://github.com/immich-app/isar
-      ref: 'bb1dca40fe87a001122e5d43bc6254718cb49f3a'
-      path: packages/isar/
-  isar_community_flutter_libs: 3.3.0-dev.3
+    version: *isar_version
+    hosted: https://pub.isar-community.dev/
+  isar_flutter_libs: # contains Isar Core
+    version: *isar_version
+    hosted: https://pub.isar-community.dev/
  # DB
  drift: ^2.23.1
  drift_flutter: ^0.2.4
@@ -99,7 +101,7 @@ dev_dependencies:
  isar_generator:
    git:
      url: https://github.com/immich-app/isar
-      ref: 'bb1dca40fe87a001122e5d43bc6254718cb49f3a'
+      ref: v3
      path: packages/isar_generator/
  integration_test:
    sdk: flutter
--- a/open-api/immich-openapi-specs.json
+++ b/open-api/immich-openapi-specs.json
@@ -9225,324 +9225,6 @@
        "description": "This endpoint requires the `asset.delete` permission."
      }
    },
-    "/upload": {
-      "options": {
-        "operationId": "getUploadOptions",
-        "parameters": [],
-        "responses": {
-          "204": {
-            "description": ""
-          }
-        },
-        "tags": [
-          "Upload"
-        ]
-      },
-      "post": {
-        "operationId": "startUpload",
-        "parameters": [
-          {
-            "name": "content-length",
-            "in": "header",
-            "description": "Non-negative size of the request body in bytes.",
-            "required": true,
-            "schema": {
-              "type": "string"
-            }
-          },
-          {
-            "name": "key",
-            "required": false,
-            "in": "query",
-            "schema": {
-              "type": "string"
-            }
-          },
-          {
-            "name": "repr-digest",
-            "in": "header",
-            "description": "RFC 9651 structured dictionary containing an `sha` (bytesequence) checksum used to detect duplicate files and validate data integrity.",
-            "required": true,
-            "schema": {
-              "type": "string"
-            }
-          },
-          {
-            "name": "slug",
-            "required": false,
-            "in": "query",
-            "schema": {
-              "type": "string"
-            }
-          },
-          {
-            "name": "upload-complete",
-            "in": "header",
-            "description": "Structured boolean indicating whether this request completes the file. Use Upload-Incomplete instead for version <= 3.",
-            "required": false,
-            "schema": {
-              "type": "string"
-            }
-          },
-          {
-            "name": "upload-draft-interop-version",
-            "in": "header",
-            "description": "Indicates the version of the RUFH protocol supported by the client.",
-            "required": false,
-            "schema": {
-              "type": "string"
-            }
-          },
-          {
-            "name": "x-immich-asset-data",
-            "in": "header",
-            "description": "RFC 9651 structured dictionary containing asset metadata with the following keys:\n- device-asset-id (string, required): Unique device asset identifier\n- device-id (string, required): Device identifier\n- file-created-at (string/date, required): ISO 8601 date string or Unix timestamp\n- file-modified-at (string/date, required): ISO 8601 date string or Unix timestamp\n- filename (string, required): Original filename\n- is-favorite (boolean, optional): Favorite status\n- live-photo-video-id (string, optional): Live photo ID for assets from iOS devices\n- icloud-id (string, optional): iCloud identifier for assets from iOS devices",
-            "required": true,
-            "schema": {
-              "type": "string"
-            }
-          }
-        ],
-        "responses": {
-          "200": {
-            "content": {
-              "application/json": {
-                "schema": {
-                  "$ref": "#/components/schemas/UploadOkDto"
-                }
-              }
-            },
-            "description": ""
-          },
-          "201": {
-            "description": ""
-          }
-        },
-        "security": [
-          {
-            "bearer": []
-          },
-          {
-            "cookie": []
-          },
-          {
-            "api_key": []
-          }
-        ],
-        "tags": [
-          "Upload"
-        ],
-        "x-immich-permission": "asset.upload",
-        "description": "This endpoint requires the `asset.upload` permission."
-      }
-    },
-    "/upload/{id}": {
-      "delete": {
-        "operationId": "cancelUpload",
-        "parameters": [
-          {
-            "name": "id",
-            "required": true,
-            "in": "path",
-            "schema": {
-              "format": "uuid",
-              "type": "string"
-            }
-          },
-          {
-            "name": "key",
-            "required": false,
-            "in": "query",
-            "schema": {
-              "type": "string"
-            }
-          },
-          {
-            "name": "slug",
-            "required": false,
-            "in": "query",
-            "schema": {
-              "type": "string"
-            }
-          }
-        ],
-        "responses": {
-          "200": {
-            "description": ""
-          }
-        },
-        "security": [
-          {
-            "bearer": []
-          },
-          {
-            "cookie": []
-          },
-          {
-            "api_key": []
-          }
-        ],
-        "tags": [
-          "Upload"
-        ],
-        "x-immich-permission": "asset.upload",
-        "description": "This endpoint requires the `asset.upload` permission."
-      },
-      "head": {
-        "operationId": "getUploadStatus",
-        "parameters": [
-          {
-            "name": "id",
-            "required": true,
-            "in": "path",
-            "schema": {
-              "format": "uuid",
-              "type": "string"
-            }
-          },
-          {
-            "name": "key",
-            "required": false,
-            "in": "query",
-            "schema": {
-              "type": "string"
-            }
-          },
-          {
-            "name": "slug",
-            "required": false,
-            "in": "query",
-            "schema": {
-              "type": "string"
-            }
-          },
-          {
-            "name": "upload-draft-interop-version",
-            "in": "header",
-            "description": "Indicates the version of the RUFH protocol supported by the client.",
-            "required": true,
-            "schema": {
-              "type": "string"
-            }
-          }
-        ],
-        "responses": {
-          "200": {
-            "description": ""
-          }
-        },
-        "security": [
-          {
-            "bearer": []
-          },
-          {
-            "cookie": []
-          },
-          {
-            "api_key": []
-          }
-        ],
-        "tags": [
-          "Upload"
-        ],
-        "x-immich-permission": "asset.upload",
-        "description": "This endpoint requires the `asset.upload` permission."
-      },
-      "patch": {
-        "operationId": "resumeUpload",
-        "parameters": [
-          {
-            "name": "content-length",
-            "in": "header",
-            "description": "Non-negative size of the request body in bytes.",
-            "required": true,
-            "schema": {
-              "type": "string"
-            }
-          },
-          {
-            "name": "id",
-            "required": true,
-            "in": "path",
-            "schema": {
-              "format": "uuid",
-              "type": "string"
-            }
-          },
-          {
-            "name": "key",
-            "required": false,
-            "in": "query",
-            "schema": {
-              "type": "string"
-            }
-          },
-          {
-            "name": "slug",
-            "required": false,
-            "in": "query",
-            "schema": {
-              "type": "string"
-            }
-          },
-          {
-            "name": "upload-complete",
-            "in": "header",
-            "description": "Structured boolean indicating whether this request completes the file. Use Upload-Incomplete instead for version <= 3.",
-            "required": true,
-            "schema": {
-              "type": "string"
-            }
-          },
-          {
-            "name": "upload-draft-interop-version",
-            "in": "header",
-            "description": "Indicates the version of the RUFH protocol supported by the client.",
-            "required": true,
-            "schema": {
-              "type": "string"
-            }
-          },
-          {
-            "name": "upload-offset",
-            "in": "header",
-            "description": "Non-negative byte offset indicating the starting position of the data in the request body within the entire file.",
-            "required": true,
-            "schema": {
-              "type": "string"
-            }
-          }
-        ],
-        "responses": {
-          "200": {
-            "content": {
-              "application/json": {
-                "schema": {
-                  "$ref": "#/components/schemas/UploadOkDto"
-                }
-              }
-            },
-            "description": ""
-          }
-        },
-        "security": [
-          {
-            "bearer": []
-          },
-          {
-            "cookie": []
-          },
-          {
-            "api_key": []
-          }
-        ],
-        "tags": [
-          "Upload"
-        ],
-        "x-immich-permission": "asset.upload",
-        "description": "This endpoint requires the `asset.upload` permission."
-      }
-    },
    "/users": {
      "get": {
        "operationId": "searchUsers",
@@ -12537,6 +12219,12 @@
          "name": {
            "type": "string"
          },
+          "permissions": {
+            "items": {
+              "$ref": "#/components/schemas/Permission"
+            },
+            "type": "array"
+          },
          "profileImagePath": {
            "type": "string"
          },
@@ -12555,6 +12243,7 @@
          "isAdmin",
          "isOnboarded",
          "name",
+          "permissions",
          "profileImagePath",
          "shouldChangePassword",
          "userEmail",
@@ -14619,6 +14308,12 @@
          "isPendingSyncReset": {
            "type": "boolean"
          },
+          "permissions": {
+            "items": {
+              "$ref": "#/components/schemas/Permission"
+            },
+            "type": "array"
+          },
          "token": {
            "type": "string"
          },
@@ -14633,6 +14328,7 @@
          "deviceType",
          "id",
          "isPendingSyncReset",
+          "permissions",
          "token",
          "updatedAt"
        ],
@@ -14661,6 +14357,12 @@
          "isPendingSyncReset": {
            "type": "boolean"
          },
+          "permissions": {
+            "items": {
+              "$ref": "#/components/schemas/Permission"
+            },
+            "type": "array"
+          },
          "updatedAt": {
            "type": "string"
          }
@@ -14672,6 +14374,7 @@
          "deviceType",
          "id",
          "isPendingSyncReset",
+          "permissions",
          "updatedAt"
        ],
        "type": "object"
@@ -16296,14 +15999,10 @@
        "properties": {
          "database": {
            "$ref": "#/components/schemas/DatabaseBackupConfig"
-          },
-          "upload": {
-            "$ref": "#/components/schemas/UploadBackupConfig"
          }
        },
        "required": [
-          "database",
-          "upload"
+          "database"
        ],
        "type": "object"
      },
@@ -16828,9 +16527,6 @@
          "missingThumbnails": {
            "type": "boolean"
          },
-          "removeStaleUploads": {
-            "type": "boolean"
-          },
          "startTime": {
            "type": "string"
          },
@@ -16843,7 +16539,6 @@
          "databaseCleanup",
          "generateMemories",
          "missingThumbnails",
-          "removeStaleUploads",
          "startTime",
          "syncQuotaUsage"
        ],
@@ -17692,29 +17387,6 @@
        },
        "type": "object"
      },
-      "UploadBackupConfig": {
-        "properties": {
-          "maxAgeHours": {
-            "minimum": 1,
-            "type": "number"
-          }
-        },
-        "required": [
-          "maxAgeHours"
-        ],
-        "type": "object"
-      },
-      "UploadOkDto": {
-        "properties": {
-          "id": {
-            "type": "string"
-          }
-        },
-        "required": [
-          "id"
-        ],
-        "type": "object"
-      },
      "UsageByUserDto": {
        "properties": {
          "photos": {
--- a/open-api/typescript-sdk/package.json
+++ b/open-api/typescript-sdk/package.json
@@ -19,7 +19,7 @@
    "@oazapfts/runtime": "^1.0.2"
  },
  "devDependencies": {
-    "@types/node": "^22.18.8",
+    "@types/node": "^22.18.1",
    "typescript": "^5.3.3"
  },
  "repository": {
--- a/open-api/typescript-sdk/src/fetch-client.ts
+++ b/open-api/typescript-sdk/src/fetch-client.ts
@@ -556,6 +556,7 @@ export type LoginResponseDto = {
    isAdmin: boolean;
    isOnboarded: boolean;
    name: string;
+    permissions: Permission[];
    profileImagePath: string;
    shouldChangePassword: boolean;
    userEmail: string;
@@ -1194,6 +1195,7 @@ export type SessionResponseDto = {
    expiresAt?: string;
    id: string;
    isPendingSyncReset: boolean;
+    permissions: Permission[];
    updatedAt: string;
 };
 export type SessionCreateDto = {
@@ -1210,6 +1212,7 @@ export type SessionCreateResponseDto = {
    expiresAt?: string;
    id: string;
    isPendingSyncReset: boolean;
+    permissions: Permission[];
    token: string;
    updatedAt: string;
 };
@@ -1309,12 +1312,8 @@ export type DatabaseBackupConfig = {
    enabled: boolean;
    keepLastAmount: number;
 };
-export type UploadBackupConfig = {
-    maxAgeHours: number;
-};
 export type SystemConfigBackupsDto = {
    database: DatabaseBackupConfig;
-    upload: UploadBackupConfig;
 };
 export type SystemConfigFFmpegDto = {
    accel: TranscodeHWAccel;
@@ -1434,7 +1433,6 @@ export type SystemConfigNightlyTasksDto = {
    databaseCleanup: boolean;
    generateMemories: boolean;
    missingThumbnails: boolean;
-    removeStaleUploads: boolean;
    startTime: string;
    syncQuotaUsage: boolean;
 };
@@ -1600,9 +1598,6 @@ export type TimeBucketsResponseDto = {
 export type TrashResponseDto = {
    count: number;
 };
-export type UploadOkDto = {
-    id: string;
-};
 export type UserUpdateMeDto = {
    avatarColor?: (UserAvatarColor) | null;
    email?: string;
@@ -4425,109 +4420,6 @@ export function restoreAssets({ bulkIdsDto }: {
        body: bulkIdsDto
    })));
 }
-export function getUploadOptions(opts?: Oazapfts.RequestOpts) {
-    return oazapfts.ok(oazapfts.fetchText("/upload", {
-        ...opts,
-        method: "OPTIONS"
-    }));
-}
-/**
- * This endpoint requires the `asset.upload` permission.
- */
-export function startUpload({ contentLength, key, reprDigest, slug, uploadComplete, uploadDraftInteropVersion, xImmichAssetData }: {
-    contentLength: string;
-    key?: string;
-    reprDigest: string;
-    slug?: string;
-    uploadComplete?: string;
-    uploadDraftInteropVersion?: string;
-    xImmichAssetData: string;
-}, opts?: Oazapfts.RequestOpts) {
-    return oazapfts.ok(oazapfts.fetchJson<{
-        status: 200;
-        data: UploadOkDto;
-    } | {
-        status: 201;
-    }>(`/upload${QS.query(QS.explode({
-        key,
-        slug
-    }))}`, {
-        ...opts,
-        method: "POST",
-        headers: oazapfts.mergeHeaders(opts?.headers, {
-            "content-length": contentLength,
-            "repr-digest": reprDigest,
-            "upload-complete": uploadComplete,
-            "upload-draft-interop-version": uploadDraftInteropVersion,
-            "x-immich-asset-data": xImmichAssetData
-        })
-    }));
-}
-/**
- * This endpoint requires the `asset.upload` permission.
- */
-export function cancelUpload({ id, key, slug }: {
-    id: string;
-    key?: string;
-    slug?: string;
-}, opts?: Oazapfts.RequestOpts) {
-    return oazapfts.ok(oazapfts.fetchText(`/upload/${encodeURIComponent(id)}${QS.query(QS.explode({
-        key,
-        slug
-    }))}`, {
-        ...opts,
-        method: "DELETE"
-    }));
-}
-/**
- * This endpoint requires the `asset.upload` permission.
- */
-export function getUploadStatus({ id, key, slug, uploadDraftInteropVersion }: {
-    id: string;
-    key?: string;
-    slug?: string;
-    uploadDraftInteropVersion: string;
-}, opts?: Oazapfts.RequestOpts) {
-    return oazapfts.ok(oazapfts.fetchText(`/upload/${encodeURIComponent(id)}${QS.query(QS.explode({
-        key,
-        slug
-    }))}`, {
-        ...opts,
-        method: "HEAD",
-        headers: oazapfts.mergeHeaders(opts?.headers, {
-            "upload-draft-interop-version": uploadDraftInteropVersion
-        })
-    }));
-}
-/**
- * This endpoint requires the `asset.upload` permission.
- */
-export function resumeUpload({ contentLength, id, key, slug, uploadComplete, uploadDraftInteropVersion, uploadOffset }: {
-    contentLength: string;
-    id: string;
-    key?: string;
-    slug?: string;
-    uploadComplete: string;
-    uploadDraftInteropVersion: string;
-    uploadOffset: string;
-}, opts?: Oazapfts.RequestOpts) {
-    return oazapfts.ok(oazapfts.fetchJson<{
-        status: 200;
-        data: UploadOkDto;
-    }>(`/upload/${encodeURIComponent(id)}${QS.query(QS.explode({
-        key,
-        slug
-    }))}`, {
-        ...opts,
-        method: "PATCH",
-        headers: oazapfts.mergeHeaders(opts?.headers, {
-            "content-length": contentLength,
-            "upload-complete": uploadComplete,
-            "upload-draft-interop-version": uploadDraftInteropVersion,
-            "upload-offset": uploadOffset
-        })
-    }));
-}
 /**
 * This endpoint requires the `user.read` permission.
 */
--- a/package.json
+++ b/package.json
@@ -3,7 +3,7 @@
  "version": "0.0.1",
  "description": "Monorepo for Immich",
  "private": true,
-  "packageManager": "pnpm@10.18.0+sha512.e804f889f1cecc40d572db084eec3e4881739f8dec69c0ff10d2d1beff9a4e309383ba27b5b750059d7f4c149535b6cd0d2cb1ed3aeb739239a4284a68f40cfa",
+  "packageManager": "pnpm@10.15.1+sha512.34e538c329b5553014ca8e8f4535997f96180a1d0f614339357449935350d924e22f8614682191264ec33d1462ac21561aff97f6bb18065351c162c7e8f6de67",
  "engines": {
    "pnpm": ">=10.0.0"
  }
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
--- a/pnpm-workspace.yaml
+++ b/pnpm-workspace.yaml
@@ -27,7 +27,7 @@ onlyBuiltDependencies:
  - '@tailwindcss/oxide'
 overrides:
  canvas: 2.11.2
-  sharp: ^0.34.4
+  sharp: ^0.34.3
 packageExtensions:
  nestjs-kysely:
    dependencies:
--- a/readme_i18n/README_ar_JO.md
+++ b/readme_i18n/README_ar_JO.md
@@ -28,8 +28,7 @@
  <a href="README_de_DE.md">Deutsch</a>
  <a href="README_nl_NL.md">Nederlands</a>
  <a href="README_tr_TR.md">Türkçe</a>
-  <a href="README_zh_CN.md">简体中文</a>
-  <a href="README_zh_TW.md">正體中文</a>
+  <a href="README_zh_CN.md">中文</a>
  <a href="README_uk_UA.md">Українська</a>
  <a href="README_ru_RU.md">Русский</a>
  <a href="README_pt_BR.md">Português Brasileiro</a>
--- a/readme_i18n/README_ca_ES.md
+++ b/readme_i18n/README_ca_ES.md
@@ -27,8 +27,7 @@
  <a href="README_de_DE.md">Deutsch</a>
  <a href="README_nl_NL.md">Nederlands</a>
  <a href="README_tr_TR.md">Türkçe</a>
-  <a href="README_zh_CN.md">简体中文</a>
-  <a href="README_zh_TW.md">正體中文</a>
+  <a href="README_zh_CN.md">中文</a>
  <a href="README_uk_UA.md">Українська</a>
  <a href="README_ru_RU.md">Русский</a>
  <a href="README_pt_BR.md">Português Brasileiro</a>
--- a/readme_i18n/README_de_DE.md
+++ b/readme_i18n/README_de_DE.md
@@ -27,8 +27,7 @@
  <a href="README_ko_KR.md">한국어</a>
  <a href="README_nl_NL.md">Nederlands</a>
  <a href="README_tr_TR.md">Türkçe</a>
-  <a href="README_zh_CN.md">简体中文</a>
-  <a href="README_zh_TW.md">正體中文</a>
+  <a href="README_zh_CN.md">中文</a>
  <a href="README_uk_UA.md">Українська</a>
  <a href="README_ru_RU.md">Русский</a>
  <a href="README_pt_BR.md">Português Brasileiro</a>
--- a/readme_i18n/README_es_ES.md
+++ b/readme_i18n/README_es_ES.md
@@ -27,8 +27,7 @@
  <a href="README_de_DE.md">Deutsch</a>
  <a href="README_nl_NL.md">Nederlands</a>
  <a href="README_tr_TR.md">Türkçe</a>
-  <a href="README_zh_CN.md">简体中文</a>
-  <a href="README_zh_TW.md">正體中文</a>
+  <a href="README_zh_CN.md">中文</a>
  <a href="README_uk_UA.md">Українська</a>
  <a href="README_ru_RU.md">Русский</a>
  <a href="README_pt_BR.md">Português Brasileiro</a>
--- a/readme_i18n/README_fr_FR.md
+++ b/readme_i18n/README_fr_FR.md
@@ -27,8 +27,7 @@
  <a href="README_de_DE.md">Deutsch</a>
  <a href="README_nl_NL.md">Nederlands</a>
  <a href="README_tr_TR.md">Türkçe</a>
-  <a href="README_zh_CN.md">简体中文</a>
-  <a href="README_zh_TW.md">正體中文</a>
+  <a href="README_zh_CN.md">中文</a>
  <a href="README_uk_UA.md">Українська</a>
  <a href="README_ru_RU.md">Русский</a>
  <a href="README_pt_BR.md">Português Brasileiro</a>
--- a/readme_i18n/README_it_IT.md
+++ b/readme_i18n/README_it_IT.md
@@ -28,8 +28,7 @@
  <a href="README_de_DE.md">Deutsch</a>
  <a href="README_nl_NL.md">Nederlands</a>
  <a href="README_tr_TR.md">Türkçe</a>
-  <a href="README_zh_CN.md">简体中文</a>
-  <a href="README_zh_TW.md">正體中文</a>
+  <a href="README_zh_CN.md">中文</a>
  <a href="README_uk_UA.md">Українська</a>
  <a href="README_ru_RU.md">Русский</a>
  <a href="README_pt_BR.md">Português Brasileiro</a>
--- a/readme_i18n/README_ja_JP.md
+++ b/readme_i18n/README_ja_JP.md
@@ -27,8 +27,7 @@
  <a href="README_de_DE.md">Deutsch</a>
  <a href="README_nl_NL.md">Nederlands</a>
  <a href="README_tr_TR.md">Türkçe</a>
-  <a href="README_zh_CN.md">简体中文</a>
-  <a href="README_zh_TW.md">正體中文</a>
+  <a href="README_zh_CN.md">中文</a>
  <a href="README_ru_RU.md">Русский</a>
  <a href="README_pt_BR.md">Português Brasileiro</a>
  <a href="README_sv_SE.md">Svenska</a>
--- a/readme_i18n/README_ko_KR.md
+++ b/readme_i18n/README_ko_KR.md
@@ -28,8 +28,7 @@
 <a href="README_de_DE.md">Deutsch</a>
 <a href="README_nl_NL.md">Nederlands</a>
 <a href="README_tr_TR.md">Türkçe</a>
-<a href="README_zh_CN.md">简体中文</a>
-<a href="README_zh_TW.md">正體中文</a>
+<a href="README_zh_CN.md">中文</a>
 <a href="README_uk_UA.md">Українська</a>
 <a href="README_ru_RU.md">Русский</a>
 <a href="README_pt_BR.md">Português Brasileiro</a>
--- a/readme_i18n/README_nl_NL.md
+++ b/readme_i18n/README_nl_NL.md
@@ -27,8 +27,7 @@
  <a href="README_ko_KR.md">한국어</a>
  <a href="README_de_DE.md">Deutsch</a>
  <a href="README_tr_TR.md">Türkçe</a>
-  <a href="README_zh_CN.md">简体中文</a>
-  <a href="README_zh_TW.md">正體中文</a>
+  <a href="README_zh_CN.md">中文</a>
  <a href="README_uk_UA.md">Українська</a>
  <a href="README_ru_RU.md">Русский</a>
  <a href="README_pt_BR.md">Português Brasileiro</a>
--- a/readme_i18n/README_pt_BR.md
+++ b/readme_i18n/README_pt_BR.md
@@ -29,8 +29,7 @@
 <a href="README_de_DE.md">Deutsch</a>
 <a href="README_nl_NL.md">Nederlands</a>
 <a href="README_tr_TR.md">Türkçe</a>
-<a href="README_zh_CN.md">简体中文</a>
-<a href="README_zh_TW.md">正體中文</a>
+<a href="README_zh_CN.md">中文</a>
 <a href="README_uk_UA.md">Українська</a>
 <a href="README_ru_RU.md">Русский</a>
 <a href="README_sv_SE.md">Svenska</a>
--- a/readme_i18n/README_ru_RU.md
+++ b/readme_i18n/README_ru_RU.md
@@ -28,8 +28,7 @@
  <a href="README_de_DE.md">Deutsch</a>
  <a href="README_nl_NL.md">Nederlands</a>
  <a href="README_tr_TR.md">Türkçe</a>
-  <a href="README_zh_CN.md">简体中文</a>
-  <a href="README_zh_TW.md">正體中文</a>
+  <a href="README_zh_CN.md">中文</a>
  <a href="README_uk_UA.md">Українська</a>
  <a href="README_pt_BR.md">Português Brasileiro</a>
  <a href="README_sv_SE.md">Svenska</a>
--- a/readme_i18n/README_sv_SE.md
+++ b/readme_i18n/README_sv_SE.md
@@ -29,8 +29,7 @@
  <a href="README_de_DE.md">Deutsch</a>
  <a href="README_nl_NL.md">Nederlands</a>
  <a href="README_tr_TR.md">Türkçe</a>
-  <a href="README_zh_CN.md">简体中文</a>
-  <a href="README_zh_TW.md">正體中文</a>
+  <a href="README_zh_CN.md">中文</a>
  <a href="README_uk_UA.md">Українська</a>
  <a href="README_ru_RU.md">Русский</a>
  <a href="README_pt_BR.md">Português Brasileiro</a>
--- a/readme_i18n/README_th_TH.md
+++ b/readme_i18n/README_th_TH.md
@@ -31,8 +31,7 @@
  <a href="README_de_DE.md">Deutsch</a>
  <a href="README_nl_NL.md">Nederlands</a>
  <a href="README_tr_TR.md">Türkçe</a>
-  <a href="README_zh_CN.md">简体中文</a>
-  <a href="README_zh_TW.md">正體中文</a>
+  <a href="README_zh_CN.md">中文</a>
  <a href="README_uk_UA.md">Українська</a>
  <a href="README_ru_RU.md">Русский</a>
  <a href="README_pt_BR.md">Português Brasileiro</a>
--- a/readme_i18n/README_tr_TR.md
+++ b/readme_i18n/README_tr_TR.md
@@ -27,8 +27,7 @@
  <a href="README_ko_KR.md">한국어</a>
  <a href="README_de_DE.md">Deutsch</a>
  <a href="README_nl_NL.md">Nederlands</a>
-  <a href="README_zh_CN.md">简体中文</a>
-  <a href="README_zh_TW.md">正體中文</a>
+  <a href="README_zh_CN.md">中文</a>
  <a href="README_uk_UA.md">Українська</a>
  <a href="README_ru_RU.md">Русский</a>
  <a href="README_pt_BR.md">Português Brasileiro</a>
--- a/readme_i18n/README_uk_UA.md
+++ b/readme_i18n/README_uk_UA.md
@@ -29,8 +29,7 @@
  <a href="README_de_DE.md">Deutsch</a>
  <a href="README_nl_NL.md">Nederlands</a>
  <a href="README_tr_TR.md">Türkçe</a>
-  <a href="README_zh_CN.md">简体中文</a>
-  <a href="README_zh_TW.md">正體中文</a>
+  <a href="README_zh_CN.md">中文</a>
  <a href="README_ru_RU.md">Русский</a>
  <a href="README_pt_BR.md">Português Brasileiro</a>
  <a href="README_sv_SE.md">Svenska</a>
--- a/readme_i18n/README_vi_VN.md
+++ b/readme_i18n/README_vi_VN.md
@@ -29,8 +29,7 @@
 <a href="README_de_DE.md">Deutsch</a>
 <a href="README_nl_NL.md">Nederlands</a>
 <a href="README_tr_TR.md">Türkçe</a>
-<a href="README_zh_CN.md">简体中文</a>
-<a href="README_zh_TW.md">正體中文</a>
+<a href="README_zh_CN.md">中文</a>
 <a href="README_uk_UA.md">Українська</a>
 <a href="README_ru_RU.md">Русский</a>
 <a href="README_pt_BR.md">Português Brasileiro</a>
--- a/readme_i18n/README_zh_CN.md
+++ b/readme_i18n/README_zh_CN.md
@@ -32,7 +32,6 @@
  <a href="README_de_DE.md">Deutsch</a>
  <a href="README_nl_NL.md">Nederlands</a>
  <a href="README_tr_TR.md">Türkçe</a>
-  <a href="README_zh_TW.md">正體中文</a>
  <a href="README_uk_UA.md">Українська</a>
  <a href="README_ru_RU.md">Русский</a>
  <a href="README_pt_BR.md">Português Brasileiro</a>
--- a/readme_i18n/README_zh_TW.md
+++ b/readme_i18n/README_zh_TW.md
@@ -1,132 +0,0 @@
-<p align="center">
-  <br/>
-  <a href="https://opensource.org/license/agpl-v3"><img src="https://img.shields.io/badge/License-AGPL_v3-blue.svg?color=3F51B5&style=for-the-badge&label=授權條款&logoColor=000000&labelColor=ececec" alt="授權條款：AGPLv3"></a>
-  <a href="https://discord.immich.app">
-    <img src="https://img.shields.io/discord/979116623879368755.svg?label=Discord&logo=Discord&style=for-the-badge&logoColor=000000&labelColor=ececec" alt="Discord"/>
-  </a>
-  <br/>
-  <br/>
-</p>
-
-<p align="center">
-<img src="../design/immich-logo-stacked-light.svg" width="300" title="以自訂 URL 登入">
-</p>
-<h3 align="center">高效能的自架照片和影片管理解決方案</h3>
-<br/>
-<a href="https://immich.app">
-<img src="../design/immich-screenshots.png" title="主要螢幕截圖">
-</a>
-<br/>
-
-<p align="center">
-  <a href="../README.md">English</a>
-  <a href="README_ca_ES.md">Català</a>
-  <a href="README_es_ES.md">Español</a>
-  <a href="README_fr_FR.md">Français</a>
-  <a href="README_it_IT.md">Italiano</a>
-  <a href="README_ja_JP.md">日本語</a>
-  <a href="README_ko_KR.md">한국어</a>
-  <a href="README_de_DE.md">Deutsch</a>
-  <a href="README_nl_NL.md">Nederlands</a>
-  <a href="README_tr_TR.md">Türkçe</a>
-  <a href="README_zh_CN.md">简体中文</a>
-  <a href="README_zh_TW.md">正體中文</a>
-  <a href="README_uk_UA.md">Українська</a>
-  <a href="README_ru_RU.md">Русский</a>
-  <a href="README_pt_BR.md">Português Brasileiro</a>
-  <a href="README_sv_SE.md">Svenska</a>
-  <a href="README_ar_JO.md">العربية</a>
-  <a href="README_vi_VN.md">Tiếng Việt</a>
-  <a href="README_th_TH.md">ภาษาไทย</a>
-</p>
-
-> [!WARNING]
-> ⚠️ 請務必遵循 [3-2-1 備份原則](https://www.backblaze.com/blog/the-3-2-1-backup-strategy/)，守護珍貴的照片與影片！
->
-
-> [!NOTE]
-> 主要說明文件（包含安裝指南）可於 https://immich.app/ 取得。
-
-## 連結
-
- [說明文件](https://docs.immich.app/)
- [關於](https://docs.immich.app/overview/introduction)
- [安裝](https://docs.immich.app/install/requirements)
- [發展藍圖](https://immich.app/roadmap)
- [線上體驗](#線上體驗)
- [功能](#功能)
- [翻譯](https://docs.immich.app/developer/translations)
- [貢獻指南](https://docs.immich.app/overview/support-the-project)
-
-## 線上體驗
-
-請前往 [Demoo 網站](https://demo.immich.app) 立即體驗 Immich。若要在手機 App 試用，請在 `伺服器端點 URL` 欄位輸入 `https://demo.immich.app`。
-
-### 登入資訊
-
-| 電子郵件        | 密碼   |
-| --------------- | ------ |
-| demo@immich.app | demo   |
-
-## 功能
-
-| 功能                                       | 手機版 | 網頁版 |
-| :----------------------------------------- | ------ | ------ |
-| 上傳與檢視照片與影片                       | 是     | 是     |
-| 開啟 App 時自動備份                        | 是     | 不適用 |
-| 避免重複媒體                               | 是     | 是     |
-| 選擇要備份的相簿                           | 是     | 不適用 |
-| 下載照片與影片到本機裝置                   | 是     | 是     |
-| 多使用者支援                               | 是     | 是     |
-| 相簿與共享相簿                             | 是     | 是     |
-| 可拖曳的捲軸                               | 是     | 是     |
-| 支援 RAW 格式                              | 是     | 是     |
-| 中繼資料檢視（EXIF、地圖）                 | 是     | 是     |
-| 依中繼資料、物件、臉孔與 CLIP 搜尋         | 是     | 是     |
-| 管理功能（使用者管理）                     | 否     | 是     |
-| 背景備份                                   | 是     | 不適用 |
-| 虛擬滾動                                   | 是     | 是     |
-| 支援 OAuth                                 | 是     | 是     |
-| API 金鑰                                   | 不適用 | 是     |
-| Live Photo/動態照片備份與播放              | 是     | 是     |
-| 支援 360 度全景照片顯示                    | 否     | 是     |
-| 使用者自訂儲存結構                         | 是     | 是     |
-| 公開分享                                   | 是     | 是     |
-| 封存與收藏                                 | 是     | 是     |
-| 世界地圖                                   | 是     | 是     |
-| 親朋好友分享                               | 是     | 是     |
-| 臉部辨識與分群                             | 是     | 是     |
-| 回憶（x 年前）                             | 是     | 是     |
-| 離線支援                                   | 是     | 否     |
-| 唯讀媒體庫                                 | 是     | 是     |
-| 照片堆疊                                   | 是     | 是     |
-| 標籤                                       | 否     | 是     |
-| 資料夾檢視                                 | 是     | 是     |
-
-## 翻譯
-
-更多翻譯相關資訊請見 [此處](https://docs.immich.app/developer/translations)。
-
-<a href="https://hosted.weblate.org/engage/immich/">
-<img src="https://hosted.weblate.org/widget/immich/immich/multi-auto.svg" alt="翻譯狀態" />
-</a>
-
-## 專案活躍度
-
-![專案活躍度](https://repobeats.axiom.co/api/embed/9e86d9dc3ddd137161f2f6d2e758d7863b1789cb.svg "Repobeats 分析圖片")
-
-## Star 數量歷史紀錄
-
-<a href="https://star-history.com/#immich-app/immich&Date">
- <picture>
-   <source media="(prefers-color-scheme: dark)" srcset="https://api.star-history.com/svg?repos=immich-app/immich&type=Date&theme=dark" />
-   <source media="(prefers-color-scheme: light)" srcset="https://api.star-history.com/svg?repos=immich-app/immich&type=Date" />
-   <img alt="Star 歷史紀錄圖表" src="https://api.star-history.com/svg?repos=immich-app/immich&type=Date" width="100%" />
- </picture>
-</a>
-
-## 貢獻者
-
-<a href="https://github.com/alextran1502/immich/graphs/contributors">
-  <img src="https://contrib.rocks/image?repo=immich-app/immich" width="100%"/>
-</a>
--- a/renovate.json
+++ b/renovate.json
@@ -21,11 +21,6 @@
      "addLabels": [
        "📱mobile"
      ]
-    },
-    {
-      "matchPackageNames": ["ghcr.io/immich-app/postgres"],
-      "matchUpdateTypes": ["major"],
-      "enabled": false
    }
  ],
  "ignorePaths": [
--- a/server/Dockerfile
+++ b/server/Dockerfile
@@ -1,54 +1,39 @@
-FROM ghcr.io/immich-app/base-server-dev:202510092146@sha256:124ec9659cba4a206924de5e3691f84acde16d75fa2b10b7007542424b696b96 AS builder
+FROM ghcr.io/immich-app/base-server-dev:202509210934@sha256:b5ce2d7eaf379d4cf15efd4bab180d8afc8a80d20b36c9800f4091aca6ae267e AS builder
 ENV COREPACK_ENABLE_DOWNLOAD_PROMPT=0 \
  CI=1 \
-  COREPACK_HOME=/tmp \
-  PNPM_HOME=/buildcache/pnpm-store \
-  PATH="/buildcache/pnpm-store:$PATH"
+  COREPACK_HOME=/tmp

 RUN npm install --global corepack@latest && \
-  corepack enable pnpm && \
-  pnpm config set store-dir "$PNPM_HOME"
+  corepack enable pnpm

 FROM builder AS server

 WORKDIR /usr/src/app
+COPY ./package* ./pnpm* .pnpmfile.cjs ./
 COPY ./server ./server/
-RUN --mount=type=cache,id=pnpm-server,target=/buildcache/pnpm-store \
-  --mount=type=bind,source=package.json,target=package.json \
-  --mount=type=bind,source=.pnpmfile.cjs,target=.pnpmfile.cjs \
-  --mount=type=bind,source=pnpm-lock.yaml,target=pnpm-lock.yaml \
-  --mount=type=bind,source=pnpm-workspace.yaml,target=pnpm-workspace.yaml \
-  SHARP_IGNORE_GLOBAL_LIBVIPS=true pnpm --filter immich --frozen-lockfile build && \
+RUN SHARP_IGNORE_GLOBAL_LIBVIPS=true pnpm --filter immich --frozen-lockfile build && \
  SHARP_FORCE_GLOBAL_LIBVIPS=true pnpm --filter immich --frozen-lockfile --prod --no-optional deploy /output/server-pruned

 FROM builder AS web

 WORKDIR /usr/src/app
+COPY ./package* ./pnpm* .pnpmfile.cjs ./
 COPY ./web ./web/
 COPY ./i18n ./i18n/
 COPY ./open-api ./open-api/
-RUN --mount=type=cache,id=pnpm-web,target=/buildcache/pnpm-store \
-  --mount=type=bind,source=package.json,target=package.json \
-  --mount=type=bind,source=.pnpmfile.cjs,target=.pnpmfile.cjs \
-  --mount=type=bind,source=pnpm-lock.yaml,target=pnpm-lock.yaml \
-  --mount=type=bind,source=pnpm-workspace.yaml,target=pnpm-workspace.yaml \
-  SHARP_IGNORE_GLOBAL_LIBVIPS=true pnpm --filter @immich/sdk --filter immich-web --frozen-lockfile --force install && \
+RUN SHARP_IGNORE_GLOBAL_LIBVIPS=true pnpm --filter @immich/sdk --filter immich-web --frozen-lockfile --force install && \
  pnpm --filter @immich/sdk --filter immich-web build

 FROM builder AS cli

+COPY ./package* ./pnpm* .pnpmfile.cjs ./
 COPY ./cli ./cli/
 COPY ./open-api ./open-api/
-RUN --mount=type=cache,id=pnpm-cli,target=/buildcache/pnpm-store \
-  --mount=type=bind,source=package.json,target=package.json \
-  --mount=type=bind,source=.pnpmfile.cjs,target=.pnpmfile.cjs \
-  --mount=type=bind,source=pnpm-lock.yaml,target=pnpm-lock.yaml \
-  --mount=type=bind,source=pnpm-workspace.yaml,target=pnpm-workspace.yaml \
-  pnpm --filter @immich/sdk --filter @immich/cli --frozen-lockfile install && \
+RUN pnpm --filter @immich/sdk --filter @immich/cli --frozen-lockfile install && \
  pnpm --filter @immich/sdk --filter @immich/cli build && \
  pnpm --filter @immich/cli --prod --no-optional deploy /output/cli-pruned

-FROM ghcr.io/immich-app/base-server-prod:202510092146@sha256:c39b9ad949e7777bce415e6931334aeff7331e04cb7f9df93f9ae44f6ff36b9e
+FROM ghcr.io/immich-app/base-server-prod:202509210934@sha256:0c7eacf0ba88ca52e1a267cfc62d20d07792ea2c604818c2cbd37dc7dcefdac9

 WORKDIR /usr/src/app
 ENV NODE_ENV=production \
--- a/server/Dockerfile.dev
+++ b/server/Dockerfile.dev
@@ -1,5 +1,5 @@
 # dev build
-FROM ghcr.io/immich-app/base-server-dev:202510092146@sha256:124ec9659cba4a206924de5e3691f84acde16d75fa2b10b7007542424b696b96 AS dev
+FROM ghcr.io/immich-app/base-server-dev:202509210934@sha256:b5ce2d7eaf379d4cf15efd4bab180d8afc8a80d20b36c9800f4091aca6ae267e AS dev

 ENV COREPACK_ENABLE_DOWNLOAD_PROMPT=0 \
  CI=1 \
--- a/server/package.json
+++ b/server/package.json
@@ -47,7 +47,7 @@
    "@opentelemetry/exporter-prometheus": "^0.205.0",
    "@opentelemetry/instrumentation-http": "^0.205.0",
    "@opentelemetry/instrumentation-ioredis": "^0.53.0",
-    "@opentelemetry/instrumentation-nestjs-core": "^0.52.0",
+    "@opentelemetry/instrumentation-nestjs-core": "^0.51.0",
    "@opentelemetry/instrumentation-pg": "^0.58.0",
    "@opentelemetry/resources": "^2.0.1",
    "@opentelemetry/sdk-metrics": "^2.0.1",
@@ -67,7 +67,7 @@
    "compression": "^1.8.0",
    "cookie": "^1.0.2",
    "cookie-parser": "^1.4.7",
-    "cron": "4.3.3",
+    "cron": "4.3.0",
    "exiftool-vendored": "^28.8.0",
    "express": "^5.1.0",
    "fast-glob": "^3.3.2",
@@ -85,7 +85,7 @@
    "multer": "^2.0.2",
    "nest-commander": "^3.16.0",
    "nestjs-cls": "^5.0.0",
-    "nestjs-kysely": "3.0.0",
+    "nestjs-kysely": "^3.0.0",
    "nestjs-otel": "^7.0.0",
    "nodemailer": "^7.0.0",
    "openid-client": "^6.3.3",
@@ -101,10 +101,9 @@
    "sanitize-filename": "^1.6.3",
    "sanitize-html": "^2.14.0",
    "semver": "^7.6.2",
-    "sharp": "^0.34.4",
+    "sharp": "^0.34.3",
    "sirv": "^3.0.0",
    "socket.io": "^4.8.1",
-    "structured-headers": "^2.0.2",
    "tailwindcss-preset-email": "^1.4.0",
    "thumbhash": "^0.1.1",
    "ua-parser-js": "^2.0.0",
@@ -130,7 +129,7 @@
    "@types/luxon": "^3.6.2",
    "@types/mock-fs": "^4.13.1",
    "@types/multer": "^2.0.0",
-    "@types/node": "^22.18.8",
+    "@types/node": "^22.18.1",
    "@types/nodemailer": "^7.0.0",
    "@types/picomatch": "^4.0.0",
    "@types/pngjs": "^6.0.5",
@@ -165,6 +164,6 @@
    "node": "22.20.0"
  },
  "overrides": {
-    "sharp": "^0.34.4"
+    "sharp": "^0.34.3"
  }
 }
--- a/server/src/app.module.ts
+++ b/server/src/app.module.ts
@@ -19,7 +19,6 @@ import { ConfigRepository } from 'src/repositories/config.repository';
 import { EventRepository } from 'src/repositories/event.repository';
 import { LoggingRepository } from 'src/repositories/logging.repository';
 import { teardownTelemetry, TelemetryRepository } from 'src/repositories/telemetry.repository';
-import { UserRepository } from 'src/repositories/user.repository';
 import { services } from 'src/services';
 import { AuthService } from 'src/services/auth.service';
 import { CliService } from 'src/services/cli.service';
@@ -56,7 +55,6 @@ class BaseModule implements OnModuleInit, OnModuleDestroy {
    private jobService: JobService,
    private telemetryRepository: TelemetryRepository,
    private authService: AuthService,
-    private userRepository: UserRepository,
  ) {
    logger.setAppName(this.worker);
  }
--- a/server/src/config.ts
+++ b/server/src/config.ts
@@ -22,9 +22,6 @@ export interface SystemConfig {
      cronExpression: string;
      keepLastAmount: number;
    };
-    upload: {
-      maxAgeHours: number;
-    };
  };
  ffmpeg: {
    crf: number;
@@ -136,7 +133,6 @@ export interface SystemConfig {
    clusterNewFaces: boolean;
    generateMemories: boolean;
    syncQuotaUsage: boolean;
-    removeStaleUploads: boolean;
  };
  trash: {
    enabled: boolean;
@@ -194,9 +190,6 @@ export const defaults = Object.freeze<SystemConfig>({
      cronExpression: CronExpression.EVERY_DAY_AT_2AM,
      keepLastAmount: 14,
    },
-    upload: {
-      maxAgeHours: 72,
-    },
  },
  ffmpeg: {
    crf: 23,
@@ -332,7 +325,6 @@ export const defaults = Object.freeze<SystemConfig>({
    syncQuotaUsage: true,
    missingThumbnails: true,
    clusterNewFaces: true,
-    removeStaleUploads: true,
  },
  trash: {
    enabled: true,
--- a/server/src/controllers/asset-upload.controller.spec.ts
+++ b/server/src/controllers/asset-upload.controller.spec.ts
@@ -1,445 +0,0 @@
-import { createHash, randomUUID } from 'node:crypto';
-import { AssetUploadController } from 'src/controllers/asset-upload.controller';
-import { AssetUploadService } from 'src/services/asset-upload.service';
-import { serializeDictionary } from 'structured-headers';
-import request from 'supertest';
-import { factory } from 'test/small.factory';
-import { ControllerContext, controllerSetup, mockBaseService } from 'test/utils';
-
-const makeAssetData = (overrides?: Partial<any>): string => {
-  return serializeDictionary({
-    filename: 'test-image.jpg',
-    'device-asset-id': 'test-asset-id',
-    'device-id': 'test-device',
-    'file-created-at': new Date('2025-01-02T00:00:00Z').toISOString(),
-    'file-modified-at': new Date('2025-01-01T00:00:00Z').toISOString(),
-    'is-favorite': false,
-    ...overrides,
-  });
-};
-
-describe(AssetUploadController.name, () => {
-  let ctx: ControllerContext;
-  let buffer: Buffer;
-  let checksum: string;
-  const service = mockBaseService(AssetUploadService);
-
-  beforeAll(async () => {
-    ctx = await controllerSetup(AssetUploadController, [{ provide: AssetUploadService, useValue: service }]);
-    return () => ctx.close();
-  });
-
-  beforeEach(() => {
-    service.resetAllMocks();
-    service.startUpload.mockImplementation((_, __, res, ___) => {
-      res.send();
-      return Promise.resolve();
-    });
-    service.resumeUpload.mockImplementation((_, __, res, ___, ____) => {
-      res.send();
-      return Promise.resolve();
-    });
-    service.cancelUpload.mockImplementation((_, __, res) => {
-      res.send();
-      return Promise.resolve();
-    });
-    service.getUploadStatus.mockImplementation((_, res, __, ___) => {
-      res.send();
-      return Promise.resolve();
-    });
-    ctx.reset();
-
-    buffer = Buffer.from(randomUUID());
-    checksum = `sha=:${createHash('sha1').update(buffer).digest('base64')}:`;
-  });
-
-  describe('POST /upload', () => {
-    it('should be an authenticated route', async () => {
-      await request(ctx.getHttpServer()).post('/upload');
-      expect(ctx.authenticate).toHaveBeenCalled();
-    });
-
-    it('should require at least version 3 of Upload-Draft-Interop-Version header if provided', async () => {
-      const { status, body } = await request(ctx.getHttpServer())
-        .post('/upload')
-        .set('X-Immich-Asset-Data', makeAssetData())
-        .set('Upload-Draft-Interop-Version', '2')
-        .set('Repr-Digest', checksum)
-        .set('Upload-Complete', '?1')
-        .set('Upload-Length', '1024')
-        .send(buffer);
-
-      expect(status).toBe(400);
-      expect(body).toEqual(
-        expect.objectContaining({
-          message: expect.arrayContaining(['version must not be less than 3']),
-        }),
-      );
-    });
-
-    it('should require X-Immich-Asset-Data header', async () => {
-      const { status, body } = await request(ctx.getHttpServer())
-        .post('/upload')
-        .set('Upload-Draft-Interop-Version', '8')
-        .set('Repr-Digest', checksum)
-        .set('Upload-Complete', '?1')
-        .set('Upload-Length', '1024')
-        .send(buffer);
-
-      expect(status).toBe(400);
-      expect(body).toEqual(expect.objectContaining({ message: 'x-immich-asset-data header is required' }));
-    });
-
-    it('should require Repr-Digest header', async () => {
-      const { status, body } = await request(ctx.getHttpServer())
-        .post('/upload')
-        .set('Upload-Draft-Interop-Version', '8')
-        .set('X-Immich-Asset-Data', makeAssetData())
-        .set('Upload-Complete', '?1')
-        .set('Upload-Length', '1024')
-        .send(buffer);
-
-      expect(status).toBe(400);
-      expect(body).toEqual(expect.objectContaining({ message: 'Missing repr-digest header' }));
-    });
-
-    it('should allow conventional upload without Upload-Complete header', async () => {
-      const { status } = await request(ctx.getHttpServer())
-        .post('/upload')
-        .set('X-Immich-Asset-Data', makeAssetData())
-        .set('Repr-Digest', checksum)
-        .set('Upload-Length', '1024')
-        .send(buffer);
-
-      expect(status).toBe(201);
-    });
-
-    it('should require Upload-Length header for incomplete upload', async () => {
-      const { status, body } = await request(ctx.getHttpServer())
-        .post('/upload')
-        .set('Upload-Draft-Interop-Version', '8')
-        .set('X-Immich-Asset-Data', makeAssetData())
-        .set('Repr-Digest', checksum)
-        .set('Upload-Complete', '?0')
-        .send(buffer);
-
-      expect(status).toBe(400);
-      expect(body).toEqual(expect.objectContaining({ message: 'Missing upload-length header' }));
-    });
-
-    it('should infer upload length from content length if complete upload', async () => {
-      const { status } = await request(ctx.getHttpServer())
-        .post('/upload')
-        .set('Upload-Draft-Interop-Version', '8')
-        .set('X-Immich-Asset-Data', makeAssetData())
-        .set('Repr-Digest', checksum)
-        .set('Upload-Complete', '?1')
-        .send(buffer);
-
-      expect(status).toBe(201);
-    });
-
-    it('should reject invalid Repr-Digest format', async () => {
-      const { status, body } = await request(ctx.getHttpServer())
-        .post('/upload')
-        .set('Upload-Draft-Interop-Version', '8')
-        .set('X-Immich-Asset-Data', checksum)
-        .set('Repr-Digest', 'invalid-format')
-        .set('Upload-Complete', '?1')
-        .set('Upload-Length', '1024')
-        .send(buffer);
-
-      expect(status).toBe(400);
-      expect(body).toEqual(expect.objectContaining({ message: 'Invalid repr-digest header' }));
-    });
-
-    it('should validate device-asset-id is required in asset data', async () => {
-      const assetData = serializeDictionary({
-        filename: 'test.jpg',
-        'device-id': 'test-device',
-        'file-created-at': new Date().toISOString(),
-        'file-modified-at': new Date().toISOString(),
-      });
-
-      const { status, body } = await request(ctx.getHttpServer())
-        .post('/upload')
-        .set('Upload-Draft-Interop-Version', '8')
-        .set('X-Immich-Asset-Data', assetData)
-        .set('Repr-Digest', checksum)
-        .set('Upload-Complete', '?1')
-        .set('Upload-Length', '1024')
-        .send(buffer);
-
-      expect(status).toBe(400);
-      expect(body).toEqual(
-        expect.objectContaining({
-          message: expect.arrayContaining([expect.stringContaining('deviceAssetId')]),
-        }),
-      );
-    });
-
-    it('should validate device-id is required in asset data', async () => {
-      const assetData = serializeDictionary({
-        filename: 'test.jpg',
-        'device-asset-id': 'test-asset',
-        'file-created-at': new Date().toISOString(),
-        'file-modified-at': new Date().toISOString(),
-      });
-
-      const { status, body } = await request(ctx.getHttpServer())
-        .post('/upload')
-        .set('Upload-Draft-Interop-Version', '8')
-        .set('X-Immich-Asset-Data', assetData)
-        .set('Repr-Digest', checksum)
-        .set('Upload-Complete', '?1')
-        .set('Upload-Length', '1024')
-        .send(buffer);
-
-      expect(status).toBe(400);
-      expect(body).toEqual(
-        expect.objectContaining({
-          message: expect.arrayContaining([expect.stringContaining('deviceId')]),
-        }),
-      );
-    });
-
-    it('should validate filename is required in asset data', async () => {
-      const assetData = serializeDictionary({
-        'device-asset-id': 'test-asset',
-        'device-id': 'test-device',
-        'file-created-at': new Date().toISOString(),
-        'file-modified-at': new Date().toISOString(),
-      });
-
-      const { status, body } = await request(ctx.getHttpServer())
-        .post('/upload')
-        .set('Upload-Draft-Interop-Version', '8')
-        .set('X-Immich-Asset-Data', assetData)
-        .set('Repr-Digest', checksum)
-        .set('Upload-Complete', '?1')
-        .set('Upload-Length', '1024')
-        .send(buffer);
-
-      expect(status).toBe(400);
-      expect(body).toEqual(
-        expect.objectContaining({
-          message: expect.arrayContaining([expect.stringContaining('filename')]),
-        }),
-      );
-    });
-
-    it('should accept Upload-Incomplete header for version 3', async () => {
-      const { body, status } = await request(ctx.getHttpServer())
-        .post('/upload')
-        .set('Upload-Draft-Interop-Version', '3')
-        .set('X-Immich-Asset-Data', makeAssetData())
-        .set('Repr-Digest', checksum)
-        .set('Upload-Incomplete', '?0')
-        .set('Upload-Complete', '?1')
-        .set('Upload-Length', '1024')
-        .send(buffer);
-
-      expect(body).toEqual({});
-      expect(status).not.toBe(400);
-    });
-
-    it('should validate Upload-Complete is a boolean structured field', async () => {
-      const { status, body } = await request(ctx.getHttpServer())
-        .post('/upload')
-        .set('Upload-Draft-Interop-Version', '8')
-        .set('X-Immich-Asset-Data', makeAssetData())
-        .set('Repr-Digest', checksum)
-        .set('Upload-Complete', 'true')
-        .set('Upload-Length', '1024')
-        .send(buffer);
-
-      expect(status).toBe(400);
-      expect(body).toEqual(expect.objectContaining({ message: 'upload-complete must be a structured boolean value' }));
-    });
-
-    it('should validate Upload-Length is a positive integer', async () => {
-      const { status, body } = await request(ctx.getHttpServer())
-        .post('/upload')
-        .set('Upload-Draft-Interop-Version', '8')
-        .set('X-Immich-Asset-Data', makeAssetData())
-        .set('Repr-Digest', checksum)
-        .set('Upload-Complete', '?1')
-        .set('Upload-Length', '-100')
-        .send(buffer);
-
-      expect(status).toBe(400);
-      expect(body).toEqual(
-        expect.objectContaining({
-          message: expect.arrayContaining(['uploadLength must not be less than 1']),
-        }),
-      );
-    });
-  });
-
-  describe('PATCH /upload/:id', () => {
-    const uploadId = factory.uuid();
-
-    it('should be an authenticated route', async () => {
-      await request(ctx.getHttpServer()).patch(`/upload/${uploadId}`);
-      expect(ctx.authenticate).toHaveBeenCalled();
-    });
-
-    it('should require Upload-Draft-Interop-Version header', async () => {
-      const { status, body } = await request(ctx.getHttpServer())
-        .patch(`/upload/${uploadId}`)
-        .set('Upload-Offset', '0')
-        .set('Upload-Complete', '?1')
-        .send(Buffer.from('test'));
-
-      expect(status).toBe(400);
-      expect(body).toEqual(
-        expect.objectContaining({
-          message: expect.arrayContaining(['version must be an integer number', 'version must not be less than 3']),
-        }),
-      );
-    });
-
-    it('should require Upload-Offset header', async () => {
-      const { status, body } = await request(ctx.getHttpServer())
-        .patch(`/upload/${uploadId}`)
-        .set('Upload-Draft-Interop-Version', '8')
-        .set('Upload-Complete', '?1')
-        .send(Buffer.from('test'));
-
-      expect(status).toBe(400);
-      expect(body).toEqual(
-        expect.objectContaining({
-          message: expect.arrayContaining([
-            'uploadOffset must be an integer number',
-            'uploadOffset must not be less than 0',
-          ]),
-        }),
-      );
-    });
-
-    it('should require Upload-Complete header', async () => {
-      const { status, body } = await request(ctx.getHttpServer())
-        .patch(`/upload/${uploadId}`)
-        .set('Upload-Draft-Interop-Version', '8')
-        .set('Upload-Offset', '0')
-        .set('Content-Type', 'application/partial-upload')
-        .send(Buffer.from('test'));
-
-      expect(status).toBe(400);
-      expect(body).toEqual(expect.objectContaining({ message: ['uploadComplete must be a boolean value'] }));
-    });
-
-    it('should validate UUID parameter', async () => {
-      const { status, body } = await request(ctx.getHttpServer())
-        .patch('/upload/invalid-uuid')
-        .set('Upload-Draft-Interop-Version', '8')
-        .set('Upload-Offset', '0')
-        .set('Upload-Complete', '?0')
-        .send(Buffer.from('test'));
-
-      expect(status).toBe(400);
-      expect(body).toEqual(expect.objectContaining({ message: ['id must be a UUID'] }));
-    });
-
-    it('should validate Upload-Offset is a non-negative integer', async () => {
-      const { status, body } = await request(ctx.getHttpServer())
-        .patch(`/upload/${uploadId}`)
-        .set('Upload-Draft-Interop-Version', '8')
-        .set('Upload-Offset', '-50')
-        .set('Upload-Complete', '?0')
-        .send(Buffer.from('test'));
-
-      expect(status).toBe(400);
-      expect(body).toEqual(
-        expect.objectContaining({
-          message: expect.arrayContaining(['uploadOffset must not be less than 0']),
-        }),
-      );
-    });
-
-    it('should require Content-Type: application/partial-upload for version >= 6', async () => {
-      const { status, body } = await request(ctx.getHttpServer())
-        .patch(`/upload/${uploadId}`)
-        .set('Upload-Draft-Interop-Version', '6')
-        .set('Upload-Offset', '0')
-        .set('Upload-Complete', '?0')
-        .set('Content-Type', 'application/octet-stream')
-        .send(Buffer.from('test'));
-
-      expect(status).toBe(400);
-      expect(body).toEqual(
-        expect.objectContaining({
-          message: ['contentType must be equal to application/partial-upload'],
-        }),
-      );
-    });
-
-    it('should allow other Content-Type for version < 6', async () => {
-      const { body } = await request(ctx.getHttpServer())
-        .patch(`/upload/${uploadId}`)
-        .set('Upload-Draft-Interop-Version', '3')
-        .set('Upload-Offset', '0')
-        .set('Upload-Incomplete', '?1')
-        .set('Content-Type', 'application/octet-stream')
-        .send();
-
-      // Will fail for other reasons, but not content-type validation
-      expect(body).not.toEqual(
-        expect.objectContaining({
-          message: expect.arrayContaining([expect.stringContaining('contentType')]),
-        }),
-      );
-    });
-
-    it('should accept Upload-Incomplete header for version 3', async () => {
-      const { status } = await request(ctx.getHttpServer())
-        .patch(`/upload/${uploadId}`)
-        .set('Upload-Draft-Interop-Version', '3')
-        .set('Upload-Offset', '0')
-        .set('Upload-Incomplete', '?1')
-        .send();
-
-      // Should not fail validation
-      expect(status).not.toBe(400);
-    });
-  });
-
-  describe('DELETE /upload/:id', () => {
-    const uploadId = factory.uuid();
-
-    it('should be an authenticated route', async () => {
-      await request(ctx.getHttpServer()).delete(`/upload/${uploadId}`);
-      expect(ctx.authenticate).toHaveBeenCalled();
-    });
-
-    it('should validate UUID parameter', async () => {
-      const { status, body } = await request(ctx.getHttpServer()).delete('/upload/invalid-uuid');
-
-      expect(status).toBe(400);
-      expect(body).toEqual(expect.objectContaining({ message: ['id must be a UUID'] }));
-    });
-  });
-
-  describe('HEAD /upload/:id', () => {
-    const uploadId = factory.uuid();
-
-    it('should be an authenticated route', async () => {
-      await request(ctx.getHttpServer()).head(`/upload/${uploadId}`);
-      expect(ctx.authenticate).toHaveBeenCalled();
-    });
-
-    it('should require Upload-Draft-Interop-Version header', async () => {
-      const { status } = await request(ctx.getHttpServer()).head(`/upload/${uploadId}`);
-
-      expect(status).toBe(400);
-    });
-
-    it('should validate UUID parameter', async () => {
-      const { status } = await request(ctx.getHttpServer())
-        .head('/upload/invalid-uuid')
-        .set('Upload-Draft-Interop-Version', '8');
-
-      expect(status).toBe(400);
-    });
-  });
-});
--- a/Show More
+++ b/Show More