Merge 8a677760e5 into 9d4aac2b8e

Revise the README_CN (#21048 )
* docs: update chinese readme * style: Improve the styling of the Chinese document jump tips bar in dark mode * docs: add license translation
2025-12-06 13:34:13 +03:00 · 2025-12-02 14:16:12 +01:00 · 2025-12-01 10:52:30 -07:00 · 2025-12-01 08:07:35 -07:00 · 2025-12-01 07:59:54 -06:00 · 2025-11-30 06:54:42 -06:00
76 changed files with 1897 additions and 747 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -15,7 +15,7 @@ concurrency:
  cancel-in-progress: true

 env:
-  PYTHON_VERSION: 3.9
+  PYTHON_VERSION: 3.11

 jobs:
  amd64_build:
--- a/README_CN.md
+++ b/README_CN.md
@ -1,28 +1,31 @@
 <p align="center">
-  <img align="center" alt="logo" src="docs/static/img/frigate.png">
+  <img align="center" alt="logo" src="docs/static/img/branding/frigate.png">
 </p>

-# Frigate - 一个具有实时目标检测的本地NVR
+# Frigate NVR™ - 一个具有实时目标检测的本地 NVR

-[English](https://github.com/blakeblackshear/frigate) | \[简体中文\] 
+[English](https://github.com/blakeblackshear/frigate) | \[简体中文\]
+
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)

 <a href="https://hosted.weblate.org/engage/frigate-nvr/-/zh_Hans/">
 <img src="https://hosted.weblate.org/widget/frigate-nvr/-/zh_Hans/svg-badge.svg" alt="翻译状态" />
 </a>

-一个完整的本地网络视频录像机（NVR），专为[Home Assistant](https://www.home-assistant.io)设计，具备AI物体检测功能。使用OpenCV和TensorFlow在本地为IP摄像头执行实时物体检测。
+一个完整的本地网络视频录像机（NVR），专为[Home Assistant](https://www.home-assistant.io)设计，具备 AI 目标/物体检测功能。使用 OpenCV 和 TensorFlow 在本地为 IP 摄像头执行实时物体检测。

-强烈推荐使用GPU或者AI加速器（例如[Google Coral加速器](https://coral.ai/products/) 或者 [Hailo](https://hailo.ai/)）。它们的性能甚至超过目前的顶级CPU，并且可以以极低的耗电实现更优的性能。
- 通过[自定义组件](https://github.com/blakeblackshear/frigate-hass-integration)与Home Assistant紧密集成
- 设计上通过仅在必要时和必要地点寻找物体，最大限度地减少资源使用并最大化性能
+强烈推荐使用 GPU 或者 AI 加速器（例如[Google Coral 加速器](https://coral.ai/products/) 或者 [Hailo](https://hailo.ai/)等）。它们的运行效率远远高于现在的顶级 CPU，并且功耗也极低。
+
+- 通过[自定义组件](https://github.com/blakeblackshear/frigate-hass-integration)与 Home Assistant 紧密集成
+- 设计上通过仅在必要时和必要地点寻找目标，最大限度地减少资源使用并最大化性能
 - 大量利用多进程处理，强调实时性而非处理每一帧
- 使用非常低开销的运动检测来确定运行物体检测的位置
- 使用TensorFlow进行物体检测，运行在单独的进程中以达到最大FPS
- 通过MQTT进行通信，便于集成到其他系统中
+- 使用非常低开销的画面变动检测（也叫运动检测）来确定运行目标检测的位置
+- 使用 TensorFlow 进行目标检测，并运行在单独的进程中以达到最大 FPS
+- 通过 MQTT 进行通信，便于集成到其他系统中
 - 根据检测到的物体设置保留时间进行视频录制
- 24/7全天候录制
- 通过RTSP重新流传输以减少摄像头的连接数
- 支持WebRTC和MSE，实现低延迟的实时观看
+- 24/7 全天候录制
+- 通过 RTSP 重新流传输以减少摄像头的连接数
+- 支持 WebRTC 和 MSE，实现低延迟的实时观看

 ## 社区中文翻译文档

@ -32,39 +35,55 @@

 如果您想通过捐赠支持开发，请使用 [Github Sponsors](https://github.com/sponsors/blakeblackshear)。

+## 协议
+
+本项目采用 **MIT 许可证**授权。
+**代码部分**：本代码库中的源代码、配置文件和文档均遵循 [MIT 许可证](LICENSE)。您可以自由使用、修改和分发这些代码，但必须保留原始版权声明。
+
+**商标部分**：“Frigate”名称、“Frigate NVR”品牌以及 Frigate 的 Logo 为 **Frigate LLC 的商标**，**不在** MIT 许可证覆盖范围内。
+有关品牌资产的规范使用详情，请参阅我们的[《商标政策》](TRADEMARK.md)。
+
 ## 截图

 ### 实时监控面板
+
 <div>
 <img width="800" alt="实时监控面板" src="https://github.com/blakeblackshear/frigate/assets/569905/5e713cb9-9db5-41dc-947a-6937c3bc376e">
 </div>

 ### 简单的核查工作流程
+
 <div>
 <img width="800" alt="简单的审查工作流程" src="https://github.com/blakeblackshear/frigate/assets/569905/6fed96e8-3b18-40e5-9ddc-31e6f3c9f2ff">
 </div>

 ### 多摄像头可按时间轴查看
+
 <div>
 <img width="800" alt="多摄像头可按时间轴查看" src="https://github.com/blakeblackshear/frigate/assets/569905/d6788a15-0eeb-4427-a8d4-80b93cae3d74">
 </div>

 ### 内置遮罩和区域编辑器
+
 <div>
 <img width="800" alt="内置遮罩和区域编辑器" src="https://github.com/blakeblackshear/frigate/assets/569905/d7885fc3-bfe6-452f-b7d0-d957cb3e31f5">
 </div>

-
 ## 翻译
+
 我们使用 [Weblate](https://hosted.weblate.org/projects/frigate-nvr/) 平台提供翻译支持，欢迎参与进来一起完善。

-
 ## 非官方中文讨论社区
-欢迎加入中文讨论QQ群：[1043861059](https://qm.qq.com/q/7vQKsTmSz)
+
+欢迎加入中文讨论 QQ 群：[1043861059](https://qm.qq.com/q/7vQKsTmSz)

 Bilibili：https://space.bilibili.com/3546894915602564

-
 ## 中文社区赞助商
+
 [![EdgeOne](https://edgeone.ai/media/34fe3a45-492d-4ea4-ae5d-ea1087ca7b4b.png)](https://edgeone.ai/zh?from=github)
 本项目 CDN 加速及安全防护由 Tencent EdgeOne 赞助
+
+---
+
+**Copyright © 2025 Frigate LLC.**
--- a/docker/rocm/Dockerfile
+++ b/docker/rocm/Dockerfile
@ -15,7 +15,7 @@ ARG AMDGPU

 RUN apt update -qq && \
    apt install -y wget gpg && \
-    wget -O rocm.deb https://repo.radeon.com/amdgpu-install/7.1/ubuntu/jammy/amdgpu-install_7.1.70100-1_all.deb && \
+    wget -O rocm.deb https://repo.radeon.com/amdgpu-install/7.1.1/ubuntu/jammy/amdgpu-install_7.1.1.70101-1_all.deb && \
    apt install -y ./rocm.deb && \
    apt update && \
    apt install -qq -y rocm
--- a/docker/rocm/rocm.hcl
+++ b/docker/rocm/rocm.hcl
@ -2,7 +2,7 @@ variable "AMDGPU" {
  default = "gfx900"
 }
 variable "ROCM" {
-  default = "7.1.0"
+  default = "7.1.1"
 }
 variable "HSA_OVERRIDE_GFX_VERSION" {
  default = ""
--- a/docs/docs/configuration/audio_detectors.md
+++ b/docs/docs/configuration/audio_detectors.md
@ -75,7 +75,13 @@ audio:

 ### Audio Transcription

-Frigate supports fully local audio transcription using either `sherpa-onnx` or OpenAI’s open-source Whisper models via `faster-whisper`. To enable transcription, enable it in your config. Note that audio detection must also be enabled as described above in order to use audio transcription features.
+Frigate supports fully local audio transcription using either `sherpa-onnx` or OpenAI’s open-source Whisper models via `faster-whisper`. The goal of this feature is to support Semantic Search for `speech` audio events. Frigate is not intended to act as a continuous, fully-automatic speech transcription service — automatically transcribing all speech (or queuing many audio events for transcription) requires substantial CPU (or GPU) resources and is impractical on most systems. For this reason, transcriptions for events are initiated manually from the UI or the API rather than being run continuously in the background.
+
+Transcription accuracy also depends heavily on the quality of your camera's microphone and recording conditions. Many cameras use inexpensive microphones, and distance to the speaker, low audio bitrate, or background noise can significantly reduce transcription quality. If you need higher accuracy, more robust long-running queues, or large-scale automatic transcription, consider using the HTTP API in combination with an automation platform and a cloud transcription service.
+
+#### Configuration
+
+To enable transcription, enable it in your config. Note that audio detection must also be enabled as described above in order to use audio transcription features.

 ```yaml
 audio_transcription:
@ -151,3 +157,19 @@ Only one `speech` event may be transcribed at a time. Frigate does not automatic
 :::

 Recorded `speech` events will always use a `whisper` model, regardless of the `model_size` config setting. Without a supported Nvidia GPU, generating transcriptions for longer `speech` events may take a fair amount of time, so be patient.
+
+#### FAQ
+
+1. Why doesn't Frigate automatically transcribe all `speech` events?
+
+   Frigate does not implement a queue mechanism for speech transcription, and adding one is not trivial. A proper queue would need backpressure, prioritization, memory/disk buffering, retry logic, crash recovery, and safeguards to prevent unbounded growth when events outpace processing. That’s a significant amount of complexity for a feature that, in most real-world environments, would mostly just churn through low-value noise.
+
+   Because transcription is **serialized (one event at a time)** and speech events can be generated far faster than they can be processed, an auto-transcribe toggle would very quickly create an ever-growing backlog and degrade core functionality. For the amount of engineering and risk involved, it adds **very little practical value** for the majority of deployments, which are often on low-powered, edge hardware.
+
+   If you hear speech that’s actually important and worth saving/indexing for the future, **just press the transcribe button in Explore** on that specific `speech` event - that keeps things explicit, reliable, and under your control.
+
+2. Why don't you save live transcription text and use that for `speech` events?
+
+   There’s no guarantee that a `speech` event is even created from the exact audio that went through the transcription model. Live transcription and `speech` event creation are **separate, asynchronous processes**. Even when both are correctly configured, trying to align the **precise start and end time of a speech event** with whatever audio the model happened to be processing at that moment is unreliable.
+
+   Automatically persisting that data would often result in **misaligned, partial, or irrelevant transcripts**, while still incurring all of the CPU, storage, and privacy costs of transcription. That’s why Frigate treats transcription as an **explicit, user-initiated action** rather than an automatic side-effect of every `speech` event.
--- a/docs/docs/frigate/hardware.md
+++ b/docs/docs/frigate/hardware.md
@ -159,7 +159,7 @@ Inference speeds vary greatly depending on the CPU or GPU used, some known examp
 | Intel HD 530   | 15 - 35 ms                 |                                                   |                           |                        | Can only run one detector instance |
 | Intel HD 620   | 15 - 25 ms                 |                                                   | 320: ~ 35 ms              |                        |                                    |
 | Intel HD 630   | ~ 15 ms                    |                                                   | 320: ~ 30 ms              |                        |                                    |
-| Intel UHD 730  | ~ 10 ms                    |                                                   | 320: ~ 19 ms 640: ~ 54 ms |                        |                                    |
+| Intel UHD 730  | ~ 10 ms                    | t-320: 14ms s-320: 24ms t-640: 34ms s-640: 65ms   | 320: ~ 19 ms 640: ~ 54 ms |                        |                                    |
 | Intel UHD 770  | ~ 15 ms                    | t-320: ~ 16 ms s-320: ~ 20 ms s-640: ~ 40 ms      | 320: ~ 20 ms 640: ~ 46 ms |                        |                                    |
 | Intel N100     | ~ 15 ms                    | s-320: 30 ms                                      | 320: ~ 25 ms              |                        | Can only run one detector instance |
 | Intel N150     | ~ 15 ms                    | t-320: 16 ms s-320: 24 ms                         |                           |                        |                                    |
--- a/docs/src/components/LanguageAlert/styles.module.css
+++ b/docs/src/components/LanguageAlert/styles.module.css
@ -1,13 +1,18 @@
 .alert {
-    padding: 12px;
-    background: #fff8e6;
-    border-bottom: 1px solid #ffd166;
-    text-align: center;
-    font-size: 15px;
-  }
-  
-  .alert a {
-    color: #1890ff;
-    font-weight: 500;
-    margin-left: 6px;
-  }
+  padding: 12px;
+  background: #fff8e6;
+  border-bottom: 1px solid #ffd166;
+  text-align: center;
+  font-size: 15px;
+}
+
+[data-theme="dark"] .alert {
+  background: #3b2f0b;
+  border-bottom: 1px solid #665c22;
+}
+
+.alert a {
+  color: #1890ff;
+  font-weight: 500;
+  margin-left: 6px;
+}
--- a/frigate/api/app.py
+++ b/frigate/api/app.py
@ -23,7 +23,7 @@ from markupsafe import escape
 from peewee import SQL, fn, operator
 from pydantic import ValidationError

-from frigate.api.auth import require_role
+from frigate.api.auth import allow_any_authenticated, allow_public, require_role
 from frigate.api.defs.query.app_query_parameters import AppTimelineHourlyQueryParameters
 from frigate.api.defs.request.app_body import AppConfigSetBody
 from frigate.api.defs.tags import Tags
@ -56,29 +56,33 @@ logger = logging.getLogger(__name__)
 router = APIRouter(tags=[Tags.app])


-@router.get("/", response_class=PlainTextResponse)
+@router.get(
+    "/", response_class=PlainTextResponse, dependencies=[Depends(allow_public())]
+)
 def is_healthy():
    return "Frigate is running. Alive and healthy!"


-@router.get("/config/schema.json")
+@router.get("/config/schema.json", dependencies=[Depends(allow_public())])
 def config_schema(request: Request):
    return Response(
        content=request.app.frigate_config.schema_json(), media_type="application/json"
    )


-@router.get("/version", response_class=PlainTextResponse)
+@router.get(
+    "/version", response_class=PlainTextResponse, dependencies=[Depends(allow_public())]
+)
 def version():
    return VERSION


-@router.get("/stats")
+@router.get("/stats", dependencies=[Depends(allow_any_authenticated())])
 def stats(request: Request):
    return JSONResponse(content=request.app.stats_emitter.get_latest_stats())


-@router.get("/stats/history")
+@router.get("/stats/history", dependencies=[Depends(allow_any_authenticated())])
 def stats_history(request: Request, keys: str = None):
    if keys:
        keys = keys.split(",")
@ -86,7 +90,7 @@ def stats_history(request: Request, keys: str = None):
    return JSONResponse(content=request.app.stats_emitter.get_stats_history(keys))


-@router.get("/metrics")
+@router.get("/metrics", dependencies=[Depends(allow_any_authenticated())])
 def metrics(request: Request):
    """Expose Prometheus metrics endpoint and update metrics with latest stats"""
    # Retrieve the latest statistics and update the Prometheus metrics
@ -103,7 +107,7 @@ def metrics(request: Request):
    return Response(content=content, media_type=content_type)


-@router.get("/config")
+@router.get("/config", dependencies=[Depends(allow_any_authenticated())])
 def config(request: Request):
    config_obj: FrigateConfig = request.app.frigate_config
    config: dict[str, dict[str, Any]] = config_obj.model_dump(
@ -209,7 +213,7 @@ def config_raw_paths(request: Request):
    return JSONResponse(content=raw_paths)


-@router.get("/config/raw")
+@router.get("/config/raw", dependencies=[Depends(allow_any_authenticated())])
 def config_raw():
    config_file = find_config_file()

@ -452,7 +456,7 @@ def config_set(request: Request, body: AppConfigSetBody):
    )


-@router.get("/vainfo")
+@router.get("/vainfo", dependencies=[Depends(allow_any_authenticated())])
 def vainfo():
    vainfo = vainfo_hwaccel()
    return JSONResponse(
@ -472,12 +476,16 @@ def vainfo():
    )


-@router.get("/nvinfo")
+@router.get("/nvinfo", dependencies=[Depends(allow_any_authenticated())])
 def nvinfo():
    return JSONResponse(content=get_nvidia_driver_info())


-@router.get("/logs/{service}", tags=[Tags.logs])
+@router.get(
+    "/logs/{service}",
+    tags=[Tags.logs],
+    dependencies=[Depends(allow_any_authenticated())],
+)
 async def logs(
    service: str = Path(enum=["frigate", "nginx", "go2rtc"]),
    download: Optional[str] = None,
@ -585,7 +593,7 @@ def restart():
    )


-@router.get("/labels")
+@router.get("/labels", dependencies=[Depends(allow_any_authenticated())])
 def get_labels(camera: str = ""):
    try:
        if camera:
@ -603,7 +611,7 @@ def get_labels(camera: str = ""):
    return JSONResponse(content=labels)


-@router.get("/sub_labels")
+@router.get("/sub_labels", dependencies=[Depends(allow_any_authenticated())])
 def get_sub_labels(split_joined: Optional[int] = None):
    try:
        events = Event.select(Event.sub_label).distinct()
@ -634,7 +642,7 @@ def get_sub_labels(split_joined: Optional[int] = None):
    return JSONResponse(content=sub_labels)


-@router.get("/plus/models")
+@router.get("/plus/models", dependencies=[Depends(allow_any_authenticated())])
 def plusModels(request: Request, filterByCurrentModelDetector: bool = False):
    if not request.app.frigate_config.plus_api.is_active():
        return JSONResponse(
@ -676,7 +684,9 @@ def plusModels(request: Request, filterByCurrentModelDetector: bool = False):
    return JSONResponse(content=validModels)


-@router.get("/recognized_license_plates")
+@router.get(
+    "/recognized_license_plates", dependencies=[Depends(allow_any_authenticated())]
+)
 def get_recognized_license_plates(split_joined: Optional[int] = None):
    try:
        query = (
@ -710,7 +720,7 @@ def get_recognized_license_plates(split_joined: Optional[int] = None):
    return JSONResponse(content=recognized_license_plates)


-@router.get("/timeline")
+@router.get("/timeline", dependencies=[Depends(allow_any_authenticated())])
 def timeline(camera: str = "all", limit: int = 100, source_id: Optional[str] = None):
    clauses = []

@ -747,7 +757,7 @@ def timeline(camera: str = "all", limit: int = 100, source_id: Optional[str] = N
    return JSONResponse(content=[t for t in timeline])


-@router.get("/timeline/hourly")
+@router.get("/timeline/hourly", dependencies=[Depends(allow_any_authenticated())])
 def hourly_timeline(params: AppTimelineHourlyQueryParameters = Depends()):
    """Get hourly summary for timeline."""
    cameras = params.cameras
--- a/frigate/api/auth.py
+++ b/frigate/api/auth.py
@ -32,10 +32,178 @@ from frigate.models import User

 logger = logging.getLogger(__name__)

+
+def require_admin_by_default():
+    """
+    Global admin requirement dependency for all endpoints by default.
+
+    This is set as the default dependency on the FastAPI app to ensure all
+    endpoints require admin access unless explicitly overridden with
+    allow_public(), allow_any_authenticated(), or require_role().
+
+    Port 5000 (internal) always has admin role set by the /auth endpoint,
+    so this check passes automatically for internal requests.
+
+    Certain paths are exempted from the global admin check because they must
+    be accessible before authentication (login, auth) or they have their own
+    route-level authorization dependencies that handle access control.
+    """
+    # Paths that have route-level auth dependencies and should bypass global admin check
+    # These paths still have authorization - it's handled by their route-level dependencies
+    EXEMPT_PATHS = {
+        # Public auth endpoints (allow_public)
+        "/auth",
+        "/auth/first_time_login",
+        "/login",
+        # Authenticated user endpoints (allow_any_authenticated)
+        "/logout",
+        "/profile",
+        # Public info endpoints (allow_public)
+        "/",
+        "/version",
+        "/config/schema.json",
+        # Authenticated user endpoints (allow_any_authenticated)
+        "/metrics",
+        "/stats",
+        "/stats/history",
+        "/config",
+        "/config/raw",
+        "/vainfo",
+        "/nvinfo",
+        "/labels",
+        "/sub_labels",
+        "/plus/models",
+        "/recognized_license_plates",
+        "/timeline",
+        "/timeline/hourly",
+        "/recordings/storage",
+        "/recordings/summary",
+        "/recordings/unavailable",
+        "/go2rtc/streams",
+        "/event_ids",
+        "/events",
+        "/exports",
+    }
+
+    # Path prefixes that should be exempt (for paths with parameters)
+    EXEMPT_PREFIXES = (
+        "/logs/",  # /logs/{service}
+        "/review",  # /review, /review/{id}, /review/summary, /review_ids, etc.
+        "/reviews/",  # /reviews/viewed, /reviews/delete
+        "/events/",  # /events/{id}/thumbnail, /events/summary, etc. (camera-scoped)
+        "/export/",  # /export/{camera}/start/..., /export/{id}/rename, /export/{id}
+        "/go2rtc/streams/",  # /go2rtc/streams/{camera}
+        "/users/",  # /users/{username}/password (has own auth)
+        "/preview/",  # /preview/{file}/thumbnail.jpg
+        "/exports/",  # /exports/{export_id}
+        "/vod/",  # /vod/{camera_name}/...
+        "/notifications/",  # /notifications/pubkey, /notifications/register
+    )
+
+    async def admin_checker(request: Request):
+        path = request.url.path
+
+        # Check exact path matches
+        if path in EXEMPT_PATHS:
+            return
+
+        # Check prefix matches for parameterized paths
+        if path.startswith(EXEMPT_PREFIXES):
+            return
+
+        # Dynamic camera path exemption:
+        # Any path whose first segment matches a configured camera name should
+        # bypass the global admin requirement. These endpoints enforce access
+        # via route-level dependencies (e.g. require_camera_access) to ensure
+        # per-camera authorization. This allows non-admin authenticated users
+        # (e.g. viewer role) to access camera-specific resources without
+        # needing admin privileges.
+        try:
+            if path.startswith("/"):
+                first_segment = path.split("/", 2)[1]
+                if (
+                    first_segment
+                    and first_segment in request.app.frigate_config.cameras
+                ):
+                    return
+        except Exception:
+            pass
+
+        # For all other paths, require admin role
+        # Port 5000 (internal) requests have admin role set automatically
+        role = request.headers.get("remote-role")
+        if role == "admin":
+            return
+
+        raise HTTPException(
+            status_code=403,
+            detail="Access denied. A user with the admin role is required.",
+        )
+
+    return admin_checker
+
+
+def _is_authenticated(request: Request) -> bool:
+    """
+    Helper to determine if a request is from an authenticated user.
+
+    Returns True if the request has a valid authenticated user (not anonymous).
+    Port 5000 internal requests are considered anonymous despite having admin role.
+    """
+    username = request.headers.get("remote-user")
+    return username is not None and username != "anonymous"
+
+
+def allow_public():
+    """
+    Override dependency to allow unauthenticated access to an endpoint.
+
+    Use this for endpoints that should be publicly accessible without
+    authentication, such as login page, health checks, or pre-auth info.
+
+    Example:
+        @router.get("/public-endpoint", dependencies=[Depends(allow_public())])
+    """
+
+    async def public_checker(request: Request):
+        return  # Always allow
+
+    return public_checker
+
+
+def allow_any_authenticated():
+    """
+    Override dependency to allow any authenticated user (bypass admin requirement).
+
+    Allows:
+    - Port 5000 internal requests (have admin role despite anonymous user)
+    - Any authenticated user with a real username (not "anonymous")
+
+    Rejects:
+    - Port 8971 requests with anonymous user (auth disabled, no proxy auth)
+
+    Example:
+        @router.get("/authenticated-endpoint", dependencies=[Depends(allow_any_authenticated())])
+    """
+
+    async def auth_checker(request: Request):
+        # Port 5000 requests have admin role and should be allowed
+        role = request.headers.get("remote-role")
+        if role == "admin":
+            return
+
+        # Otherwise require a real authenticated user (not anonymous)
+        if not _is_authenticated(request):
+            raise HTTPException(status_code=401, detail="Authentication required")
+        return
+
+    return auth_checker
+
+
 router = APIRouter(tags=[Tags.auth])


-@router.get("/auth/first_time_login")
+@router.get("/auth/first_time_login", dependencies=[Depends(allow_public())])
 def first_time_login(request: Request):
    """Return whether the admin first-time login help flag is set in config.

@ -352,7 +520,7 @@ def resolve_role(


 # Endpoints
-@router.get("/auth")
+@router.get("/auth", dependencies=[Depends(allow_public())])
 def auth(request: Request):
    auth_config: AuthConfig = request.app.frigate_config.auth
    proxy_config: ProxyConfig = request.app.frigate_config.proxy
@ -478,7 +646,7 @@ def auth(request: Request):
        return fail_response


-@router.get("/profile")
+@router.get("/profile", dependencies=[Depends(allow_any_authenticated())])
 def profile(request: Request):
    username = request.headers.get("remote-user", "anonymous")
    role = request.headers.get("remote-role", "viewer")
@ -492,7 +660,7 @@ def profile(request: Request):
    )


-@router.get("/logout")
+@router.get("/logout", dependencies=[Depends(allow_any_authenticated())])
 def logout(request: Request):
    auth_config: AuthConfig = request.app.frigate_config.auth
    response = RedirectResponse("/login", status_code=303)
@ -503,7 +671,7 @@ def logout(request: Request):
 limiter = Limiter(key_func=get_remote_addr)


-@router.post("/login")
+@router.post("/login", dependencies=[Depends(allow_public())])
@limiter.limit(limit_value=rateLimiter.get_limit)
 def login(request: Request, body: AppPostLoginBody):
    JWT_COOKIE_NAME = request.app.frigate_config.auth.cookie_name
@ -578,13 +746,21 @@ def create_user(
    return JSONResponse(content={"username": body.username})


-@router.delete("/users/{username}")
-def delete_user(username: str):
+@router.delete("/users/{username}", dependencies=[Depends(require_role(["admin"]))])
+def delete_user(request: Request, username: str):
+    # Prevent deletion of the built-in admin user
+    if username == "admin":
+        return JSONResponse(
+            content={"message": "Cannot delete admin user"}, status_code=403
+        )
+
    User.delete_by_id(username)
    return JSONResponse(content={"success": True})


-@router.put("/users/{username}/password")
+@router.put(
+    "/users/{username}/password", dependencies=[Depends(allow_any_authenticated())]
+)
 async def update_password(
    request: Request,
    username: str,
--- a/frigate/api/camera.py
+++ b/frigate/api/camera.py
@ -15,7 +15,11 @@ from onvif import ONVIFCamera, ONVIFError
 from zeep.exceptions import Fault, TransportError
 from zeep.transports import AsyncTransport

-from frigate.api.auth import require_role
+from frigate.api.auth import (
+    allow_any_authenticated,
+    require_camera_access,
+    require_role,
+)
 from frigate.api.defs.tags import Tags
 from frigate.config.config import FrigateConfig
 from frigate.util.builtin import clean_camera_user_pass
@ -50,7 +54,7 @@ def _is_valid_host(host: str) -> bool:
        return False


-@router.get("/go2rtc/streams")
+@router.get("/go2rtc/streams", dependencies=[Depends(allow_any_authenticated())])
 def go2rtc_streams():
    r = requests.get("http://127.0.0.1:1984/api/streams")
    if not r.ok:
@ -66,7 +70,9 @@ def go2rtc_streams():
    return JSONResponse(content=stream_data)


-@router.get("/go2rtc/streams/{camera_name}")
+@router.get(
+    "/go2rtc/streams/{camera_name}", dependencies=[Depends(require_camera_access)]
+)
 def go2rtc_camera_stream(request: Request, camera_name: str):
    r = requests.get(
        f"http://127.0.0.1:1984/api/streams?src={camera_name}&video=all&audio=all&microphone"
@ -161,7 +167,7 @@ def go2rtc_delete_stream(stream_name: str):
        )


-@router.get("/ffprobe")
+@router.get("/ffprobe", dependencies=[Depends(require_role(["admin"]))])
 def ffprobe(request: Request, paths: str = "", detailed: bool = False):
    path_param = paths

--- a/frigate/api/classification.py
+++ b/frigate/api/classification.py
@ -870,6 +870,46 @@ def categorize_classification_image(request: Request, name: str, body: dict = No
    )


+@router.post(
+    "/classification/{name}/dataset/{category}/create",
+    response_model=GenericResponse,
+    dependencies=[Depends(require_role(["admin"]))],
+    summary="Create an empty classification category folder",
+    description="""Creates an empty folder for a classification category.
+    This is used to create folders for categories that don't have images yet.
+    Returns a success message or an error if the name is invalid.""",
+)
+def create_classification_category(request: Request, name: str, category: str):
+    config: FrigateConfig = request.app.frigate_config
+
+    if name not in config.classification.custom:
+        return JSONResponse(
+            content=(
+                {
+                    "success": False,
+                    "message": f"{name} is not a known classification model.",
+                }
+            ),
+            status_code=404,
+        )
+
+    category_folder = os.path.join(
+        CLIPS_DIR, sanitize_filename(name), "dataset", sanitize_filename(category)
+    )
+
+    os.makedirs(category_folder, exist_ok=True)
+
+    return JSONResponse(
+        content=(
+            {
+                "success": True,
+                "message": f"Successfully created category folder: {category}",
+            }
+        ),
+        status_code=200,
+    )
+
+
@router.post(
    "/classification/{name}/train/delete",
    response_model=GenericResponse,
--- a/frigate/api/event.py
+++ b/frigate/api/event.py
@ -22,6 +22,7 @@ from peewee import JOIN, DoesNotExist, fn, operator
 from playhouse.shortcuts import model_to_dict

 from frigate.api.auth import (
+    allow_any_authenticated,
    get_allowed_cameras_for_filter,
    require_camera_access,
    require_role,
@ -69,6 +70,7 @@ router = APIRouter(tags=[Tags.events])
@router.get(
    "/events",
    response_model=list[EventResponse],
+    dependencies=[Depends(allow_any_authenticated())],
    summary="Get events",
    description="Returns a list of events.",
 )
@ -343,6 +345,7 @@ def events(
@router.get(
    "/events/explore",
    response_model=list[EventResponse],
+    dependencies=[Depends(allow_any_authenticated())],
    summary="Get summary of objects.",
    description="""Gets a summary of objects from the database.
    Returns a list of objects with a max of `limit` objects for each label.
@ -435,6 +438,7 @@ def events_explore(
@router.get(
    "/event_ids",
    response_model=list[EventResponse],
+    dependencies=[Depends(allow_any_authenticated())],
    summary="Get events by ids.",
    description="""Gets events by a list of ids.
    Returns a list of events.
@ -468,6 +472,7 @@ async def event_ids(ids: str, request: Request):

@router.get(
    "/events/search",
+    dependencies=[Depends(allow_any_authenticated())],
    summary="Search events.",
    description="""Searches for events in the database.
    Returns a list of events.
@ -808,7 +813,7 @@ def events_search(
    return JSONResponse(content=processed_events)


-@router.get("/events/summary")
+@router.get("/events/summary", dependencies=[Depends(allow_any_authenticated())])
 def events_summary(
    params: EventsSummaryQueryParams = Depends(),
    allowed_cameras: List[str] = Depends(get_allowed_cameras_for_filter),
@ -918,6 +923,7 @@ def events_summary(
@router.get(
    "/events/{event_id}",
    response_model=EventResponse,
+    dependencies=[Depends(allow_any_authenticated())],
    summary="Get event by id.",
    description="Gets an event by its id.",
 )
@ -961,6 +967,7 @@ def set_retain(event_id: str):
@router.post(
    "/events/{event_id}/plus",
    response_model=EventUploadPlusResponse,
+    dependencies=[Depends(require_role(["admin"]))],
    summary="Send event to Frigate+.",
    description="""Sends an event to Frigate+.
    Returns a success message or an error if the event is not found.
@ -1101,6 +1108,7 @@ async def send_to_plus(request: Request, event_id: str, body: SubmitPlusBody = N
@router.put(
    "/events/{event_id}/false_positive",
    response_model=EventUploadPlusResponse,
+    dependencies=[Depends(require_role(["admin"]))],
    summary="Submit false positive to Frigate+",
    description="""Submit an event as a false positive to Frigate+.
    This endpoint is the same as the standard Frigate+ submission endpoint,
--- a/frigate/api/export.py
+++ b/frigate/api/export.py
@ -14,6 +14,7 @@ from peewee import DoesNotExist
 from playhouse.shortcuts import model_to_dict

 from frigate.api.auth import (
+    allow_any_authenticated,
    get_allowed_cameras_for_filter,
    require_camera_access,
    require_role,
@ -44,6 +45,7 @@ router = APIRouter(tags=[Tags.export])
@router.get(
    "/exports",
    response_model=ExportsResponse,
+    dependencies=[Depends(allow_any_authenticated())],
    summary="Get exports",
    description="""Gets all exports from the database for cameras the user has access to.
    Returns a list of exports ordered by date (most recent first).""",
@ -272,6 +274,7 @@ async def export_delete(event_id: str, request: Request):
@router.get(
    "/exports/{export_id}",
    response_model=ExportModel,
+    dependencies=[Depends(allow_any_authenticated())],
    summary="Get a single export",
    description="""Gets a specific export by ID. The user must have access to the camera
    associated with the export.""",
--- a/frigate/api/fastapi_app.py
+++ b/frigate/api/fastapi_app.py
@ -2,7 +2,7 @@ import logging
 import re
 from typing import Optional

-from fastapi import FastAPI, Request
+from fastapi import Depends, FastAPI, Request
 from fastapi.responses import JSONResponse
 from joserfc.jwk import OctKey
 from playhouse.sqliteq import SqliteQueueDatabase
@ -24,7 +24,7 @@ from frigate.api import (
    preview,
    review,
 )
-from frigate.api.auth import get_jwt_secret, limiter
+from frigate.api.auth import get_jwt_secret, limiter, require_admin_by_default
 from frigate.comms.event_metadata_updater import (
    EventMetadataPublisher,
 )
@ -62,11 +62,15 @@ def create_fastapi_app(
    stats_emitter: StatsEmitter,
    event_metadata_updater: EventMetadataPublisher,
    config_publisher: CameraConfigUpdatePublisher,
+    enforce_default_admin: bool = True,
 ):
    logger.info("Starting FastAPI app")
    app = FastAPI(
        debug=False,
        swagger_ui_parameters={"apisSorter": "alpha", "operationsSorter": "alpha"},
+        dependencies=[Depends(require_admin_by_default())]
+        if enforce_default_admin
+        else [],
    )

    # update the request_address with the x-forwarded-for header from nginx
--- a/frigate/api/media.py
+++ b/frigate/api/media.py
@ -22,7 +22,11 @@ from pathvalidate import sanitize_filename
 from peewee import DoesNotExist, fn, operator
 from tzlocal import get_localzone_name

-from frigate.api.auth import get_allowed_cameras_for_filter, require_camera_access
+from frigate.api.auth import (
+    allow_any_authenticated,
+    get_allowed_cameras_for_filter,
+    require_camera_access,
+)
 from frigate.api.defs.query.media_query_parameters import (
    Extension,
    MediaEventsSnapshotQueryParams,
@ -393,7 +397,7 @@ async def submit_recording_snapshot_to_plus(
        )


-@router.get("/recordings/storage")
+@router.get("/recordings/storage", dependencies=[Depends(allow_any_authenticated())])
 def get_recordings_storage_usage(request: Request):
    recording_stats = request.app.stats_emitter.get_latest_stats()["service"][
        "storage"
@ -417,7 +421,7 @@ def get_recordings_storage_usage(request: Request):
    return JSONResponse(content=camera_usages)


-@router.get("/recordings/summary")
+@router.get("/recordings/summary", dependencies=[Depends(allow_any_authenticated())])
 def all_recordings_summary(
    request: Request,
    params: MediaRecordingsSummaryQueryParams = Depends(),
@ -635,7 +639,11 @@ async def recordings(
    return JSONResponse(content=list(recordings))


-@router.get("/recordings/unavailable", response_model=list[dict])
+@router.get(
+    "/recordings/unavailable",
+    response_model=list[dict],
+    dependencies=[Depends(allow_any_authenticated())],
+)
 async def no_recordings(
    request: Request,
    params: MediaRecordingsAvailabilityQueryParams = Depends(),
@ -937,6 +945,7 @@ async def vod_hour(

@router.get(
    "/vod/event/{event_id}",
+    dependencies=[Depends(allow_any_authenticated())],
    description="Returns an HLS playlist for the specified object. Append /master.m3u8 or /index.m3u8 for HLS playback.",
 )
 async def vod_event(
@ -1053,7 +1062,10 @@ async def event_snapshot(
    )


-@router.get("/events/{event_id}/thumbnail.{extension}")
+@router.get(
+    "/events/{event_id}/thumbnail.{extension}",
+    dependencies=[Depends(require_camera_access)],
+)
 async def event_thumbnail(
    request: Request,
    event_id: str,
@ -1251,7 +1263,10 @@ def grid_snapshot(
        )


-@router.get("/events/{event_id}/snapshot-clean.webp")
+@router.get(
+    "/events/{event_id}/snapshot-clean.webp",
+    dependencies=[Depends(require_camera_access)],
+)
 def event_snapshot_clean(request: Request, event_id: str, download: bool = False):
    webp_bytes = None
    try:
@ -1375,7 +1390,9 @@ def event_snapshot_clean(request: Request, event_id: str, download: bool = False
    )


-@router.get("/events/{event_id}/clip.mp4")
+@router.get(
+    "/events/{event_id}/clip.mp4", dependencies=[Depends(require_camera_access)]
+)
 async def event_clip(
    request: Request,
    event_id: str,
@ -1403,7 +1420,9 @@ async def event_clip(
    )


-@router.get("/events/{event_id}/preview.gif")
+@router.get(
+    "/events/{event_id}/preview.gif", dependencies=[Depends(require_camera_access)]
+)
 def event_preview(request: Request, event_id: str):
    try:
        event: Event = Event.get(Event.id == event_id)
@ -1756,7 +1775,7 @@ def preview_mp4(
    )


-@router.get("/review/{event_id}/preview")
+@router.get("/review/{event_id}/preview", dependencies=[Depends(require_camera_access)])
 def review_preview(
    request: Request,
    event_id: str,
@ -1782,8 +1801,12 @@ def review_preview(
        return preview_mp4(request, review.camera, start_ts, end_ts)


-@router.get("/preview/{file_name}/thumbnail.jpg")
-@router.get("/preview/{file_name}/thumbnail.webp")
+@router.get(
+    "/preview/{file_name}/thumbnail.jpg", dependencies=[Depends(require_camera_access)]
+)
+@router.get(
+    "/preview/{file_name}/thumbnail.webp", dependencies=[Depends(require_camera_access)]
+)
 def preview_thumbnail(file_name: str):
    """Get a thumbnail from the cached preview frames."""
    if len(file_name) > 1000:
--- a/frigate/api/notification.py
+++ b/frigate/api/notification.py
@ -5,11 +5,12 @@ import os
 from typing import Any

 from cryptography.hazmat.primitives import serialization
-from fastapi import APIRouter, Request
+from fastapi import APIRouter, Depends, Request
 from fastapi.responses import JSONResponse
 from peewee import DoesNotExist
 from py_vapid import Vapid01, utils

+from frigate.api.auth import allow_any_authenticated
 from frigate.api.defs.tags import Tags
 from frigate.const import CONFIG_DIR
 from frigate.models import User
@ -21,6 +22,7 @@ router = APIRouter(tags=[Tags.notifications])

@router.get(
    "/notifications/pubkey",
+    dependencies=[Depends(allow_any_authenticated())],
    summary="Get VAPID public key",
    description="""Gets the VAPID public key for the notifications.
    Returns the public key or an error if notifications are not enabled.
@ -47,6 +49,7 @@ def get_vapid_pub_key(request: Request):

@router.post(
    "/notifications/register",
+    dependencies=[Depends(allow_any_authenticated())],
    summary="Register notifications",
    description="""Registers a notifications subscription.
    Returns a success message or an error if the subscription is not provided.
--- a/frigate/api/review.py
+++ b/frigate/api/review.py
@ -14,6 +14,7 @@ from peewee import Case, DoesNotExist, IntegrityError, fn, operator
 from playhouse.shortcuts import model_to_dict

 from frigate.api.auth import (
+    allow_any_authenticated,
    get_allowed_cameras_for_filter,
    get_current_user,
    require_camera_access,
@ -43,7 +44,11 @@ logger = logging.getLogger(__name__)
 router = APIRouter(tags=[Tags.review])


-@router.get("/review", response_model=list[ReviewSegmentResponse])
+@router.get(
+    "/review",
+    response_model=list[ReviewSegmentResponse],
+    dependencies=[Depends(allow_any_authenticated())],
+)
 async def review(
    params: ReviewQueryParams = Depends(),
    current_user: dict = Depends(get_current_user),
@ -152,7 +157,11 @@ async def review(
    return JSONResponse(content=[r for r in review_query])


-@router.get("/review_ids", response_model=list[ReviewSegmentResponse])
+@router.get(
+    "/review_ids",
+    response_model=list[ReviewSegmentResponse],
+    dependencies=[Depends(allow_any_authenticated())],
+)
 async def review_ids(request: Request, ids: str):
    ids = ids.split(",")

@ -186,7 +195,11 @@ async def review_ids(request: Request, ids: str):
        )


-@router.get("/review/summary", response_model=ReviewSummaryResponse)
+@router.get(
+    "/review/summary",
+    response_model=ReviewSummaryResponse,
+    dependencies=[Depends(allow_any_authenticated())],
+)
 async def review_summary(
    params: ReviewSummaryQueryParams = Depends(),
    current_user: dict = Depends(get_current_user),
@ -461,7 +474,11 @@ async def review_summary(
    return JSONResponse(content=data)


-@router.post("/reviews/viewed", response_model=GenericResponse)
+@router.post(
+    "/reviews/viewed",
+    response_model=GenericResponse,
+    dependencies=[Depends(allow_any_authenticated())],
+)
 async def set_multiple_reviewed(
    request: Request,
    body: ReviewModifyMultipleBody,
@ -560,7 +577,9 @@ def delete_reviews(body: ReviewModifyMultipleBody):


@router.get(
-    "/review/activity/motion", response_model=list[ReviewActivityMotionResponse]
+    "/review/activity/motion",
+    response_model=list[ReviewActivityMotionResponse],
+    dependencies=[Depends(allow_any_authenticated())],
 )
 def motion_activity(
    params: ReviewActivityMotionQueryParams = Depends(),
@ -644,7 +663,11 @@ def motion_activity(
    return JSONResponse(content=normalized)


-@router.get("/review/event/{event_id}", response_model=ReviewSegmentResponse)
+@router.get(
+    "/review/event/{event_id}",
+    response_model=ReviewSegmentResponse,
+    dependencies=[Depends(allow_any_authenticated())],
+)
 async def get_review_from_event(request: Request, event_id: str):
    try:
        review = ReviewSegment.get(
@ -659,7 +682,11 @@ async def get_review_from_event(request: Request, event_id: str):
        )


-@router.get("/review/{review_id}", response_model=ReviewSegmentResponse)
+@router.get(
+    "/review/{review_id}",
+    response_model=ReviewSegmentResponse,
+    dependencies=[Depends(allow_any_authenticated())],
+)
 async def get_review(request: Request, review_id: str):
    try:
        review = ReviewSegment.get(ReviewSegment.id == review_id)
@ -672,7 +699,11 @@ async def get_review(request: Request, review_id: str):
        )


-@router.delete("/review/{review_id}/viewed", response_model=GenericResponse)
+@router.delete(
+    "/review/{review_id}/viewed",
+    response_model=GenericResponse,
+    dependencies=[Depends(allow_any_authenticated())],
+)
 async def set_not_reviewed(
    review_id: str,
    current_user: dict = Depends(get_current_user),
@ -710,6 +741,7 @@ async def set_not_reviewed(

@router.post(
    "/review/summarize/start/{start_ts}/end/{end_ts}",
+    dependencies=[Depends(allow_any_authenticated())],
    description="Use GenAI to summarize review items over a period of time.",
 )
 def generate_review_summary(request: Request, start_ts: float, end_ts: float):
--- a/frigate/comms/webpush.py
+++ b/frigate/comms/webpush.py
@ -375,7 +375,19 @@ class WebPushClient(Communicator):
        ended = state == "end" or state == "genai"

        if state == "genai" and payload["after"]["data"]["metadata"]:
-            title = payload["after"]["data"]["metadata"]["title"]
+            base_title = payload["after"]["data"]["metadata"]["title"]
+            threat_level = payload["after"]["data"]["metadata"].get(
+                "potential_threat_level", 0
+            )
+
+            # Add prefix for threat levels 1 and 2
+            if threat_level == 1:
+                title = f"Needs Review: {base_title}"
+            elif threat_level == 2:
+                title = f"Security Concern: {base_title}"
+            else:
+                title = base_title
+
            message = payload["after"]["data"]["metadata"]["scene"]
        else:
            title = f"{titlecase(', '.join(sorted_objects).replace('_', ' '))}{' was' if state == 'end' else ''} detected in {titlecase(', '.join(payload['after']['data']['zones']).replace('_', ' '))}"
--- a/frigate/data_processing/post/review_descriptions.py
+++ b/frigate/data_processing/post/review_descriptions.py
@ -12,6 +12,7 @@ from typing import Any

 import cv2
 from peewee import DoesNotExist
+from titlecase import titlecase

 from frigate.comms.embeddings_updater import EmbeddingsRequestEnum
 from frigate.comms.inter_process import InterProcessRequestor
@ -455,14 +456,14 @@ def run_analysis(

    for i, verified_label in enumerate(final_data["data"]["verified_objects"]):
        object_type = verified_label.replace("-verified", "").replace("_", " ")
-        name = sub_labels_list[i].replace("_", " ").title()
+        name = titlecase(sub_labels_list[i].replace("_", " "))
        unified_objects.append(f"{name} ({object_type})")

    for label in objects_list:
        if "-verified" in label:
            continue
        elif label in labelmap_objects:
-            object_type = label.replace("_", " ").title()
+            object_type = titlecase(label.replace("_", " "))

            if label in attribute_labels:
                unified_objects.append(f"{object_type} (delivery/service)")
--- a/frigate/data_processing/real_time/custom_classification.py
+++ b/frigate/data_processing/real_time/custom_classification.py
@ -99,6 +99,42 @@ class CustomStateClassificationProcessor(RealTimeProcessorApi):
        if self.inference_speed:
            self.inference_speed.update(duration)

+    def _should_save_image(
+        self, camera: str, detected_state: str, score: float = 1.0
+    ) -> bool:
+        """
+        Determine if we should save the image for training.
+        Save when:
+        - State is changing or being verified (regardless of score)
+        - Score is less than 100% (even if state matches, useful for training)
+        Don't save when:
+        - State is stable (matches current_state) AND score is 100%
+        """
+        if camera not in self.state_history:
+            # First detection for this camera, save it
+            return True
+
+        verification = self.state_history[camera]
+        current_state = verification.get("current_state")
+        pending_state = verification.get("pending_state")
+
+        # Save if there's a pending state change being verified
+        if pending_state is not None:
+            return True
+
+        # Save if the detected state differs from the current verified state
+        # (state is changing)
+        if current_state is not None and detected_state != current_state:
+            return True
+
+        # If score is less than 100%, save even if state matches
+        # (useful for training to improve confidence)
+        if score < 1.0:
+            return True
+
+        # Don't save if state is stable (detected_state == current_state) AND score is 100%
+        return False
+
    def verify_state_change(self, camera: str, detected_state: str) -> str | None:
        """
        Verify state change requires 3 consecutive identical states before publishing.
@ -212,14 +248,16 @@ class CustomStateClassificationProcessor(RealTimeProcessorApi):
                return

        if self.interpreter is None:
-            write_classification_attempt(
-                self.train_dir,
-                cv2.cvtColor(frame, cv2.COLOR_RGB2BGR),
-                "none-none",
-                now,
-                "unknown",
-                0.0,
-            )
+            # When interpreter is None, always save (score is 0.0, which is < 1.0)
+            if self._should_save_image(camera, "unknown", 0.0):
+                write_classification_attempt(
+                    self.train_dir,
+                    cv2.cvtColor(frame, cv2.COLOR_RGB2BGR),
+                    "none-none",
+                    now,
+                    "unknown",
+                    0.0,
+                )
            return

        input = np.expand_dims(resized_frame, axis=0)
@ -236,14 +274,17 @@ class CustomStateClassificationProcessor(RealTimeProcessorApi):
        score = round(probs[best_id], 2)
        self.__update_metrics(datetime.datetime.now().timestamp() - now)

-        write_classification_attempt(
-            self.train_dir,
-            cv2.cvtColor(frame, cv2.COLOR_RGB2BGR),
-            "none-none",
-            now,
-            self.labelmap[best_id],
-            score,
-        )
+        detected_state = self.labelmap[best_id]
+
+        if self._should_save_image(camera, detected_state, score):
+            write_classification_attempt(
+                self.train_dir,
+                cv2.cvtColor(frame, cv2.COLOR_RGB2BGR),
+                "none-none",
+                now,
+                detected_state,
+                score,
+            )

        if score < self.model_config.threshold:
            logger.debug(
@ -251,7 +292,6 @@ class CustomStateClassificationProcessor(RealTimeProcessorApi):
            )
            return

-        detected_state = self.labelmap[best_id]
        verified_state = self.verify_state_change(camera, detected_state)

        if verified_state is not None:
@ -405,9 +445,6 @@ class CustomObjectClassificationProcessor(RealTimeProcessorApi):
        if obj_data.get("end_time") is not None:
            return

-        if obj_data.get("stationary"):
-            return
-
        object_id = obj_data["id"]

        if (
--- a/frigate/genai/init.py
+++ b/frigate/genai/init.py
@ -205,14 +205,20 @@ Rules for the report:
  - Group bullets under subheadings when multiple events fall into the same category (e.g., Vehicle Activity, Porch Activity, Unusual Behavior).

 - Threat levels
-  - Always show (threat level: X) for each event.
+  - Always show the threat level for each event using these labels:
+    - Threat level 0: "Normal"
+    - Threat level 1: "Needs review"
+    - Threat level 2: "Security concern"
+  - Format as (threat level: Normal), (threat level: Needs review), or (threat level: Security concern).
  - If multiple events at the same time share the same threat level, only state it once.

 - Final assessment
  - End with a Final Assessment section.
-  - If all events are threat level 1 with no escalation:
+  - If all events are threat level 0:
    Final assessment: Only normal residential activity observed during this period.
-  - If threat level 2+ events are present, clearly summarize them as Potential concerns requiring review.
+  - If threat level 1 events are present:
+    Final assessment: Some activity requires review but no security concerns identified.
+  - If threat level 2 events are present, clearly summarize them as Security concerns requiring immediate attention.

 - Conciseness
  - Do not repeat benign clothing/appearance details unless they distinguish individuals.
--- a/frigate/ptz/onvif.py
+++ b/frigate/ptz/onvif.py
@ -190,7 +190,11 @@ class OnvifController:
        ptz: ONVIFService = await onvif.create_ptz_service()
        self.cams[camera_name]["ptz"] = ptz

-        imaging: ONVIFService = await onvif.create_imaging_service()
+        try:
+            imaging: ONVIFService = await onvif.create_imaging_service()
+        except (Fault, ONVIFError, TransportError, Exception) as e:
+            logger.debug(f"Imaging service not supported for {camera_name}: {e}")
+            imaging = None
        self.cams[camera_name]["imaging"] = imaging
        try:
            video_sources = await media.GetVideoSources()
@ -381,7 +385,10 @@ class OnvifController:
                            f"Disabling autotracking zooming for {camera_name}: Absolute zoom not supported. Exception: {e}"
                        )

-        if self.cams[camera_name]["video_source_token"] is not None:
+        if (
+            self.cams[camera_name]["video_source_token"] is not None
+            and imaging is not None
+        ):
            try:
                imaging_capabilities = await imaging.GetImagingSettings(
                    {"VideoSourceToken": self.cams[camera_name]["video_source_token"]}
@ -421,6 +428,7 @@ class OnvifController:
        if (
            "focus" in self.cams[camera_name]["features"]
            and self.cams[camera_name]["video_source_token"]
+            and self.cams[camera_name]["imaging"] is not None
        ):
            try:
                stop_request = self.cams[camera_name]["imaging"].create_type("Stop")
@ -648,6 +656,7 @@ class OnvifController:
        if (
            "focus" not in self.cams[camera_name]["features"]
            or not self.cams[camera_name]["video_source_token"]
+            or self.cams[camera_name]["imaging"] is None
        ):
            logger.error(f"{camera_name} does not support ONVIF continuous focus.")
            return
--- a/frigate/test/http_api/base_http_test.py
+++ b/frigate/test/http_api/base_http_test.py
@ -3,6 +3,8 @@ import logging
 import os
 import unittest

+from fastapi import Request
+from fastapi.testclient import TestClient
 from peewee_migrate import Router
 from playhouse.sqlite_ext import SqliteExtDatabase
 from playhouse.sqliteq import SqliteQueueDatabase
@ -16,6 +18,20 @@ from frigate.review.types import SeverityEnum
 from frigate.test.const import TEST_DB, TEST_DB_CLEANUPS


+class AuthTestClient(TestClient):
+    """TestClient that automatically adds auth headers to all requests."""
+
+    def request(self, *args, **kwargs):
+        # Add default auth headers if not already present
+        headers = kwargs.get("headers") or {}
+        if "remote-user" not in headers:
+            headers["remote-user"] = "admin"
+        if "remote-role" not in headers:
+            headers["remote-role"] = "admin"
+        kwargs["headers"] = headers
+        return super().request(*args, **kwargs)
+
+
 class BaseTestHttp(unittest.TestCase):
    def setUp(self, models):
        # setup clean database for each test run
@ -113,7 +129,9 @@ class BaseTestHttp(unittest.TestCase):
            pass

    def create_app(self, stats=None, event_metadata_publisher=None):
-        return create_fastapi_app(
+        from frigate.api.auth import get_allowed_cameras_for_filter, get_current_user
+
+        app = create_fastapi_app(
            FrigateConfig(**self.minimal_config),
            self.db,
            None,
@ -123,8 +141,33 @@ class BaseTestHttp(unittest.TestCase):
            stats,
            event_metadata_publisher,
            None,
+            enforce_default_admin=False,
        )

+        # Default test mocks for authentication
+        # Tests can override these in their setUp if needed
+        # This mock uses headers set by AuthTestClient
+        async def mock_get_current_user(request: Request):
+            username = request.headers.get("remote-user")
+            role = request.headers.get("remote-role")
+            if not username or not role:
+                from fastapi.responses import JSONResponse
+
+                return JSONResponse(
+                    content={"message": "No authorization headers."}, status_code=401
+                )
+            return {"username": username, "role": role}
+
+        async def mock_get_allowed_cameras_for_filter(request: Request):
+            return list(self.minimal_config.get("cameras", {}).keys())
+
+        app.dependency_overrides[get_current_user] = mock_get_current_user
+        app.dependency_overrides[get_allowed_cameras_for_filter] = (
+            mock_get_allowed_cameras_for_filter
+        )
+
+        return app
+
    def insert_mock_event(
        self,
        id: str,
--- a/frigate/test/http_api/test_http_app.py
+++ b/frigate/test/http_api/test_http_app.py
@ -1,10 +1,8 @@
 from unittest.mock import Mock

-from fastapi.testclient import TestClient
-
 from frigate.models import Event, Recordings, ReviewSegment
 from frigate.stats.emitter import StatsEmitter
-from frigate.test.http_api.base_http_test import BaseTestHttp
+from frigate.test.http_api.base_http_test import AuthTestClient, BaseTestHttp


 class TestHttpApp(BaseTestHttp):
@ -20,7 +18,7 @@ class TestHttpApp(BaseTestHttp):
        stats.get_latest_stats.return_value = self.test_stats
        app = super().create_app(stats)

-        with TestClient(app) as client:
+        with AuthTestClient(app) as client:
            response = client.get("/stats")
            response_json = response.json()
            assert response_json == self.test_stats
--- a/frigate/test/http_api/test_http_camera_access.py
+++ b/frigate/test/http_api/test_http_camera_access.py
@ -1,14 +1,13 @@
 from unittest.mock import patch

 from fastapi import HTTPException, Request
-from fastapi.testclient import TestClient

 from frigate.api.auth import (
    get_allowed_cameras_for_filter,
    get_current_user,
 )
 from frigate.models import Event, Recordings, ReviewSegment
-from frigate.test.http_api.base_http_test import BaseTestHttp
+from frigate.test.http_api.base_http_test import AuthTestClient, BaseTestHttp


 class TestCameraAccessEventReview(BaseTestHttp):
@ -16,9 +15,17 @@ class TestCameraAccessEventReview(BaseTestHttp):
        super().setUp([Event, ReviewSegment, Recordings])
        self.app = super().create_app()

-        # Mock get_current_user to return valid user for all tests
-        async def mock_get_current_user():
-            return {"username": "test_user", "role": "user"}
+        # Mock get_current_user for all tests
+        async def mock_get_current_user(request: Request):
+            username = request.headers.get("remote-user")
+            role = request.headers.get("remote-role")
+            if not username or not role:
+                from fastapi.responses import JSONResponse
+
+                return JSONResponse(
+                    content={"message": "No authorization headers."}, status_code=401
+                )
+            return {"username": username, "role": role}

        self.app.dependency_overrides[get_current_user] = mock_get_current_user

@ -30,21 +37,25 @@ class TestCameraAccessEventReview(BaseTestHttp):
        super().insert_mock_event("event1", camera="front_door")
        super().insert_mock_event("event2", camera="back_door")

-        self.app.dependency_overrides[get_allowed_cameras_for_filter] = lambda: [
-            "front_door"
-        ]
-        with TestClient(self.app) as client:
+        async def mock_cameras(request: Request):
+            return ["front_door"]
+
+        self.app.dependency_overrides[get_allowed_cameras_for_filter] = mock_cameras
+        with AuthTestClient(self.app) as client:
            resp = client.get("/events")
            assert resp.status_code == 200
            ids = [e["id"] for e in resp.json()]
            assert "event1" in ids
            assert "event2" not in ids

-        self.app.dependency_overrides[get_allowed_cameras_for_filter] = lambda: [
-            "front_door",
-            "back_door",
-        ]
-        with TestClient(self.app) as client:
+        async def mock_cameras(request: Request):
+            return [
+                "front_door",
+                "back_door",
+            ]
+
+        self.app.dependency_overrides[get_allowed_cameras_for_filter] = mock_cameras
+        with AuthTestClient(self.app) as client:
            resp = client.get("/events")
            assert resp.status_code == 200
            ids = [e["id"] for e in resp.json()]
@ -54,21 +65,25 @@ class TestCameraAccessEventReview(BaseTestHttp):
        super().insert_mock_review_segment("rev1", camera="front_door")
        super().insert_mock_review_segment("rev2", camera="back_door")

-        self.app.dependency_overrides[get_allowed_cameras_for_filter] = lambda: [
-            "front_door"
-        ]
-        with TestClient(self.app) as client:
+        async def mock_cameras(request: Request):
+            return ["front_door"]
+
+        self.app.dependency_overrides[get_allowed_cameras_for_filter] = mock_cameras
+        with AuthTestClient(self.app) as client:
            resp = client.get("/review")
            assert resp.status_code == 200
            ids = [r["id"] for r in resp.json()]
            assert "rev1" in ids
            assert "rev2" not in ids

-        self.app.dependency_overrides[get_allowed_cameras_for_filter] = lambda: [
-            "front_door",
-            "back_door",
-        ]
-        with TestClient(self.app) as client:
+        async def mock_cameras(request: Request):
+            return [
+                "front_door",
+                "back_door",
+            ]
+
+        self.app.dependency_overrides[get_allowed_cameras_for_filter] = mock_cameras
+        with AuthTestClient(self.app) as client:
            resp = client.get("/review")
            assert resp.status_code == 200
            ids = [r["id"] for r in resp.json()]
@ -84,7 +99,7 @@ class TestCameraAccessEventReview(BaseTestHttp):
            raise HTTPException(status_code=403, detail="Access denied")

        with patch("frigate.api.event.require_camera_access", mock_require_allowed):
-            with TestClient(self.app) as client:
+            with AuthTestClient(self.app) as client:
                resp = client.get("/events/event1")
                assert resp.status_code == 200
                assert resp.json()["id"] == "event1"
@ -94,7 +109,7 @@ class TestCameraAccessEventReview(BaseTestHttp):
            raise HTTPException(status_code=403, detail="Access denied")

        with patch("frigate.api.event.require_camera_access", mock_require_disallowed):
-            with TestClient(self.app) as client:
+            with AuthTestClient(self.app) as client:
                resp = client.get("/events/event1")
                assert resp.status_code == 403

@ -108,7 +123,7 @@ class TestCameraAccessEventReview(BaseTestHttp):
            raise HTTPException(status_code=403, detail="Access denied")

        with patch("frigate.api.review.require_camera_access", mock_require_allowed):
-            with TestClient(self.app) as client:
+            with AuthTestClient(self.app) as client:
                resp = client.get("/review/rev1")
                assert resp.status_code == 200
                assert resp.json()["id"] == "rev1"
@ -118,7 +133,7 @@ class TestCameraAccessEventReview(BaseTestHttp):
            raise HTTPException(status_code=403, detail="Access denied")

        with patch("frigate.api.review.require_camera_access", mock_require_disallowed):
-            with TestClient(self.app) as client:
+            with AuthTestClient(self.app) as client:
                resp = client.get("/review/rev1")
                assert resp.status_code == 403

@ -126,21 +141,25 @@ class TestCameraAccessEventReview(BaseTestHttp):
        super().insert_mock_event("event1", camera="front_door")
        super().insert_mock_event("event2", camera="back_door")

-        self.app.dependency_overrides[get_allowed_cameras_for_filter] = lambda: [
-            "front_door"
-        ]
-        with TestClient(self.app) as client:
+        async def mock_cameras(request: Request):
+            return ["front_door"]
+
+        self.app.dependency_overrides[get_allowed_cameras_for_filter] = mock_cameras
+        with AuthTestClient(self.app) as client:
            resp = client.get("/events", params={"cameras": "all"})
            assert resp.status_code == 200
            ids = [e["id"] for e in resp.json()]
            assert "event1" in ids
            assert "event2" not in ids

-        self.app.dependency_overrides[get_allowed_cameras_for_filter] = lambda: [
-            "front_door",
-            "back_door",
-        ]
-        with TestClient(self.app) as client:
+        async def mock_cameras(request: Request):
+            return [
+                "front_door",
+                "back_door",
+            ]
+
+        self.app.dependency_overrides[get_allowed_cameras_for_filter] = mock_cameras
+        with AuthTestClient(self.app) as client:
            resp = client.get("/events", params={"cameras": "all"})
            assert resp.status_code == 200
            ids = [e["id"] for e in resp.json()]
@ -150,20 +169,24 @@ class TestCameraAccessEventReview(BaseTestHttp):
        super().insert_mock_event("event1", camera="front_door")
        super().insert_mock_event("event2", camera="back_door")

-        self.app.dependency_overrides[get_allowed_cameras_for_filter] = lambda: [
-            "front_door"
-        ]
-        with TestClient(self.app) as client:
+        async def mock_cameras(request: Request):
+            return ["front_door"]
+
+        self.app.dependency_overrides[get_allowed_cameras_for_filter] = mock_cameras
+        with AuthTestClient(self.app) as client:
            resp = client.get("/events/summary")
            assert resp.status_code == 200
            summary_list = resp.json()
            assert len(summary_list) == 1

-        self.app.dependency_overrides[get_allowed_cameras_for_filter] = lambda: [
-            "front_door",
-            "back_door",
-        ]
-        with TestClient(self.app) as client:
+        async def mock_cameras(request: Request):
+            return [
+                "front_door",
+                "back_door",
+            ]
+
+        self.app.dependency_overrides[get_allowed_cameras_for_filter] = mock_cameras
+        with AuthTestClient(self.app) as client:
            resp = client.get("/events/summary")
            summary_list = resp.json()
            assert len(summary_list) == 2
--- a/frigate/test/http_api/test_http_event.py
+++ b/frigate/test/http_api/test_http_event.py
@ -2,14 +2,13 @@ from datetime import datetime
 from typing import Any
 from unittest.mock import Mock

-from fastapi.testclient import TestClient
 from playhouse.shortcuts import model_to_dict

 from frigate.api.auth import get_allowed_cameras_for_filter, get_current_user
 from frigate.comms.event_metadata_updater import EventMetadataPublisher
 from frigate.models import Event, Recordings, ReviewSegment, Timeline
 from frigate.stats.emitter import StatsEmitter
-from frigate.test.http_api.base_http_test import BaseTestHttp
+from frigate.test.http_api.base_http_test import AuthTestClient, BaseTestHttp, Request
 from frigate.test.test_storage import _insert_mock_event


@ -18,14 +17,26 @@ class TestHttpApp(BaseTestHttp):
        super().setUp([Event, Recordings, ReviewSegment, Timeline])
        self.app = super().create_app()

-        # Mock auth to bypass camera access for tests
-        async def mock_get_current_user(request: Any):
-            return {"username": "test_user", "role": "admin"}
+        # Mock get_current_user for all tests
+        async def mock_get_current_user(request: Request):
+            username = request.headers.get("remote-user")
+            role = request.headers.get("remote-role")
+            if not username or not role:
+                from fastapi.responses import JSONResponse
+
+                return JSONResponse(
+                    content={"message": "No authorization headers."}, status_code=401
+                )
+            return {"username": username, "role": role}

        self.app.dependency_overrides[get_current_user] = mock_get_current_user
-        self.app.dependency_overrides[get_allowed_cameras_for_filter] = lambda: [
-            "front_door"
-        ]
+
+        async def mock_get_allowed_cameras_for_filter(request: Request):
+            return ["front_door"]
+
+        self.app.dependency_overrides[get_allowed_cameras_for_filter] = (
+            mock_get_allowed_cameras_for_filter
+        )

    def tearDown(self):
        self.app.dependency_overrides.clear()
@ -35,20 +46,20 @@ class TestHttpApp(BaseTestHttp):
    ###################################  GET /events Endpoint   #########################################################
    ####################################################################################################################
    def test_get_event_list_no_events(self):
-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            events = client.get("/events").json()
            assert len(events) == 0

    def test_get_event_list_no_match_event_id(self):
        id = "123456.random"
-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            super().insert_mock_event(id)
            events = client.get("/events", params={"event_id": "abc"}).json()
            assert len(events) == 0

    def test_get_event_list_match_event_id(self):
        id = "123456.random"
-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            super().insert_mock_event(id)
            events = client.get("/events", params={"event_id": id}).json()
            assert len(events) == 1
@ -58,7 +69,7 @@ class TestHttpApp(BaseTestHttp):
        now = int(datetime.now().timestamp())

        id = "123456.random"
-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            super().insert_mock_event(id, now, now + 1)
            events = client.get(
                "/events", params={"max_length": 1, "min_length": 1}
@ -69,7 +80,7 @@ class TestHttpApp(BaseTestHttp):
    def test_get_event_list_no_match_max_length(self):
        now = int(datetime.now().timestamp())

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            id = "123456.random"
            super().insert_mock_event(id, now, now + 2)
            events = client.get("/events", params={"max_length": 1}).json()
@ -78,7 +89,7 @@ class TestHttpApp(BaseTestHttp):
    def test_get_event_list_no_match_min_length(self):
        now = int(datetime.now().timestamp())

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            id = "123456.random"
            super().insert_mock_event(id, now, now + 2)
            events = client.get("/events", params={"min_length": 3}).json()
@ -88,7 +99,7 @@ class TestHttpApp(BaseTestHttp):
        id = "123456.random"
        id2 = "54321.random"

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            super().insert_mock_event(id)
            events = client.get("/events").json()
            assert len(events) == 1
@ -108,14 +119,14 @@ class TestHttpApp(BaseTestHttp):
    def test_get_event_list_no_match_has_clip(self):
        now = int(datetime.now().timestamp())

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            id = "123456.random"
            super().insert_mock_event(id, now, now + 2)
            events = client.get("/events", params={"has_clip": 0}).json()
            assert len(events) == 0

    def test_get_event_list_has_clip(self):
-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            id = "123456.random"
            super().insert_mock_event(id, has_clip=True)
            events = client.get("/events", params={"has_clip": 1}).json()
@ -123,7 +134,7 @@ class TestHttpApp(BaseTestHttp):
            assert events[0]["id"] == id

    def test_get_event_list_sort_score(self):
-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            id = "123456.random"
            id2 = "54321.random"
            super().insert_mock_event(id, top_score=37, score=37, data={"score": 50})
@ -141,7 +152,7 @@ class TestHttpApp(BaseTestHttp):
    def test_get_event_list_sort_start_time(self):
        now = int(datetime.now().timestamp())

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            id = "123456.random"
            id2 = "54321.random"
            super().insert_mock_event(id, start_time=now + 3)
@ -159,7 +170,7 @@ class TestHttpApp(BaseTestHttp):
    def test_get_good_event(self):
        id = "123456.random"

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            super().insert_mock_event(id)
            event = client.get(f"/events/{id}").json()

@ -171,7 +182,7 @@ class TestHttpApp(BaseTestHttp):
        id = "123456.random"
        bad_id = "654321.other"

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            super().insert_mock_event(id)
            event_response = client.get(f"/events/{bad_id}")
            assert event_response.status_code == 404
@ -180,7 +191,7 @@ class TestHttpApp(BaseTestHttp):
    def test_delete_event(self):
        id = "123456.random"

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            super().insert_mock_event(id)
            event = client.get(f"/events/{id}").json()
            assert event
@ -193,7 +204,7 @@ class TestHttpApp(BaseTestHttp):
    def test_event_retention(self):
        id = "123456.random"

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            super().insert_mock_event(id)
            client.post(f"/events/{id}/retain", headers={"remote-role": "admin"})
            event = client.get(f"/events/{id}").json()
@ -212,12 +223,11 @@ class TestHttpApp(BaseTestHttp):
        morning = 1656590400  # 06/30/2022 6 am (GMT)
        evening = 1656633600  # 06/30/2022 6 pm (GMT)

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            super().insert_mock_event(morning_id, morning)
            super().insert_mock_event(evening_id, evening)
            # both events come back
            events = client.get("/events").json()
-            print("events!!!", events)
            assert events
            assert len(events) == 2
            # morning event is excluded
@ -248,7 +258,7 @@ class TestHttpApp(BaseTestHttp):

        mock_event_updater.publish.side_effect = update_event

-        with TestClient(app) as client:
+        with AuthTestClient(app) as client:
            super().insert_mock_event(id)
            new_sub_label_response = client.post(
                f"/events/{id}/sub_label",
@ -285,7 +295,7 @@ class TestHttpApp(BaseTestHttp):

        mock_event_updater.publish.side_effect = update_event

-        with TestClient(app) as client:
+        with AuthTestClient(app) as client:
            super().insert_mock_event(id)
            client.post(
                f"/events/{id}/sub_label",
@ -301,7 +311,7 @@ class TestHttpApp(BaseTestHttp):
    ####################################################################################################################
    def test_get_metrics(self):
        """ensure correct prometheus metrics api response"""
-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            ts_start = datetime.now().timestamp()
            ts_end = ts_start + 30
            _insert_mock_event(
--- a/frigate/test/http_api/test_http_media.py
+++ b/frigate/test/http_api/test_http_media.py
@ -1,14 +1,13 @@
 """Unit tests for recordings/media API endpoints."""

 from datetime import datetime, timezone
-from typing import Any

 import pytz
-from fastapi.testclient import TestClient
+from fastapi import Request

 from frigate.api.auth import get_allowed_cameras_for_filter, get_current_user
 from frigate.models import Recordings
-from frigate.test.http_api.base_http_test import BaseTestHttp
+from frigate.test.http_api.base_http_test import AuthTestClient, BaseTestHttp


 class TestHttpMedia(BaseTestHttp):
@ -19,15 +18,26 @@ class TestHttpMedia(BaseTestHttp):
        super().setUp([Recordings])
        self.app = super().create_app()

-        # Mock auth to bypass camera access for tests
-        async def mock_get_current_user(request: Any):
-            return {"username": "test_user", "role": "admin"}
+        # Mock get_current_user for all tests
+        async def mock_get_current_user(request: Request):
+            username = request.headers.get("remote-user")
+            role = request.headers.get("remote-role")
+            if not username or not role:
+                from fastapi.responses import JSONResponse
+
+                return JSONResponse(
+                    content={"message": "No authorization headers."}, status_code=401
+                )
+            return {"username": username, "role": role}

        self.app.dependency_overrides[get_current_user] = mock_get_current_user
-        self.app.dependency_overrides[get_allowed_cameras_for_filter] = lambda: [
-            "front_door",
-            "back_door",
-        ]
+
+        async def mock_get_allowed_cameras_for_filter(request: Request):
+            return ["front_door"]
+
+        self.app.dependency_overrides[get_allowed_cameras_for_filter] = (
+            mock_get_allowed_cameras_for_filter
+        )

    def tearDown(self):
        """Clean up after tests."""
@ -52,7 +62,7 @@ class TestHttpMedia(BaseTestHttp):
        # March 11, 2024 at 12:00 PM EDT (after DST)
        march_11_noon = tz.localize(datetime(2024, 3, 11, 12, 0, 0)).timestamp()

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            # Insert recordings for each day
            Recordings.insert(
                id="recording_march_9",
@ -128,7 +138,7 @@ class TestHttpMedia(BaseTestHttp):
        # November 4, 2024 at 12:00 PM EST (after DST)
        nov_4_noon = tz.localize(datetime(2024, 11, 4, 12, 0, 0)).timestamp()

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            # Insert recordings for each day
            Recordings.insert(
                id="recording_nov_2",
@ -195,7 +205,15 @@ class TestHttpMedia(BaseTestHttp):
        # March 10, 2024 at 3:00 PM EDT (after DST transition)
        march_10_afternoon = tz.localize(datetime(2024, 3, 10, 15, 0, 0)).timestamp()

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
+            # Override allowed cameras for this test to include both
+            async def mock_get_allowed_cameras_for_filter(_request: Request):
+                return ["front_door", "back_door"]
+
+            self.app.dependency_overrides[get_allowed_cameras_for_filter] = (
+                mock_get_allowed_cameras_for_filter
+            )
+
            # Insert recordings for front_door on March 9
            Recordings.insert(
                id="front_march_9",
@ -236,6 +254,14 @@ class TestHttpMedia(BaseTestHttp):
            assert summary["2024-03-09"] is True
            assert summary["2024-03-10"] is True

+            # Reset dependency override back to default single camera for other tests
+            async def reset_allowed_cameras(_request: Request):
+                return ["front_door"]
+
+            self.app.dependency_overrides[get_allowed_cameras_for_filter] = (
+                reset_allowed_cameras
+            )
+
    def test_recordings_summary_at_dst_transition_time(self):
        """
        Test recordings that span the exact DST transition time.
@ -250,7 +276,7 @@ class TestHttpMedia(BaseTestHttp):
        # This is 1.5 hours of actual time but spans the "missing" hour
        after_transition = tz.localize(datetime(2024, 3, 10, 3, 30, 0)).timestamp()

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            Recordings.insert(
                id="recording_during_transition",
                path="/media/recordings/transition.mp4",
@ -283,7 +309,7 @@ class TestHttpMedia(BaseTestHttp):
        march_9_utc = datetime(2024, 3, 9, 17, 0, 0, tzinfo=timezone.utc).timestamp()
        march_10_utc = datetime(2024, 3, 10, 17, 0, 0, tzinfo=timezone.utc).timestamp()

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            Recordings.insert(
                id="recording_march_9_utc",
                path="/media/recordings/march_9_utc.mp4",
@ -325,7 +351,7 @@ class TestHttpMedia(BaseTestHttp):
        """
        Test recordings summary when no recordings exist.
        """
-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            response = client.get(
                "/recordings/summary",
                params={"timezone": "America/New_York", "cameras": "all"},
@ -342,7 +368,7 @@ class TestHttpMedia(BaseTestHttp):
        tz = pytz.timezone("America/New_York")
        march_10_noon = tz.localize(datetime(2024, 3, 10, 12, 0, 0)).timestamp()

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            # Insert recordings for both cameras
            Recordings.insert(
                id="front_recording",
--- a/frigate/test/http_api/test_http_review.py
+++ b/frigate/test/http_api/test_http_review.py
@ -1,12 +1,12 @@
 from datetime import datetime, timedelta

-from fastapi.testclient import TestClient
+from fastapi import Request
 from peewee import DoesNotExist

 from frigate.api.auth import get_allowed_cameras_for_filter, get_current_user
 from frigate.models import Event, Recordings, ReviewSegment, UserReviewStatus
 from frigate.review.types import SeverityEnum
-from frigate.test.http_api.base_http_test import BaseTestHttp
+from frigate.test.http_api.base_http_test import AuthTestClient, BaseTestHttp


 class TestHttpReview(BaseTestHttp):
@ -16,14 +16,26 @@ class TestHttpReview(BaseTestHttp):
        self.user_id = "admin"

        # Mock get_current_user for all tests
-        async def mock_get_current_user():
-            return {"username": self.user_id, "role": "admin"}
+        # This mock uses headers set by AuthTestClient
+        async def mock_get_current_user(request: Request):
+            username = request.headers.get("remote-user")
+            role = request.headers.get("remote-role")
+            if not username or not role:
+                from fastapi.responses import JSONResponse
+
+                return JSONResponse(
+                    content={"message": "No authorization headers."}, status_code=401
+                )
+            return {"username": username, "role": role}

        self.app.dependency_overrides[get_current_user] = mock_get_current_user

-        self.app.dependency_overrides[get_allowed_cameras_for_filter] = lambda: [
-            "front_door"
-        ]
+        async def mock_get_allowed_cameras_for_filter(request: Request):
+            return ["front_door"]
+
+        self.app.dependency_overrides[get_allowed_cameras_for_filter] = (
+            mock_get_allowed_cameras_for_filter
+        )

    def tearDown(self):
        self.app.dependency_overrides.clear()
@ -57,7 +69,7 @@ class TestHttpReview(BaseTestHttp):
        but ends after is included in the results."""
        now = datetime.now().timestamp()

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            super().insert_mock_review_segment("123456.random", now, now + 2)
            response = client.get("/review")
            assert response.status_code == 200
@ -67,7 +79,7 @@ class TestHttpReview(BaseTestHttp):
    def test_get_review_no_filters(self):
        now = datetime.now().timestamp()

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            id = "123456.random"
            super().insert_mock_review_segment(id, now - 2, now - 1)
            response = client.get("/review")
@ -81,7 +93,7 @@ class TestHttpReview(BaseTestHttp):
        """Test that review items outside the range are not returned."""
        now = datetime.now().timestamp()

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            id = "123456.random"
            super().insert_mock_review_segment(id, now - 2, now - 1)
            super().insert_mock_review_segment(f"{id}2", now + 4, now + 5)
@ -97,7 +109,7 @@ class TestHttpReview(BaseTestHttp):
    def test_get_review_with_time_filter(self):
        now = datetime.now().timestamp()

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            id = "123456.random"
            super().insert_mock_review_segment(id, now, now + 2)
            params = {
@ -113,7 +125,7 @@ class TestHttpReview(BaseTestHttp):
    def test_get_review_with_limit_filter(self):
        now = datetime.now().timestamp()

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            id = "123456.random"
            id2 = "654321.random"
            super().insert_mock_review_segment(id, now, now + 2)
@ -132,7 +144,7 @@ class TestHttpReview(BaseTestHttp):
    def test_get_review_with_severity_filters_no_matches(self):
        now = datetime.now().timestamp()

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            id = "123456.random"
            super().insert_mock_review_segment(id, now, now + 2, SeverityEnum.detection)
            params = {
@ -149,7 +161,7 @@ class TestHttpReview(BaseTestHttp):
    def test_get_review_with_severity_filters(self):
        now = datetime.now().timestamp()

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            id = "123456.random"
            super().insert_mock_review_segment(id, now, now + 2, SeverityEnum.detection)
            params = {
@ -165,7 +177,7 @@ class TestHttpReview(BaseTestHttp):
    def test_get_review_with_all_filters(self):
        now = datetime.now().timestamp()

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            id = "123456.random"
            super().insert_mock_review_segment(id, now, now + 2)
            params = {
@ -188,7 +200,7 @@ class TestHttpReview(BaseTestHttp):
    ###################################  GET /review/summary Endpoint   #################################################
    ####################################################################################################################
    def test_get_review_summary_all_filters(self):
-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            super().insert_mock_review_segment("123456.random")
            params = {
                "cameras": "front_door",
@ -219,7 +231,7 @@ class TestHttpReview(BaseTestHttp):
            self.assertEqual(response_json, expected_response)

    def test_get_review_summary_no_filters(self):
-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            super().insert_mock_review_segment("123456.random")
            response = client.get("/review/summary")
            assert response.status_code == 200
@ -247,7 +259,7 @@ class TestHttpReview(BaseTestHttp):
        now = datetime.now()
        five_days_ago = datetime.today() - timedelta(days=5)

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            super().insert_mock_review_segment(
                "123456.random", now.timestamp() - 2, now.timestamp() - 1
            )
@ -291,7 +303,7 @@ class TestHttpReview(BaseTestHttp):
        now = datetime.now()
        five_days_ago = datetime.today() - timedelta(days=5)

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            super().insert_mock_review_segment("123456.random", now.timestamp())
            five_days_ago_ts = five_days_ago.timestamp()
            for i in range(20):
@ -342,7 +354,7 @@ class TestHttpReview(BaseTestHttp):
    def test_get_review_summary_multiple_in_same_day_with_reviewed(self):
        five_days_ago = datetime.today() - timedelta(days=5)

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            five_days_ago_ts = five_days_ago.timestamp()
            for i in range(10):
                id = f"123456_{i}.random_alert_not_reviewed"
@ -393,14 +405,14 @@ class TestHttpReview(BaseTestHttp):
    ####################################################################################################################

    def test_post_reviews_viewed_no_body(self):
-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            super().insert_mock_review_segment("123456.random")
            response = client.post("/reviews/viewed")
            # Missing ids
            assert response.status_code == 422

    def test_post_reviews_viewed_no_body_ids(self):
-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            super().insert_mock_review_segment("123456.random")
            body = {"ids": [""]}
            response = client.post("/reviews/viewed", json=body)
@ -408,7 +420,7 @@ class TestHttpReview(BaseTestHttp):
            assert response.status_code == 422

    def test_post_reviews_viewed_non_existent_id(self):
-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            id = "123456.random"
            super().insert_mock_review_segment(id)
            body = {"ids": ["1"]}
@ -425,7 +437,7 @@ class TestHttpReview(BaseTestHttp):
                )

    def test_post_reviews_viewed(self):
-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            id = "123456.random"
            super().insert_mock_review_segment(id)
            body = {"ids": [id]}
@ -445,14 +457,14 @@ class TestHttpReview(BaseTestHttp):
    ###################################  POST reviews/delete Endpoint   ################################################
    ####################################################################################################################
    def test_post_reviews_delete_no_body(self):
-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            super().insert_mock_review_segment("123456.random")
            response = client.post("/reviews/delete", headers={"remote-role": "admin"})
            # Missing ids
            assert response.status_code == 422

    def test_post_reviews_delete_no_body_ids(self):
-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            super().insert_mock_review_segment("123456.random")
            body = {"ids": [""]}
            response = client.post(
@ -462,7 +474,7 @@ class TestHttpReview(BaseTestHttp):
            assert response.status_code == 422

    def test_post_reviews_delete_non_existent_id(self):
-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            id = "123456.random"
            super().insert_mock_review_segment(id)
            body = {"ids": ["1"]}
@ -479,7 +491,7 @@ class TestHttpReview(BaseTestHttp):
            assert review_ids_in_db_after[0].id == id

    def test_post_reviews_delete(self):
-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            id = "123456.random"
            super().insert_mock_review_segment(id)
            body = {"ids": [id]}
@ -495,7 +507,7 @@ class TestHttpReview(BaseTestHttp):
            assert len(review_ids_in_db_after) == 0

    def test_post_reviews_delete_many(self):
-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            ids = ["123456.random", "654321.random"]
            for id in ids:
                super().insert_mock_review_segment(id)
@ -527,7 +539,7 @@ class TestHttpReview(BaseTestHttp):
    def test_review_activity_motion_no_data_for_time_range(self):
        now = datetime.now().timestamp()

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            params = {
                "after": now,
                "before": now + 3,
@ -540,7 +552,7 @@ class TestHttpReview(BaseTestHttp):
    def test_review_activity_motion(self):
        now = int(datetime.now().timestamp())

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            one_m = int((datetime.now() + timedelta(minutes=1)).timestamp())
            id = "123456.random"
            id2 = "123451.random"
@ -573,7 +585,7 @@ class TestHttpReview(BaseTestHttp):
    ###################################  GET /review/event/{event_id} Endpoint   #######################################
    ####################################################################################################################
    def test_review_event_not_found(self):
-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            response = client.get("/review/event/123456.random")
            assert response.status_code == 404
            response_json = response.json()
@ -585,7 +597,7 @@ class TestHttpReview(BaseTestHttp):
    def test_review_event_not_found_in_data(self):
        now = datetime.now().timestamp()

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            id = "123456.random"
            super().insert_mock_review_segment(id, now + 1, now + 2)
            response = client.get(f"/review/event/{id}")
@ -599,7 +611,7 @@ class TestHttpReview(BaseTestHttp):
    def test_review_get_specific_event(self):
        now = datetime.now().timestamp()

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            event_id = "123456.event.random"
            super().insert_mock_event(event_id)
            review_id = "123456.review.random"
@ -626,7 +638,7 @@ class TestHttpReview(BaseTestHttp):
    ###################################  GET /review/{review_id} Endpoint   #######################################
    ####################################################################################################################
    def test_review_not_found(self):
-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            response = client.get("/review/123456.random")
            assert response.status_code == 404
            response_json = response.json()
@ -638,7 +650,7 @@ class TestHttpReview(BaseTestHttp):
    def test_get_review(self):
        now = datetime.now().timestamp()

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            review_id = "123456.review.random"
            super().insert_mock_review_segment(review_id, now + 1, now + 2)
            response = client.get(f"/review/{review_id}")
@ -662,7 +674,7 @@ class TestHttpReview(BaseTestHttp):
    ####################################################################################################################

    def test_delete_review_viewed_review_not_found(self):
-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            review_id = "123456.random"
            response = client.delete(f"/review/{review_id}/viewed")
            assert response.status_code == 404
@ -675,7 +687,7 @@ class TestHttpReview(BaseTestHttp):
    def test_delete_review_viewed(self):
        now = datetime.now().timestamp()

-        with TestClient(self.app) as client:
+        with AuthTestClient(self.app) as client:
            review_id = "123456.review.random"
            super().insert_mock_review_segment(review_id, now + 1, now + 2)
            self._insert_user_review_status(review_id, reviewed=True)
--- a/frigate/util/config.py
+++ b/frigate/util/config.py
@ -348,7 +348,7 @@ def migrate_016_0(config: dict[str, dict[str, Any]]) -> dict[str, dict[str, Any]


 def migrate_017_0(config: dict[str, dict[str, Any]]) -> dict[str, dict[str, Any]]:
-    """Handle migrating frigate config to 0.16-0"""
+    """Handle migrating frigate config to 0.17-0"""
    new_config = config.copy()

    # migrate global to new recording configuration
@ -380,7 +380,7 @@ def migrate_017_0(config: dict[str, dict[str, Any]]) -> dict[str, dict[str, Any]

    if global_genai:
        new_genai_config = {}
-        new_object_config = config.get("objects", {})
+        new_object_config = new_config.get("objects", {})
        new_object_config["genai"] = {}

        for key in global_genai.keys():
@ -389,7 +389,8 @@ def migrate_017_0(config: dict[str, dict[str, Any]]) -> dict[str, dict[str, Any]
            else:
                new_object_config["genai"][key] = global_genai[key]

-        config["genai"] = new_genai_config
+        new_config["genai"] = new_genai_config
+        new_config["objects"] = new_object_config

    for name, camera in config.get("cameras", {}).items():
        camera_config: dict[str, dict[str, Any]] = camera.copy()
@ -415,8 +416,9 @@ def migrate_017_0(config: dict[str, dict[str, Any]]) -> dict[str, dict[str, Any]
        camera_genai = camera_config.get("genai", {})

        if camera_genai:
-            new_object_config = config.get("objects", {})
-            new_object_config["genai"] = camera_genai
+            camera_object_config = camera_config.get("objects", {})
+            camera_object_config["genai"] = camera_genai
+            camera_config["objects"] = camera_object_config
            del camera_config["genai"]

        new_config["cameras"][name] = camera_config
--- a/frigate/video.py
+++ b/frigate/video.py
@ -124,45 +124,50 @@ def capture_frames(
        config_subscriber.check_for_updates()
        return config.enabled

-    while not stop_event.is_set():
-        if not get_enabled_state():
-            logger.debug(f"Stopping capture thread for disabled {config.name}")
-            break
-
-        fps.value = frame_rate.eps()
-        skipped_fps.value = skipped_eps.eps()
-        current_frame.value = datetime.now().timestamp()
-        frame_name = f"{config.name}_frame{frame_index}"
-        frame_buffer = frame_manager.write(frame_name)
-        try:
-            frame_buffer[:] = ffmpeg_process.stdout.read(frame_size)
-        except Exception:
-            # shutdown has been initiated
-            if stop_event.is_set():
+    try:
+        while not stop_event.is_set():
+            if not get_enabled_state():
+                logger.debug(f"Stopping capture thread for disabled {config.name}")
                break

-            logger.error(f"{config.name}: Unable to read frames from ffmpeg process.")
+            fps.value = frame_rate.eps()
+            skipped_fps.value = skipped_eps.eps()
+            current_frame.value = datetime.now().timestamp()
+            frame_name = f"{config.name}_frame{frame_index}"
+            frame_buffer = frame_manager.write(frame_name)
+            try:
+                frame_buffer[:] = ffmpeg_process.stdout.read(frame_size)
+            except Exception:
+                # shutdown has been initiated
+                if stop_event.is_set():
+                    break

-            if ffmpeg_process.poll() is not None:
                logger.error(
-                    f"{config.name}: ffmpeg process is not running. exiting capture thread..."
+                    f"{config.name}: Unable to read frames from ffmpeg process."
                )
-                break

-            continue
+                if ffmpeg_process.poll() is not None:
+                    logger.error(
+                        f"{config.name}: ffmpeg process is not running. exiting capture thread..."
+                    )
+                    break

-        frame_rate.update()
+                continue

-        # don't lock the queue to check, just try since it should rarely be full
-        try:
-            # add to the queue
-            frame_queue.put((frame_name, current_frame.value), False)
-            frame_manager.close(frame_name)
-        except queue.Full:
-            # if the queue is full, skip this frame
-            skipped_eps.update()
+            frame_rate.update()

-        frame_index = 0 if frame_index == shm_frame_count - 1 else frame_index + 1
+            # don't lock the queue to check, just try since it should rarely be full
+            try:
+                # add to the queue
+                frame_queue.put((frame_name, current_frame.value), False)
+                frame_manager.close(frame_name)
+            except queue.Full:
+                # if the queue is full, skip this frame
+                skipped_eps.update()
+
+            frame_index = 0 if frame_index == shm_frame_count - 1 else frame_index + 1
+    finally:
+        config_subscriber.stop()


 class CameraWatchdog(threading.Thread):
@ -234,6 +239,16 @@ class CameraWatchdog(threading.Thread):
                else:
                    self.ffmpeg_detect_process.wait()

+        # Wait for old capture thread to fully exit before starting a new one
+        if self.capture_thread is not None and self.capture_thread.is_alive():
+            self.logger.info("Waiting for capture thread to exit...")
+            self.capture_thread.join(timeout=5)
+
+            if self.capture_thread.is_alive():
+                self.logger.warning(
+                    f"Capture thread for {self.config.name} did not exit in time"
+                )
+
        self.logger.error(
            "The following ffmpeg logs include the last 100 lines prior to exit."
        )
--- a/web/package-lock.json
+++ b/web/package-lock.json
@ -4702,9 +4702,9 @@
      }
    },
    "node_modules/caniuse-lite": {
-      "version": "1.0.30001651",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001651.tgz",
-      "integrity": "sha512-9Cf+Xv1jJNe1xPZLGuUXLNkE1BoDkqRqYyFJ9TDYSqhduqA4hu4oR9HluGoWYQC/aj8WHjsGVV+bwkh0+tegRg==",
+      "version": "1.0.30001757",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001757.tgz",
+      "integrity": "sha512-r0nnL/I28Zi/yjk1el6ilj27tKcdjLsNqAOZr0yVjWPrSQyHgKI2INaEWw21bAQSv2LXRt1XuCS/GomNpWOxsQ==",
      "dev": true,
      "funding": [
        {
--- a/web/public/locales/en/views/classificationModel.json
+++ b/web/public/locales/en/views/classificationModel.json
@ -166,6 +166,7 @@
      "noImages": "No sample images generated",
      "classifying": "Classifying & Training...",
      "trainingStarted": "Training started successfully",
+      "modelCreated": "Model created successfully. Use the Recent Classifications view to add images for missing states, then train the model.",
      "errors": {
        "noCameras": "No cameras configured",
        "noObjectLabel": "No object label selected",
@ -173,7 +174,11 @@
        "generationFailed": "Generation failed. Please try again.",
        "classifyFailed": "Failed to classify images: {{error}}"
      },
-      "generateSuccess": "Successfully generated sample images"
+      "generateSuccess": "Successfully generated sample images",
+      "missingStatesWarning": {
+        "title": "Missing State Examples",
+        "description": "You haven't selected examples for all states. The model will not be trained until all states have images. After continuing, use the Recent Classifications view to classify images for the missing states, then train the model."
+      }
    }
  }
 }
--- a/web/public/locales/en/views/events.json
+++ b/web/public/locales/en/views/events.json
@ -54,6 +54,7 @@
  "selected_other": "{{count}} selected",
  "camera": "Camera",
  "detected": "detected",
-  "suspiciousActivity": "Suspicious Activity",
-  "threateningActivity": "Threatening Activity"
+  "normalActivity": "Normal",
+  "needsReview": "Needs review",
+  "securityConcern": "Security concern"
 }
--- a/web/src/components/camera/DebugCameraImage.tsx
+++ b/web/src/components/camera/DebugCameraImage.tsx
@ -5,7 +5,7 @@ import { Button } from "../ui/button";
 import { LuSettings } from "react-icons/lu";
 import { useCallback, useMemo, useState } from "react";
 import { Card, CardContent, CardHeader, CardTitle } from "../ui/card";
-import { usePersistence } from "@/hooks/use-persistence";
+import { useUserPersistence } from "@/hooks/use-user-persistence";
 import AutoUpdatingCameraImage from "./AutoUpdatingCameraImage";
 import { useTranslation } from "react-i18next";

@ -24,7 +24,7 @@ export default function DebugCameraImage({
 }: DebugCameraImageProps) {
  const { t } = useTranslation(["components/camera"]);
  const [showSettings, setShowSettings] = useState(false);
-  const [options, setOptions] = usePersistence<Options>(
+  const [options, setOptions] = useUserPersistence<Options>(
    `${cameraConfig?.name}-feed`,
    emptyObject,
  );
--- a/web/src/components/card/AnimatedEventCard.tsx
+++ b/web/src/components/card/AnimatedEventCard.tsx
@ -13,7 +13,7 @@ import { baseUrl } from "@/api/baseUrl";
 import { VideoPreview } from "../preview/ScrubbablePreview";
 import { useApiHost } from "@/api";
 import { isDesktop, isSafari } from "react-device-detect";
-import { usePersistence } from "@/hooks/use-persistence";
+import { useUserPersistence } from "@/hooks/use-user-persistence";
 import { Skeleton } from "../ui/skeleton";
 import { Button } from "../ui/button";
 import { FaCircleCheck } from "react-icons/fa6";
@ -112,7 +112,7 @@ export function AnimatedEventCard({

  // image behavior

-  const [alertVideos, _, alertVideosLoaded] = usePersistence(
+  const [alertVideos, _, alertVideosLoaded] = useUserPersistence(
    "alertVideos",
    true,
  );
--- a/web/src/components/classification/ClassificationModelEditDialog.tsx
+++ b/web/src/components/classification/ClassificationModelEditDialog.tsx
@ -37,7 +37,7 @@ import { useForm } from "react-hook-form";
 import { useTranslation } from "react-i18next";
 import { LuPlus, LuX } from "react-icons/lu";
 import { toast } from "sonner";
-import useSWR from "swr";
+import useSWR, { mutate } from "swr";
 import { z } from "zod";

 type ClassificationModelEditDialogProps = {
@ -240,15 +240,61 @@ export default function ClassificationModelEditDialog({
            position: "top-center",
          });
        } else {
-          // State model - update classes
-          // Note: For state models, updating classes requires renaming categories
-          // which is handled through the dataset API, not the config API
-          // We'll need to implement this by calling the rename endpoint for each class
-          // For now, we just show a message that this requires retraining
+          const stateData = data as StateFormData;
+          const newClasses = stateData.classes.filter(
+            (c) => c.trim().length > 0,
+          );
+          const oldClasses = dataset?.categories
+            ? Object.keys(dataset.categories).filter((key) => key !== "none")
+            : [];

-          toast.info(t("edit.stateClassesInfo"), {
-            position: "top-center",
-          });
+          const renameMap = new Map<string, string>();
+          const maxLength = Math.max(oldClasses.length, newClasses.length);
+
+          for (let i = 0; i < maxLength; i++) {
+            const oldClass = oldClasses[i];
+            const newClass = newClasses[i];
+
+            if (oldClass && newClass && oldClass !== newClass) {
+              renameMap.set(oldClass, newClass);
+            }
+          }
+
+          const renamePromises = Array.from(renameMap.entries()).map(
+            async ([oldName, newName]) => {
+              try {
+                await axios.put(
+                  `/classification/${model.name}/dataset/${oldName}/rename`,
+                  {
+                    new_category: newName,
+                  },
+                );
+              } catch (err) {
+                const error = err as {
+                  response?: { data?: { message?: string; detail?: string } };
+                };
+                const errorMessage =
+                  error.response?.data?.message ||
+                  error.response?.data?.detail ||
+                  "Unknown error";
+                throw new Error(
+                  `Failed to rename ${oldName} to ${newName}: ${errorMessage}`,
+                );
+              }
+            },
+          );
+
+          if (renamePromises.length > 0) {
+            await Promise.all(renamePromises);
+            await mutate(`classification/${model.name}/dataset`);
+            toast.success(t("toast.success.updatedModel"), {
+              position: "top-center",
+            });
+          } else {
+            toast.info(t("edit.stateClassesInfo"), {
+              position: "top-center",
+            });
+          }
        }

        onSuccess();
@ -256,8 +302,10 @@ export default function ClassificationModelEditDialog({
      } catch (err) {
        const error = err as {
          response?: { data?: { message?: string; detail?: string } };
+          message?: string;
        };
        const errorMessage =
+          error.message ||
          error.response?.data?.message ||
          error.response?.data?.detail ||
          "Unknown error";
@ -268,7 +316,7 @@ export default function ClassificationModelEditDialog({
        setIsSaving(false);
      }
    },
-    [isObjectModel, model, t, onSuccess, onClose],
+    [isObjectModel, model, dataset, t, onSuccess, onClose],
  );

  const handleCancel = useCallback(() => {
--- a/web/src/components/classification/wizard/Step3ChooseExamples.tsx
+++ b/web/src/components/classification/wizard/Step3ChooseExamples.tsx
@ -10,12 +10,8 @@ import useSWR from "swr";
 import { baseUrl } from "@/api/baseUrl";
 import { isMobile } from "react-device-detect";
 import { cn } from "@/lib/utils";
-import {
-  Tooltip,
-  TooltipContent,
-  TooltipTrigger,
-} from "@/components/ui/tooltip";
-import { TooltipPortal } from "@radix-ui/react-tooltip";
+import { Alert, AlertDescription, AlertTitle } from "@/components/ui/alert";
+import { IoIosWarning } from "react-icons/io";

 export type Step3FormData = {
  examplesGenerated: boolean;
@ -145,20 +141,67 @@ export default function Step3ChooseExamples({
      );
      await Promise.all(categorizePromises);

-      // Step 3: Kick off training
-      await axios.post(`/classification/${step1Data.modelName}/train`);
+      // Step 2.5: Create empty folders for classes that don't have any images
+      // This ensures all classes are available in the dataset view later
+      const classesWithImages = new Set(
+        Object.values(classifications).filter((c) => c && c !== "none"),
+      );
+      const emptyFolderPromises = step1Data.classes
+        .filter((className) => !classesWithImages.has(className))
+        .map((className) =>
+          axios.post(
+            `/classification/${step1Data.modelName}/dataset/${className}/create`,
+          ),
+        );
+      await Promise.all(emptyFolderPromises);

-      toast.success(t("wizard.step3.trainingStarted"), {
-        closeButton: true,
-      });
-      setIsTraining(true);
+      // Step 3: Determine if we should train
+      // For state models, we need ALL states to have examples
+      // For object models, we need at least 2 classes with images
+      const allStatesHaveExamplesForTraining =
+        step1Data.modelType !== "state" ||
+        step1Data.classes.every((className) =>
+          classesWithImages.has(className),
+        );
+      const shouldTrain =
+        allStatesHaveExamplesForTraining && classesWithImages.size >= 2;
+
+      // Step 4: Kick off training only if we have enough classes with images
+      if (shouldTrain) {
+        await axios.post(`/classification/${step1Data.modelName}/train`);
+
+        toast.success(t("wizard.step3.trainingStarted"), {
+          closeButton: true,
+        });
+        setIsTraining(true);
+      } else {
+        // Don't train - not all states have examples
+        toast.success(t("wizard.step3.modelCreated"), {
+          closeButton: true,
+        });
+        setIsTraining(false);
+        onClose();
+      }
    },
-    [step1Data, step2Data, t],
+    [step1Data, step2Data, t, onClose],
  );

  const handleContinueClassification = useCallback(async () => {
    // Mark selected images with current class
    const newClassifications = { ...imageClassifications };
+
+    // Handle user going back and de-selecting images
+    const imagesToCheck = unknownImages.slice(0, 24);
+    imagesToCheck.forEach((imageName) => {
+      if (
+        newClassifications[imageName] === currentClass &&
+        !selectedImages.has(imageName)
+      ) {
+        delete newClassifications[imageName];
+      }
+    });
+
+    // Then, add all currently selected images to the current class
    selectedImages.forEach((imageName) => {
      newClassifications[imageName] = currentClass;
    });
@ -329,8 +372,43 @@ export default function Step3ChooseExamples({
    return unclassifiedImages.length === 0;
  }, [unclassifiedImages]);

-  // For state models on the last class, require all images to be classified
  const isLastClass = currentClassIndex === allClasses.length - 1;
+  const statesWithExamples = useMemo(() => {
+    if (step1Data.modelType !== "state") return new Set<string>();
+
+    const states = new Set<string>();
+    const allImages = unknownImages.slice(0, 24);
+
+    // Check which states have at least one image classified
+    allImages.forEach((img) => {
+      let className: string | undefined;
+      if (selectedImages.has(img)) {
+        className = currentClass;
+      } else {
+        className = imageClassifications[img];
+      }
+      if (className && allClasses.includes(className)) {
+        states.add(className);
+      }
+    });
+
+    return states;
+  }, [
+    step1Data.modelType,
+    unknownImages,
+    imageClassifications,
+    selectedImages,
+    currentClass,
+    allClasses,
+  ]);
+
+  const allStatesHaveExamples = useMemo(() => {
+    if (step1Data.modelType !== "state") return true;
+    return allClasses.every((className) => statesWithExamples.has(className));
+  }, [step1Data.modelType, allClasses, statesWithExamples]);
+
+  // For state models on the last class, require all images to be classified
+  // But allow proceeding even if not all states have examples (with warning)
  const canProceed = useMemo(() => {
    if (step1Data.modelType === "state" && isLastClass) {
      // Check if all 24 images will be classified after current selections are applied
@ -353,6 +431,28 @@ export default function Step3ChooseExamples({
    selectedImages,
  ]);

+  const hasUnclassifiedImages = useMemo(() => {
+    if (!unknownImages) return false;
+    const allImages = unknownImages.slice(0, 24);
+    return allImages.some((img) => !imageClassifications[img]);
+  }, [unknownImages, imageClassifications]);
+
+  const showMissingStatesWarning = useMemo(() => {
+    return (
+      step1Data.modelType === "state" &&
+      isLastClass &&
+      !allStatesHaveExamples &&
+      !hasUnclassifiedImages &&
+      hasGenerated
+    );
+  }, [
+    step1Data.modelType,
+    isLastClass,
+    allStatesHaveExamples,
+    hasUnclassifiedImages,
+    hasGenerated,
+  ]);
+
  const handleBack = useCallback(() => {
    if (currentClassIndex > 0) {
      const previousClass = allClasses[currentClassIndex - 1];
@ -399,6 +499,17 @@ export default function Step3ChooseExamples({
        </div>
      ) : hasGenerated ? (
        <div className="flex flex-col gap-4">
+          {showMissingStatesWarning && (
+            <Alert variant="destructive">
+              <IoIosWarning className="size-5" />
+              <AlertTitle>
+                {t("wizard.step3.missingStatesWarning.title")}
+              </AlertTitle>
+              <AlertDescription>
+                {t("wizard.step3.missingStatesWarning.description")}
+              </AlertDescription>
+            </Alert>
+          )}
          {!allImagesClassified && (
            <div className="text-center">
              <h3 className="text-lg font-medium">
@ -474,35 +585,22 @@ export default function Step3ChooseExamples({
          <Button type="button" onClick={handleBack} className="sm:flex-1">
            {t("button.back", { ns: "common" })}
          </Button>
-          <Tooltip>
-            <TooltipTrigger asChild>
-              <Button
-                type="button"
-                onClick={
-                  allImagesClassified
-                    ? handleContinue
-                    : handleContinueClassification
-                }
-                variant="select"
-                className="flex items-center justify-center gap-2 sm:flex-1"
-                disabled={
-                  !hasGenerated || isGenerating || isProcessing || !canProceed
-                }
-              >
-                {isProcessing && <ActivityIndicator className="size-4" />}
-                {t("button.continue", { ns: "common" })}
-              </Button>
-            </TooltipTrigger>
-            {!canProceed && (
-              <TooltipPortal>
-                <TooltipContent>
-                  {t("wizard.step3.allImagesRequired", {
-                    count: unclassifiedImages.length,
-                  })}
-                </TooltipContent>
-              </TooltipPortal>
-            )}
-          </Tooltip>
+          <Button
+            type="button"
+            onClick={
+              allImagesClassified
+                ? handleContinue
+                : handleContinueClassification
+            }
+            variant="select"
+            className="flex items-center justify-center gap-2 sm:flex-1"
+            disabled={
+              !hasGenerated || isGenerating || isProcessing || !canProceed
+            }
+          >
+            {isProcessing && <ActivityIndicator className="size-4" />}
+            {t("button.continue", { ns: "common" })}
+          </Button>
        </div>
      )}
    </div>
--- a/web/src/components/filter/CameraGroupSelector.tsx
+++ b/web/src/components/filter/CameraGroupSelector.tsx
@ -7,7 +7,6 @@ import {
 import { isDesktop, isMobile } from "react-device-detect";
 import useSWR from "swr";
 import { MdHome } from "react-icons/md";
-import { usePersistedOverlayState } from "@/hooks/use-overlay-state";
 import { Button, buttonVariants } from "../ui/button";
 import { useCallback, useEffect, useMemo, useState } from "react";
 import { Tooltip, TooltipContent, TooltipTrigger } from "../ui/tooltip";
@ -57,7 +56,7 @@ import { Toaster } from "@/components/ui/sonner";
 import { toast } from "sonner";
 import ActivityIndicator from "../indicators/activity-indicator";
 import { ScrollArea, ScrollBar } from "../ui/scroll-area";
-import { usePersistence } from "@/hooks/use-persistence";
+import { useUserPersistence } from "@/hooks/use-user-persistence";
 import { TooltipPortal } from "@radix-ui/react-tooltip";
 import { cn } from "@/lib/utils";
 import * as LuIcons from "react-icons/lu";
@ -78,7 +77,8 @@ import { useStreamingSettings } from "@/context/streaming-settings-provider";
 import { Trans, useTranslation } from "react-i18next";
 import { CameraNameLabel } from "../camera/FriendlyNameLabel";
 import { useAllowedCameras } from "@/hooks/use-allowed-cameras";
-import { useIsCustomRole } from "@/hooks/use-is-custom-role";
+import { useIsAdmin } from "@/hooks/use-is-admin";
+import { useUserPersistedOverlayState } from "@/hooks/use-overlay-state";

 type CameraGroupSelectorProps = {
  className?: string;
@ -88,7 +88,7 @@ export function CameraGroupSelector({ className }: CameraGroupSelectorProps) {
  const { t } = useTranslation(["components/camera"]);
  const { data: config } = useSWR<FrigateConfig>("config");
  const allowedCameras = useAllowedCameras();
-  const isCustomRole = useIsCustomRole();
+  const isAdmin = useIsAdmin();

  // tooltip

@ -109,9 +109,9 @@ export function CameraGroupSelector({ className }: CameraGroupSelectorProps) {
    [timeoutId],
  );

-  // groups
+  // groups - use user-namespaced key for persistence to avoid cross-user conflicts

-  const [group, setGroup, , deleteGroup] = usePersistedOverlayState(
+  const [group, setGroup, , deleteGroup] = useUserPersistedOverlayState(
    "cameraGroup",
    "default" as string,
  );
@ -124,7 +124,7 @@ export function CameraGroupSelector({ className }: CameraGroupSelectorProps) {
    const allGroups = Object.entries(config.camera_groups);

    // If custom role, filter out groups where user has no accessible cameras
-    if (isCustomRole) {
+    if (!isAdmin) {
      return allGroups
        .filter(([, groupConfig]) => {
          // Check if user has access to at least one camera in this group
@ -136,7 +136,7 @@ export function CameraGroupSelector({ className }: CameraGroupSelectorProps) {
    }

    return allGroups.sort((a, b) => a[1].order - b[1].order);
-  }, [config, allowedCameras, isCustomRole]);
+  }, [config, allowedCameras, isAdmin]);

  // add group

@ -153,7 +153,7 @@ export function CameraGroupSelector({ className }: CameraGroupSelectorProps) {
        activeGroup={group}
        setGroup={setGroup}
        deleteGroup={deleteGroup}
-        isCustomRole={isCustomRole}
+        isAdmin={isAdmin}
      />
      <Scroller className={`${isMobile ? "whitespace-nowrap" : ""}`}>
        <div
@ -221,7 +221,7 @@ export function CameraGroupSelector({ className }: CameraGroupSelectorProps) {
            );
          })}

-          {!isCustomRole && (
+          {isAdmin && (
            <Button
              className="bg-secondary text-muted-foreground"
              aria-label={t("group.add")}
@ -245,7 +245,7 @@ type NewGroupDialogProps = {
  activeGroup?: string;
  setGroup: (value: string | undefined, replace?: boolean | undefined) => void;
  deleteGroup: () => void;
-  isCustomRole?: boolean;
+  isAdmin?: boolean;
 };
 function NewGroupDialog({
  open,
@ -254,7 +254,7 @@ function NewGroupDialog({
  activeGroup,
  setGroup,
  deleteGroup,
-  isCustomRole,
+  isAdmin,
 }: NewGroupDialogProps) {
  const { t } = useTranslation(["components/camera"]);
  const { mutate: updateConfig } = useSWR<FrigateConfig>("config");
@ -276,7 +276,7 @@ function NewGroupDialog({
  const [editState, setEditState] = useState<"none" | "add" | "edit">("none");
  const [isLoading, setIsLoading] = useState(false);

-  const [, , , deleteGridLayout] = usePersistence(
+  const [, , , deleteGridLayout] = useUserPersistence(
    `${activeGroup}-draggable-layout`,
  );

@ -390,7 +390,7 @@ function NewGroupDialog({
              >
                <Title>{t("group.label")}</Title>
                <Description className="sr-only">{t("group.edit")}</Description>
-                {!isCustomRole && (
+                {isAdmin && (
                  <div
                    className={cn(
                      "absolute",
@ -422,7 +422,7 @@ function NewGroupDialog({
                    group={group}
                    onDeleteGroup={() => onDeleteGroup(group[0])}
                    onEditGroup={() => onEditGroup(group)}
-                    isReadOnly={isCustomRole}
+                    isReadOnly={!isAdmin}
                  />
                ))}
              </div>
@ -677,7 +677,7 @@ export function CameraGroupEdit({
    );

  const allowedCameras = useAllowedCameras();
-  const isCustomRole = useIsCustomRole();
+  const isAdmin = useIsAdmin();

  const [openCamera, setOpenCamera] = useState<string | null>();

@ -867,7 +867,7 @@ export function CameraGroupEdit({
                <FormMessage />
                {[
                  ...(birdseyeConfig?.enabled &&
-                  (!isCustomRole || "birdseye" in allowedCameras)
+                  (isAdmin || "birdseye" in allowedCameras)
                    ? ["birdseye"]
                    : []),
                  ...Object.keys(config?.cameras ?? {})
--- a/web/src/components/input/InputWithTags.tsx
+++ b/web/src/components/input/InputWithTags.tsx
@ -37,7 +37,7 @@ import {
 import { cn } from "@/lib/utils";
 import { Tooltip, TooltipContent, TooltipTrigger } from "../ui/tooltip";
 import { TooltipPortal } from "@radix-ui/react-tooltip";
-import { usePersistence } from "@/hooks/use-persistence";
+import { useUserPersistence } from "@/hooks/use-user-persistence";
 import { SaveSearchDialog } from "./SaveSearchDialog";
 import { DeleteSearchDialog } from "./DeleteSearchDialog";
 import {
@ -128,9 +128,8 @@ export default function InputWithTags({

  // TODO: search history from browser storage

-  const [searchHistory, setSearchHistory, searchHistoryLoaded] = usePersistence<
-    SavedSearchQuery[]
-  >("frigate-search-history");
+  const [searchHistory, setSearchHistory, searchHistoryLoaded] =
+    useUserPersistence<SavedSearchQuery[]>("frigate-search-history");

  const [isSaveDialogOpen, setIsSaveDialogOpen] = useState(false);
  const [isDeleteDialogOpen, setIsDeleteDialogOpen] = useState(false);
--- a/web/src/components/menu/LiveContextMenu.tsx
+++ b/web/src/components/menu/LiveContextMenu.tsx
@ -48,6 +48,7 @@ import { useTranslation } from "react-i18next";
 import { useDateLocale } from "@/hooks/use-date-locale";
 import { useIsAdmin } from "@/hooks/use-is-admin";
 import { CameraNameLabel } from "../camera/FriendlyNameLabel";
+import { LiveStreamMetadata } from "@/types/live";

 type LiveContextMenuProps = {
  className?: string;
@ -68,6 +69,7 @@ type LiveContextMenuProps = {
  resetPreferredLiveMode: () => void;
  config?: FrigateConfig;
  children?: ReactNode;
+  streamMetadata?: { [key: string]: LiveStreamMetadata };
 };
 export default function LiveContextMenu({
  className,
@ -88,6 +90,7 @@ export default function LiveContextMenu({
  resetPreferredLiveMode,
  config,
  children,
+  streamMetadata,
 }: LiveContextMenuProps) {
  const { t } = useTranslation("views/live");
  const [showSettings, setShowSettings] = useState(false);
@ -558,6 +561,7 @@ export default function LiveContextMenu({
          setGroupStreamingSettings={setGroupStreamingSettings}
          setIsDialogOpen={setShowSettings}
          onSave={onSave}
+          streamMetadata={streamMetadata}
        />
      </Dialog>
    </div>
--- a/web/src/components/mobile/MobilePage.tsx
+++ b/web/src/components/mobile/MobilePage.tsx
@ -13,7 +13,7 @@ import { cn } from "@/lib/utils";
 import { isPWA } from "@/utils/isPWA";
 import { Button } from "@/components/ui/button";
 import { useTranslation } from "react-i18next";
-import { useLocation } from "react-router-dom";
+import { useHistoryBack } from "@/hooks/use-history-back";

 const MobilePageContext = createContext<{
  open: boolean;
@ -24,15 +24,16 @@ type MobilePageProps = {
  children: React.ReactNode;
  open?: boolean;
  onOpenChange?: (open: boolean) => void;
+  enableHistoryBack?: boolean;
 };

 export function MobilePage({
  children,
  open: controlledOpen,
  onOpenChange,
+  enableHistoryBack = true,
 }: MobilePageProps) {
  const [uncontrolledOpen, setUncontrolledOpen] = useState(false);
-  const location = useLocation();

  const open = controlledOpen ?? uncontrolledOpen;
  const setOpen = useCallback(
@ -46,33 +47,12 @@ export function MobilePage({
    [onOpenChange, setUncontrolledOpen],
  );

-  useEffect(() => {
-    let isActive = true;
-
-    if (open && isActive) {
-      window.history.pushState({ isMobilePage: true }, "", location.pathname);
-    }
-
-    const handlePopState = (event: PopStateEvent) => {
-      if (open && isActive) {
-        event.preventDefault();
-        setOpen(false);
-        // Delay replaceState to ensure state updates are processed
-        setTimeout(() => {
-          if (isActive) {
-            window.history.replaceState(null, "", location.pathname);
-          }
-        }, 0);
-      }
-    };
-
-    window.addEventListener("popstate", handlePopState);
-
-    return () => {
-      isActive = false;
-      window.removeEventListener("popstate", handlePopState);
-    };
-  }, [open, setOpen, location.pathname]);
+  // Handle browser back button to close mobile page
+  useHistoryBack({
+    enabled: enableHistoryBack,
+    open,
+    onClose: () => setOpen(false),
+  });

  return (
    <MobilePageContext.Provider value={{ open, onOpenChange: setOpen }}>
--- a/web/src/components/overlay/ReviewActivityCalendar.tsx
+++ b/web/src/components/overlay/ReviewActivityCalendar.tsx
@ -5,7 +5,7 @@ import { FaCircle } from "react-icons/fa";
 import { getUTCOffset } from "@/utils/dateUtil";
 import { type DayButtonProps, TZDate } from "react-day-picker";
 import { LAST_24_HOURS_KEY } from "@/types/filter";
-import { usePersistence } from "@/hooks/use-persistence";
+import { useUserPersistence } from "@/hooks/use-user-persistence";
 import { cn } from "@/lib/utils";
 import { FrigateConfig } from "@/types/frigateConfig";
 import useSWR from "swr";
@ -27,7 +27,7 @@ export default function ReviewActivityCalendar({
 }: ReviewActivityCalendarProps) {
  const { data: config } = useSWR<FrigateConfig>("config");
  const timezone = useTimezone(config);
-  const [weekStartsOn] = usePersistence("weekStartsOn", 0);
+  const [weekStartsOn] = useUserPersistence("weekStartsOn", 0);

  const disabledDates = useMemo(() => {
    const tomorrow = new Date();
@ -176,7 +176,7 @@ export function TimezoneAwareCalendar({
  selectedDay,
  onSelect,
 }: TimezoneAwareCalendarProps) {
-  const [weekStartsOn] = usePersistence("weekStartsOn", 0);
+  const [weekStartsOn] = useUserPersistence("weekStartsOn", 0);

  const timezoneOffset = useMemo(
    () =>
--- a/web/src/components/overlay/chip/GenAISummaryChip.tsx
+++ b/web/src/components/overlay/chip/GenAISummaryChip.tsx
@ -1,7 +1,11 @@
 import { Dialog, DialogContent, DialogTrigger } from "@/components/ui/dialog";
 import { Drawer, DrawerContent, DrawerTrigger } from "@/components/ui/drawer";
 import { cn } from "@/lib/utils";
-import { ReviewSegment, ThreatLevel } from "@/types/review";
+import {
+  ReviewSegment,
+  ThreatLevel,
+  THREAT_LEVEL_LABELS,
+} from "@/types/review";
 import { useEffect, useMemo, useState } from "react";
 import { isDesktop } from "react-device-detect";
 import { useTranslation } from "react-i18next";
@ -55,13 +59,22 @@ export function GenAISummaryDialog({
    }

    let concerns = "";
-    switch (aiAnalysis.potential_threat_level) {
-      case ThreatLevel.SUSPICIOUS:
-        concerns = `• ${t("suspiciousActivity", { ns: "views/events" })}\n`;
-        break;
-      case ThreatLevel.DANGER:
-        concerns = `• ${t("threateningActivity", { ns: "views/events" })}\n`;
-        break;
+    const threatLevel = aiAnalysis.potential_threat_level ?? 0;
+
+    if (threatLevel > 0) {
+      let label = "";
+
+      switch (threatLevel) {
+        case ThreatLevel.NEEDS_REVIEW:
+          label = t("needsReview", { ns: "views/events" });
+          break;
+        case ThreatLevel.SECURITY_CONCERN:
+          label = t("securityConcern", { ns: "views/events" });
+          break;
+        default:
+          label = THREAT_LEVEL_LABELS[threatLevel as ThreatLevel] || "Unknown";
+      }
+      concerns = `• ${label}\n`;
    }

    (aiAnalysis.other_concerns ?? []).forEach((c) => {
--- a/web/src/components/overlay/detail/SearchDetailDialog.tsx
+++ b/web/src/components/overlay/detail/SearchDetailDialog.tsx
@ -1299,7 +1299,8 @@ function ObjectDetailsTab({
        </div>
      </div>

-      {search.data.type === "object" &&
+      {isAdmin &&
+        search.data.type === "object" &&
        config?.plus?.enabled &&
        search.end_time != undefined &&
        search.has_snapshot && (
--- a/web/src/components/overlay/detail/TrackingDetails.tsx
+++ b/web/src/components/overlay/detail/TrackingDetails.tsx
@ -38,6 +38,7 @@ import { isDesktop, isIOS, isMobileOnly, isSafari } from "react-device-detect";
 import { useApiHost } from "@/api";
 import ImageLoadingIndicator from "@/components/indicators/ImageLoadingIndicator";
 import ObjectTrackOverlay from "../ObjectTrackOverlay";
+import { useIsAdmin } from "@/hooks/use-is-admin";

 type TrackingDetailsProps = {
  className?: string;
@ -777,6 +778,7 @@ function LifecycleIconRow({
  const { data: config } = useSWR<FrigateConfig>("config");
  const [isOpen, setIsOpen] = useState(false);
  const navigate = useNavigate();
+  const isAdmin = useIsAdmin();

  const aspectRatio = useMemo(() => {
    if (!config) {
@ -993,7 +995,7 @@ function LifecycleIconRow({
        <div className="ml-3 flex-shrink-0 px-1 text-right text-xs text-primary-variant">
          <div className="flex flex-row items-center gap-3">
            <div className="whitespace-nowrap">{formattedEventTimestamp}</div>
-            {(config?.plus?.enabled || item.data.box) && (
+            {((isAdmin && config?.plus?.enabled) || item.data.box) && (
              <DropdownMenu open={isOpen} onOpenChange={setIsOpen}>
                <DropdownMenuTrigger>
                  <div className="rounded p-1 pr-2" role="button">
@ -1002,7 +1004,7 @@ function LifecycleIconRow({
                </DropdownMenuTrigger>
                <DropdownMenuPortal>
                  <DropdownMenuContent>
-                    {config?.plus?.enabled && (
+                    {isAdmin && config?.plus?.enabled && (
                      <DropdownMenuItem
                        className="cursor-pointer"
                        onSelect={async () => {
--- a/web/src/components/overlay/dialog/FrigatePlusDialog.tsx
+++ b/web/src/components/overlay/dialog/FrigatePlusDialog.tsx
@ -20,6 +20,7 @@ import ImageLoadingIndicator from "@/components/indicators/ImageLoadingIndicator
 import { baseUrl } from "@/api/baseUrl";
 import { getTranslatedLabel } from "@/utils/i18n";
 import useImageLoaded from "@/hooks/use-image-loaded";
+import { useIsAdmin } from "@/hooks/use-is-admin";

 export type FrigatePlusDialogProps = {
  upload?: Event;
@ -57,7 +58,9 @@ export function FrigatePlusDialog({
  );

  const [imgRef, imgLoaded, onImgLoad] = useImageLoaded();
+  const isAdmin = useIsAdmin();
  const showCard =
+    isAdmin &&
    !!upload &&
    upload.data.type === "object" &&
    upload.plus_id !== "not_enabled" &&
--- a/web/src/components/overlay/dialog/PlatformAwareDialog.tsx
+++ b/web/src/components/overlay/dialog/PlatformAwareDialog.tsx
@ -113,7 +113,12 @@ export function PlatformAwareSheet({
  }

  return (
-    <Sheet open={open} onOpenChange={onOpenChange} modal={false}>
+    <Sheet
+      open={open}
+      onOpenChange={onOpenChange}
+      modal={false}
+      enableHistoryBack
+    >
      <SheetTrigger asChild className={triggerClassName}>
        {trigger}
      </SheetTrigger>
--- a/web/src/components/player/HlsVideoPlayer.tsx
+++ b/web/src/components/player/HlsVideoPlayer.tsx
@ -15,11 +15,12 @@ import { FrigateConfig } from "@/types/frigateConfig";
 import { AxiosResponse } from "axios";
 import { toast } from "sonner";
 import { useOverlayState } from "@/hooks/use-overlay-state";
-import { usePersistence } from "@/hooks/use-persistence";
+import { useUserPersistence } from "@/hooks/use-user-persistence";
 import { cn } from "@/lib/utils";
 import { ASPECT_VERTICAL_LAYOUT, RecordingPlayerError } from "@/types/record";
 import { useTranslation } from "react-i18next";
 import ObjectTrackOverlay from "@/components/overlay/ObjectTrackOverlay";
+import { useIsAdmin } from "@/hooks/use-is-admin";

 // Android native hls does not seek correctly
 const USE_NATIVE_HLS = false;
@ -83,6 +84,7 @@ export default function HlsVideoPlayer({
 }: HlsVideoPlayerProps) {
  const { t } = useTranslation("components/player");
  const { data: config } = useSWR<FrigateConfig>("config");
+  const isAdmin = useIsAdmin();

  // for detail stream context in History
  const currentTime = currentTimeOverride;
@ -208,9 +210,9 @@ export default function HlsVideoPlayer({

  const [tallCamera, setTallCamera] = useState(false);
  const [isPlaying, setIsPlaying] = useState(true);
-  const [muted, setMuted] = usePersistence("hlsPlayerMuted", true);
+  const [muted, setMuted] = useUserPersistence("hlsPlayerMuted", true);
  const [volume, setVolume] = useOverlayState("playerVolume", 1.0);
-  const [defaultPlaybackRate] = usePersistence("playbackRate", 1);
+  const [defaultPlaybackRate] = useUserPersistence("playbackRate", 1);
  const [playbackRate, setPlaybackRate] = useOverlayState(
    "playbackRate",
    defaultPlaybackRate ?? 1,
@ -285,7 +287,7 @@ export default function HlsVideoPlayer({
            volume: true,
            seek: true,
            playbackRate: true,
-            plusUpload: config?.plus?.enabled == true,
+            plusUpload: isAdmin && config?.plus?.enabled == true,
            fullscreen: supportsFullscreen,
          }}
          setControlsOpen={setControlsOpen}
--- a/web/src/components/player/MsePlayer.tsx
+++ b/web/src/components/player/MsePlayer.tsx
@ -1,5 +1,5 @@
 import { baseUrl } from "@/api/baseUrl";
-import { usePersistence } from "@/hooks/use-persistence";
+import { useUserPersistence } from "@/hooks/use-user-persistence";
 import {
  LivePlayerError,
  PlayerStatsType,
@ -72,7 +72,10 @@ function MSEPlayer({
  const [errorCount, setErrorCount] = useState<number>(0);
  const totalBytesLoaded = useRef(0);

-  const [fallbackTimeout] = usePersistence<number>("liveFallbackTimeout", 3);
+  const [fallbackTimeout] = useUserPersistence<number>(
+    "liveFallbackTimeout",
+    3,
+  );

  const videoRef = useRef<HTMLVideoElement>(null);
  const wsRef = useRef<WebSocket | null>(null);
--- a/web/src/components/player/PreviewThumbnailPlayer.tsx
+++ b/web/src/components/player/PreviewThumbnailPlayer.tsx
@ -1,7 +1,11 @@
 import React, { useCallback, useEffect, useMemo, useState } from "react";
 import { useApiHost } from "@/api";
 import { isCurrentHour } from "@/utils/dateUtil";
-import { ReviewSegment } from "@/types/review";
+import {
+  ReviewSegment,
+  ThreatLevel,
+  THREAT_LEVEL_LABELS,
+} from "@/types/review";
 import { getIconForLabel } from "@/utils/iconUtil";
 import TimeAgo from "../dynamic/TimeAgo";
 import useSWR from "swr";
@ -44,7 +48,7 @@ export default function PreviewThumbnailPlayer({
  onClick,
  onTimeUpdate,
 }: PreviewPlayerProps) {
-  const { t } = useTranslation(["components/player"]);
+  const { t } = useTranslation(["components/player", "views/events"]);
  const apiHost = useApiHost();
  const { data: config } = useSWR<FrigateConfig>("config");
  const [imgRef, imgLoaded, onImgLoad] = useImageLoaded();
@ -319,11 +323,21 @@ export default function PreviewThumbnailPlayer({
                </TooltipTrigger>
              </div>
              <TooltipContent className="smart-capitalize">
-                {review.data.metadata.potential_threat_level == 1 ? (
-                  <>{t("suspiciousActivity", { ns: "views/events" })}</>
-                ) : (
-                  <>{t("threateningActivity", { ns: "views/events" })}</>
-                )}
+                {(() => {
+                  const threatLevel =
+                    review.data.metadata.potential_threat_level ?? 0;
+                  switch (threatLevel) {
+                    case ThreatLevel.NEEDS_REVIEW:
+                      return t("needsReview", { ns: "views/events" });
+                    case ThreatLevel.SECURITY_CONCERN:
+                      return t("securityConcern", { ns: "views/events" });
+                    default:
+                      return (
+                        THREAT_LEVEL_LABELS[threatLevel as ThreatLevel] ||
+                        "Unknown"
+                      );
+                  }
+                })()}
              </TooltipContent>
            </Tooltip>
          )}
--- a/web/src/components/settings/CameraStreamingDialog.tsx
+++ b/web/src/components/settings/CameraStreamingDialog.tsx
@ -38,6 +38,7 @@ import { useCameraFriendlyName } from "@/hooks/use-camera-friendly-name";
 type CameraStreamingDialogProps = {
  camera: string;
  groupStreamingSettings: GroupStreamingSettings;
+  streamMetadata?: { [key: string]: LiveStreamMetadata };
  setGroupStreamingSettings: React.Dispatch<
    React.SetStateAction<GroupStreamingSettings>
  >;
@ -48,6 +49,7 @@ type CameraStreamingDialogProps = {
 export function CameraStreamingDialog({
  camera,
  groupStreamingSettings,
+  streamMetadata,
  setGroupStreamingSettings,
  setIsDialogOpen,
  onSave,
@ -76,12 +78,7 @@ export function CameraStreamingDialog({
    [config, streamName],
  );

-  const { data: cameraMetadata } = useSWR<LiveStreamMetadata>(
-    isRestreamed ? `go2rtc/streams/${streamName}` : null,
-    {
-      revalidateOnFocus: false,
-    },
-  );
+  const cameraMetadata = streamName ? streamMetadata?.[streamName] : undefined;

  const supportsAudioOutput = useMemo(() => {
    if (!cameraMetadata) {
--- a/web/src/components/timeline/DetailStream.tsx
+++ b/web/src/components/timeline/DetailStream.tsx
@ -24,7 +24,7 @@ import { cn } from "@/lib/utils";
 import { Tooltip, TooltipContent, TooltipTrigger } from "../ui/tooltip";
 import { Link } from "react-router-dom";
 import { Switch } from "@/components/ui/switch";
-import { usePersistence } from "@/hooks/use-persistence";
+import { useUserPersistence } from "@/hooks/use-user-persistence";
 import { isDesktop } from "react-device-detect";
 import { resolveZoneName } from "@/hooks/use-zone-friendly-name";
 import { PiSlidersHorizontalBold } from "react-icons/pi";
@ -58,7 +58,7 @@ export default function DetailStream({
  const effectiveTime = currentTime - annotationOffset / 1000;
  const [upload, setUpload] = useState<Event | undefined>(undefined);
  const [controlsExpanded, setControlsExpanded] = useState(false);
-  const [alwaysExpandActive, setAlwaysExpandActive] = usePersistence(
+  const [alwaysExpandActive, setAlwaysExpandActive] = useUserPersistence(
    "detailStreamActiveExpanded",
    true,
  );
--- a/web/src/components/timeline/EventMenu.tsx
+++ b/web/src/components/timeline/EventMenu.tsx
@ -13,6 +13,7 @@ import { useTranslation } from "react-i18next";
 import { Event } from "@/types/event";
 import { FrigateConfig } from "@/types/frigateConfig";
 import { useState } from "react";
+import { useIsAdmin } from "@/hooks/use-is-admin";

 type EventMenuProps = {
  event: Event;
@ -35,6 +36,7 @@ export default function EventMenu({
  const navigate = useNavigate();
  const { t } = useTranslation("views/explore");
  const [isOpen, setIsOpen] = useState(false);
+  const isAdmin = useIsAdmin();

  const handleObjectSelect = () => {
    if (isSelected) {
@ -85,7 +87,8 @@ export default function EventMenu({
              </a>
            </DropdownMenuItem>

-            {event.has_snapshot &&
+            {isAdmin &&
+              event.has_snapshot &&
              event.plus_id == undefined &&
              event.data.type == "object" &&
              config?.plus?.enabled && (
--- a/web/src/components/ui/dialog.tsx
+++ b/web/src/components/ui/dialog.tsx
@ -2,6 +2,7 @@ import * as React from "react";
 import * as DialogPrimitive from "@radix-ui/react-dialog";
 import { X } from "lucide-react";
 import { cn } from "@/lib/utils";
+import { useHistoryBack } from "@/hooks/use-history-back";

 // Enhanced Dialog with History Support
 interface HistoryDialogProps extends DialogPrimitive.DialogProps {
@ -15,51 +16,28 @@ const Dialog = ({
  ...props
 }: HistoryDialogProps) => {
  const [internalOpen, setInternalOpen] = React.useState(open || false);
-  const historyStateRef = React.useRef<null | {
-    listener: (e: PopStateEvent) => void;
-  }>(null);

+  // Sync internal state with controlled open prop
  React.useEffect(() => {
    if (open !== undefined) {
      setInternalOpen(open);
    }
  }, [open]);

-  React.useEffect(() => {
-    if (enableHistoryBack) {
-      if (internalOpen) {
-        window.history.pushState({ dialogOpen: true }, "");
+  const handleOpenChange = React.useCallback(
+    (newOpen: boolean) => {
+      setInternalOpen(newOpen);
+      onOpenChange?.(newOpen);
+    },
+    [onOpenChange],
+  );

-        const listener = () => {
-          setInternalOpen(false);
-          if (onOpenChange) onOpenChange(false);
-        };
-
-        historyStateRef.current = { listener };
-        window.addEventListener("popstate", listener);
-
-        return () => {
-          if (internalOpen) {
-            window.removeEventListener("popstate", listener);
-            historyStateRef.current = null;
-          }
-        };
-      } else if (historyStateRef.current) {
-        window.removeEventListener(
-          "popstate",
-          historyStateRef.current.listener,
-        );
-        historyStateRef.current = null;
-      }
-    }
-  }, [enableHistoryBack, internalOpen, onOpenChange]);
-
-  const handleOpenChange = (open: boolean) => {
-    setInternalOpen(open);
-    if (onOpenChange) {
-      onOpenChange(open);
-    }
-  };
+  // Handle browser back button to close dialog
+  useHistoryBack({
+    enabled: enableHistoryBack,
+    open: internalOpen,
+    onClose: () => handleOpenChange(false),
+  });

  return (
    <DialogPrimitive.Root
--- a/web/src/components/ui/sheet.tsx
+++ b/web/src/components/ui/sheet.tsx
@ -4,6 +4,7 @@ import { cva, type VariantProps } from "class-variance-authority";
 import { X } from "lucide-react";

 import { cn } from "@/lib/utils";
+import { useHistoryBack } from "@/hooks/use-history-back";

 // Enhanced Sheet with History Support
 interface HistorySheetProps extends SheetPrimitive.DialogProps {
@ -17,51 +18,28 @@ const Sheet = ({
  ...props
 }: HistorySheetProps) => {
  const [internalOpen, setInternalOpen] = React.useState(open || false);
-  const historyStateRef = React.useRef<null | {
-    listener: (e: PopStateEvent) => void;
-  }>(null);

+  // Sync internal state with controlled open prop
  React.useEffect(() => {
    if (open !== undefined) {
      setInternalOpen(open);
    }
  }, [open]);

-  React.useEffect(() => {
-    if (enableHistoryBack) {
-      if (internalOpen) {
-        window.history.pushState({ sheetOpen: true }, "");
+  const handleOpenChange = React.useCallback(
+    (newOpen: boolean) => {
+      setInternalOpen(newOpen);
+      onOpenChange?.(newOpen);
+    },
+    [onOpenChange],
+  );

-        const listener = () => {
-          setInternalOpen(false);
-          if (onOpenChange) onOpenChange(false);
-        };
-
-        historyStateRef.current = { listener };
-        window.addEventListener("popstate", listener);
-
-        return () => {
-          if (internalOpen) {
-            window.removeEventListener("popstate", listener);
-            historyStateRef.current = null;
-          }
-        };
-      } else if (historyStateRef.current) {
-        window.removeEventListener(
-          "popstate",
-          historyStateRef.current.listener,
-        );
-        historyStateRef.current = null;
-      }
-    }
-  }, [enableHistoryBack, internalOpen, onOpenChange]);
-
-  const handleOpenChange = (open: boolean) => {
-    setInternalOpen(open);
-    if (onOpenChange) {
-      onOpenChange(open);
-    }
-  };
+  // Handle browser back button to close sheet
+  useHistoryBack({
+    enabled: enableHistoryBack,
+    open: internalOpen,
+    onClose: () => handleOpenChange(false),
+  });

  return (
    <SheetPrimitive.Root
--- a/web/src/context/streaming-settings-provider.tsx
+++ b/web/src/context/streaming-settings-provider.tsx
@ -6,7 +6,7 @@ import {
  useContext,
 } from "react";
 import { AllGroupsStreamingSettings } from "@/types/frigateConfig";
-import { usePersistence } from "@/hooks/use-persistence";
+import { useUserPersistence } from "@/hooks/use-user-persistence";

 type StreamingSettingsContextType = {
  allGroupsStreamingSettings: AllGroupsStreamingSettings;
@ -29,7 +29,7 @@ export function StreamingSettingsProvider({
    persistedGroupStreamingSettings,
    setPersistedGroupStreamingSettings,
    isPersistedStreamingSettingsLoaded,
-  ] = usePersistence<AllGroupsStreamingSettings>("streaming-settings");
+  ] = useUserPersistence<AllGroupsStreamingSettings>("streaming-settings");

  useEffect(() => {
    if (isPersistedStreamingSettingsLoaded) {
--- a/web/src/hooks/use-camera-live-mode.ts
+++ b/web/src/hooks/use-camera-live-mode.ts
@ -1,7 +1,8 @@
 import { CameraConfig, FrigateConfig } from "@/types/frigateConfig";
 import { useCallback, useEffect, useState, useMemo } from "react";
 import useSWR from "swr";
-import { LivePlayerMode, LiveStreamMetadata } from "@/types/live";
+import { LivePlayerMode } from "@/types/live";
+import useDeferredStreamMetadata from "./use-deferred-stream-metadata";

 export default function useCameraLiveMode(
  cameras: CameraConfig[],
@ -10,9 +11,9 @@ export default function useCameraLiveMode(
 ) {
  const { data: config } = useSWR<FrigateConfig>("config");

-  // Get comma-separated list of restreamed stream names for SWR key
-  const restreamedStreamsKey = useMemo(() => {
-    if (!cameras || !config) return null;
+  // Compute which streams need metadata (restreamed streams only)
+  const restreamedStreamNames = useMemo(() => {
+    if (!cameras || !config) return [];

    const streamNames = new Set<string>();
    cameras.forEach((camera) => {
@ -31,53 +32,13 @@ export default function useCameraLiveMode(
      }
    });

-    return streamNames.size > 0
-      ? Array.from(streamNames).sort().join(",")
-      : null;
+    return Array.from(streamNames);
  }, [cameras, config, activeStreams]);

-  const streamsFetcher = useCallback(async (key: string) => {
-    const streamNames = key.split(",");
-
-    const metadataPromises = streamNames.map(async (streamName) => {
-      try {
-        const response = await fetch(`/api/go2rtc/streams/${streamName}`, {
-          priority: "low",
-        });
-
-        if (response.ok) {
-          const data = await response.json();
-          return { streamName, data };
-        }
-        return { streamName, data: null };
-      } catch (error) {
-        // eslint-disable-next-line no-console
-        console.error(`Failed to fetch metadata for ${streamName}:`, error);
-        return { streamName, data: null };
-      }
-    });
-
-    const results = await Promise.allSettled(metadataPromises);
-
-    const metadata: { [key: string]: LiveStreamMetadata } = {};
-    results.forEach((result) => {
-      if (result.status === "fulfilled" && result.value.data) {
-        metadata[result.value.streamName] = result.value.data;
-      }
-    });
-
-    return metadata;
-  }, []);
-
-  const { data: allStreamMetadata = {} } = useSWR<{
-    [key: string]: LiveStreamMetadata;
-  }>(restreamedStreamsKey, streamsFetcher, {
-    revalidateOnFocus: false,
-    revalidateOnReconnect: false,
-    revalidateIfStale: false,
-    dedupingInterval: 60000,
-  });
+  // Fetch stream metadata with deferred loading (doesn't block initial render)
+  const streamMetadata = useDeferredStreamMetadata(restreamedStreamNames);

+  // Compute live mode states
  const [preferredLiveModes, setPreferredLiveModes] = useState<{
    [key: string]: LivePlayerMode;
  }>({});
@ -118,10 +79,10 @@ export default function useCameraLiveMode(
        newPreferredLiveModes[camera.name] = isRestreamed ? "mse" : "jsmpeg";
      }

-      // check each stream for audio support
+      // Check each stream for audio support
      if (isRestreamed) {
        Object.values(camera.live.streams).forEach((streamName) => {
-          const metadata = allStreamMetadata?.[streamName];
+          const metadata = streamMetadata[streamName];
          newSupportsAudioOutputStates[streamName] = {
            supportsAudio: metadata
              ? metadata.producers.find(
@ -146,7 +107,7 @@ export default function useCameraLiveMode(
    setPreferredLiveModes(newPreferredLiveModes);
    setIsRestreamedStates(newIsRestreamedStates);
    setSupportsAudioOutputStates(newSupportsAudioOutputStates);
-  }, [cameras, config, windowVisible, allStreamMetadata]);
+  }, [cameras, config, windowVisible, streamMetadata]);

  const resetPreferredLiveMode = useCallback(
    (cameraName: string) => {
@ -176,5 +137,6 @@ export default function useCameraLiveMode(
    resetPreferredLiveMode,
    isRestreamedStates,
    supportsAudioOutputStates,
+    streamMetadata,
  };
 }
--- a/web/src/hooks/use-deferred-stream-metadata.ts
+++ b/web/src/hooks/use-deferred-stream-metadata.ts
@ -0,0 +1,90 @@
+import { baseUrl } from "@/api/baseUrl";
+import { useCallback, useEffect, useState, useMemo } from "react";
+import useSWR from "swr";
+import { LiveStreamMetadata } from "@/types/live";
+
+const FETCH_TIMEOUT_MS = 10000;
+const DEFER_DELAY_MS = 2000;
+
+/**
+ * Hook that fetches go2rtc stream metadata with deferred loading.
+ *
+ * Metadata fetching is delayed to prevent blocking initial page load
+ * and camera image requests.
+ *
+ * @param streamNames - Array of stream names to fetch metadata for
+ * @returns Object containing stream metadata keyed by stream name
+ */
+export default function useDeferredStreamMetadata(streamNames: string[]) {
+  const [fetchEnabled, setFetchEnabled] = useState(false);
+
+  useEffect(() => {
+    const timeoutId = setTimeout(() => {
+      setFetchEnabled(true);
+    }, DEFER_DELAY_MS);
+
+    return () => clearTimeout(timeoutId);
+  }, []);
+
+  const swrKey = useMemo(() => {
+    if (!fetchEnabled || streamNames.length === 0) return null;
+    // Use spread to avoid mutating the original array
+    return `deferred-streams:${[...streamNames].sort().join(",")}`;
+  }, [fetchEnabled, streamNames]);
+
+  const fetcher = useCallback(async (key: string) => {
+    // Extract stream names from key (remove prefix)
+    const names = key.replace("deferred-streams:", "").split(",");
+
+    const promises = names.map(async (streamName) => {
+      const controller = new AbortController();
+      const timeoutId = setTimeout(() => controller.abort(), FETCH_TIMEOUT_MS);
+
+      try {
+        const response = await fetch(
+          `${baseUrl}api/go2rtc/streams/${streamName}`,
+          {
+            priority: "low",
+            signal: controller.signal,
+          },
+        );
+        clearTimeout(timeoutId);
+
+        if (response.ok) {
+          const data = await response.json();
+          return { streamName, data };
+        }
+        return { streamName, data: null };
+      } catch (error) {
+        clearTimeout(timeoutId);
+        if ((error as Error).name !== "AbortError") {
+          // eslint-disable-next-line no-console
+          console.error(`Failed to fetch metadata for ${streamName}:`, error);
+        }
+        return { streamName, data: null };
+      }
+    });
+
+    const results = await Promise.allSettled(promises);
+
+    const metadata: { [key: string]: LiveStreamMetadata } = {};
+    results.forEach((result) => {
+      if (result.status === "fulfilled" && result.value.data) {
+        metadata[result.value.streamName] = result.value.data;
+      }
+    });
+
+    return metadata;
+  }, []);
+
+  const { data: metadata = {} } = useSWR<{
+    [key: string]: LiveStreamMetadata;
+  }>(swrKey, fetcher, {
+    revalidateOnFocus: false,
+    revalidateOnReconnect: false,
+    revalidateIfStale: false,
+    dedupingInterval: 60000,
+  });
+
+  return metadata;
+}
--- a/web/src/hooks/use-history-back.ts
+++ b/web/src/hooks/use-history-back.ts
@ -0,0 +1,74 @@
+import * as React from "react";
+
+interface UseHistoryBackOptions {
+  enabled: boolean;
+  open: boolean;
+  onClose: () => void;
+}
+
+/**
+ * Hook that manages browser history for overlay components (dialogs, sheets, etc.)
+ * When enabled, pressing the browser back button will close the overlay instead of navigating away.
+ */
+export function useHistoryBack({
+  enabled,
+  open,
+  onClose,
+}: UseHistoryBackOptions): void {
+  const historyPushedRef = React.useRef(false);
+  const closedByBackRef = React.useRef(false);
+  const urlWhenOpenedRef = React.useRef<string | null>(null);
+
+  // Keep onClose in a ref to avoid effect re-runs that cause multiple history pushes
+  const onCloseRef = React.useRef(onClose);
+  React.useLayoutEffect(() => {
+    onCloseRef.current = onClose;
+  });
+
+  React.useEffect(() => {
+    if (!enabled) return;
+
+    if (open) {
+      // Only push history state if we haven't already (prevents duplicates in strict mode)
+      if (!historyPushedRef.current) {
+        // Store the current URL (pathname + search, without hash) before pushing history state
+        urlWhenOpenedRef.current =
+          window.location.pathname + window.location.search;
+        window.history.pushState({ overlayOpen: true }, "");
+        historyPushedRef.current = true;
+      }
+
+      const handlePopState = () => {
+        closedByBackRef.current = true;
+        historyPushedRef.current = false;
+        urlWhenOpenedRef.current = null;
+        onCloseRef.current();
+      };
+
+      window.addEventListener("popstate", handlePopState);
+
+      return () => {
+        window.removeEventListener("popstate", handlePopState);
+      };
+    } else {
+      // Overlay is closing - clean up history if we pushed and it wasn't via back button
+      if (historyPushedRef.current && !closedByBackRef.current) {
+        const currentUrl = window.location.pathname + window.location.search;
+        const urlWhenOpened = urlWhenOpenedRef.current;
+
+        // If the URL has changed (e.g., filters were applied via search params),
+        // don't go back as it would undo the filter update.
+        // The history entry we pushed will remain, but that's acceptable compared
+        // to losing the user's filter changes.
+        if (!urlWhenOpened || currentUrl === urlWhenOpened) {
+          // URL hasn't changed, safe to go back and remove our history entry
+          window.history.back();
+        }
+        // If URL changed, we skip history.back() to preserve the filter updates
+      }
+      historyPushedRef.current = false;
+      closedByBackRef.current = false;
+      urlWhenOpenedRef.current = null;
+    }
+  }, [enabled, open]);
+}
--- a/web/src/hooks/use-overlay-state.tsx
+++ b/web/src/hooks/use-overlay-state.tsx
@ -1,6 +1,8 @@
-import { useCallback, useEffect, useMemo } from "react";
+import { useCallback, useContext, useEffect, useMemo } from "react";
 import { useLocation, useNavigate, useSearchParams } from "react-router-dom";
 import { usePersistence } from "./use-persistence";
+import { useUserPersistence } from "./use-user-persistence";
+import { AuthContext } from "@/context/auth-context";

 export function useOverlayState<S>(
  key: string,
@ -79,6 +81,60 @@ export function usePersistedOverlayState<S extends string>(
  ];
 }

+/**
+ * Like usePersistedOverlayState, but namespaces the persistence key by username.
+ * This ensures different users on the same browser don't share state.
+ * Automatically migrates data from legacy (non-namespaced) keys on first use.
+ */
+export function useUserPersistedOverlayState<S extends string>(
+  key: string,
+  defaultValue: S | undefined = undefined,
+): [
+  S | undefined,
+  (value: S | undefined, replace?: boolean) => void,
+  boolean,
+  () => void,
+] {
+  const { auth } = useContext(AuthContext);
+  const location = useLocation();
+  const navigate = useNavigate();
+  const currentLocationState = useMemo(() => location.state, [location]);
+
+  // currently selected value from URL state
+  const overlayStateValue = useMemo<S | undefined>(
+    () => location.state && location.state[key],
+    [location, key],
+  );
+
+  // saved value from previous session (user-namespaced with migration)
+  const [persistedValue, setPersistedValue, loaded, deletePersistedValue] =
+    useUserPersistence<S>(key, overlayStateValue);
+
+  const setOverlayStateValue = useCallback(
+    (value: S | undefined, replace: boolean = false) => {
+      setPersistedValue(value);
+      const newLocationState = { ...currentLocationState };
+      newLocationState[key] = value;
+      navigate(location.pathname, { state: newLocationState, replace });
+    },
+    // we know that these deps are correct
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+    [key, currentLocationState, navigate, setPersistedValue],
+  );
+
+  // Don't return a value until auth has finished loading
+  if (auth.isLoading) {
+    return [undefined, setOverlayStateValue, false, deletePersistedValue];
+  }
+
+  return [
+    overlayStateValue ?? persistedValue ?? defaultValue,
+    setOverlayStateValue,
+    loaded,
+    deletePersistedValue,
+  ];
+}
+
 export function useHashState<S extends string>(): [
  S | undefined,
  (value: S) => void,
--- a/web/src/hooks/use-user-persistence.ts
+++ b/web/src/hooks/use-user-persistence.ts
@ -0,0 +1,199 @@
+import { useEffect, useState, useCallback, useContext, useRef } from "react";
+import { get as getData, set as setData, del as delData } from "idb-keyval";
+import { AuthContext } from "@/context/auth-context";
+
+type useUserPersistenceReturn<S> = [
+  value: S | undefined,
+  setValue: (value: S | undefined) => void,
+  loaded: boolean,
+  deleteValue: () => void,
+];
+
+// Key used to track which keys have been migrated to prevent re-reading old keys
+const MIGRATED_KEYS_STORAGE_KEY = "frigate-migrated-user-keys";
+
+/**
+ * Compute the user-namespaced key for a given base key and username.
+ */
+export function getUserNamespacedKey(
+  key: string,
+  username: string | undefined,
+): string {
+  const isAuthenticated = username && username !== "anonymous";
+  return isAuthenticated ? `${key}:${username}` : key;
+}
+
+/**
+ * Delete a user-namespaced key from storage.
+ * This is useful for clearing user-specific data from settings pages.
+ */
+export async function deleteUserNamespacedKey(
+  key: string,
+  username: string | undefined,
+): Promise<void> {
+  const namespacedKey = getUserNamespacedKey(key, username);
+  await delData(namespacedKey);
+}
+
+/**
+ * Get the set of keys that have already been migrated for a specific user.
+ */
+async function getMigratedKeys(username: string): Promise<Set<string>> {
+  const allMigrated =
+    (await getData<Record<string, string[]>>(MIGRATED_KEYS_STORAGE_KEY)) || {};
+  return new Set(allMigrated[username] || []);
+}
+
+/**
+ * Mark a key as migrated for a specific user.
+ */
+async function markKeyAsMigrated(username: string, key: string): Promise<void> {
+  const allMigrated =
+    (await getData<Record<string, string[]>>(MIGRATED_KEYS_STORAGE_KEY)) || {};
+  const userMigrated = new Set(allMigrated[username] || []);
+  userMigrated.add(key);
+  allMigrated[username] = Array.from(userMigrated);
+  await setData(MIGRATED_KEYS_STORAGE_KEY, allMigrated);
+}
+
+/**
+ * Hook for user-namespaced persistence with automatic migration from legacy keys.
+ *
+ * This hook:
+ * 1. Namespaces storage keys by username to isolate per-user preferences
+ * 2. Automatically migrates data from legacy (non-namespaced) keys on first use
+ * 3. Tracks migrated keys to prevent re-reading stale data after migration
+ * 4. Waits for auth to load before returning values to prevent race conditions
+ *
+ * @param key - The base key name (will be namespaced with username)
+ * @param defaultValue - Default value if no persisted value exists
+ */
+export function useUserPersistence<S>(
+  key: string,
+  defaultValue: S | undefined = undefined,
+): useUserPersistenceReturn<S> {
+  const { auth } = useContext(AuthContext);
+  const [value, setInternalValue] = useState<S | undefined>(defaultValue);
+  const [loaded, setLoaded] = useState<boolean>(false);
+  const migrationAttemptedRef = useRef(false);
+
+  // Compute the user-namespaced key
+  const username = auth?.user?.username;
+  const isAuthenticated =
+    username && username !== "anonymous" && !auth.isLoading;
+  const namespacedKey = isAuthenticated ? `${key}:${username}` : key;
+
+  // Track the key that was used when loading to prevent cross-key writes
+  const loadedKeyRef = useRef<string | null>(null);
+
+  const setValue = useCallback(
+    (newValue: S | undefined) => {
+      // Only allow writes if we've loaded for this key
+      // This prevents stale callbacks from writing to the wrong key
+      if (loadedKeyRef.current !== namespacedKey) {
+        return;
+      }
+      setInternalValue(newValue);
+      async function update() {
+        await setData(namespacedKey, newValue);
+      }
+      update();
+    },
+    [namespacedKey],
+  );
+
+  const deleteValue = useCallback(async () => {
+    if (loadedKeyRef.current !== namespacedKey) {
+      return;
+    }
+    await delData(namespacedKey);
+    setInternalValue(defaultValue);
+  }, [namespacedKey, defaultValue]);
+
+  useEffect(() => {
+    // Don't load until auth is resolved
+    if (auth.isLoading) {
+      return;
+    }
+
+    // Reset state when key changes - this prevents stale writes
+    loadedKeyRef.current = null;
+    migrationAttemptedRef.current = false;
+    setLoaded(false);
+
+    async function loadWithMigration() {
+      // For authenticated users, check if we need to migrate from legacy key
+      if (isAuthenticated && username && !migrationAttemptedRef.current) {
+        migrationAttemptedRef.current = true;
+
+        const migratedKeys = await getMigratedKeys(username);
+
+        // Check if we already have data in the namespaced key
+        const existingNamespacedValue = await getData<S>(namespacedKey);
+
+        if (typeof existingNamespacedValue !== "undefined") {
+          // Already have namespaced data, use it
+          setInternalValue(existingNamespacedValue);
+          loadedKeyRef.current = namespacedKey;
+          setLoaded(true);
+          return;
+        }
+
+        // Check if this key has already been migrated (even if value was deleted)
+        if (migratedKeys.has(key)) {
+          // Already migrated, don't read from legacy key
+          setInternalValue(defaultValue);
+          loadedKeyRef.current = namespacedKey;
+          setLoaded(true);
+          return;
+        }
+
+        // Try to migrate from legacy key
+        const legacyValue = await getData<S>(key);
+        if (typeof legacyValue !== "undefined") {
+          // Migrate: copy to namespaced key, delete legacy key, mark as migrated
+          await setData(namespacedKey, legacyValue);
+          await delData(key);
+          await markKeyAsMigrated(username, key);
+          setInternalValue(legacyValue);
+          loadedKeyRef.current = namespacedKey;
+          setLoaded(true);
+          return;
+        }
+
+        // No legacy value, just mark as migrated so we don't check again
+        await markKeyAsMigrated(username, key);
+        setInternalValue(defaultValue);
+        loadedKeyRef.current = namespacedKey;
+        setLoaded(true);
+        return;
+      }
+
+      // For unauthenticated users or after migration check, just load normally
+      const storedValue = await getData<S>(namespacedKey);
+      if (typeof storedValue !== "undefined") {
+        setInternalValue(storedValue);
+      } else {
+        setInternalValue(defaultValue);
+      }
+      loadedKeyRef.current = namespacedKey;
+      setLoaded(true);
+    }
+
+    loadWithMigration();
+  }, [
+    auth.isLoading,
+    isAuthenticated,
+    username,
+    key,
+    namespacedKey,
+    defaultValue,
+  ]);
+
+  // Don't return a value until auth has finished loading
+  if (auth.isLoading) {
+    return [undefined, setValue, false, deleteValue];
+  }
+
+  return [value, setValue, loaded, deleteValue];
+}
--- a/web/src/pages/ConfigEditor.tsx
+++ b/web/src/pages/ConfigEditor.tsx
@ -49,6 +49,7 @@ function ConfigEditor() {

  const [restartDialogOpen, setRestartDialogOpen] = useState(false);
  const { send: sendRestart } = useRestart();
+  const initialValidationRef = useRef(false);

  const onHandleSaveConfig = useCallback(
    async (save_option: SaveOptions): Promise<void> => {
@ -171,6 +172,33 @@ function ConfigEditor() {
    };
  }, [rawConfig, apiHost, systemTheme, theme, onHandleSaveConfig]);

+  // when in safe mode, attempt to validate the existing (invalid) config immediately
+  // so that the user sees the validation errors without needing to press save
+  useEffect(() => {
+    if (
+      config?.safe_mode &&
+      rawConfig &&
+      !initialValidationRef.current &&
+      !error
+    ) {
+      initialValidationRef.current = true;
+      axios
+        .post(`config/save?save_option=saveonly`, rawConfig, {
+          headers: { "Content-Type": "text/plain" },
+        })
+        .then(() => {
+          // if this succeeds while in safe mode, we won't force any UI change
+        })
+        .catch((e: AxiosError<ApiErrorResponse>) => {
+          const errorMessage =
+            e.response?.data?.message ||
+            e.response?.data?.detail ||
+            "Unknown error";
+          setError(errorMessage);
+        });
+    }
+  }, [config?.safe_mode, rawConfig, error]);
+
  // monitoring state

  const [hasChanges, setHasChanges] = useState(false);
--- a/web/src/pages/Events.tsx
+++ b/web/src/pages/Events.tsx
@ -3,7 +3,7 @@ import useApiFilter from "@/hooks/use-api-filter";
 import { useCameraPreviews } from "@/hooks/use-camera-previews";
 import { useTimezone } from "@/hooks/use-date-utils";
 import { useOverlayState, useSearchEffect } from "@/hooks/use-overlay-state";
-import { usePersistence } from "@/hooks/use-persistence";
+import { useUserPersistence } from "@/hooks/use-user-persistence";
 import { FrigateConfig } from "@/types/frigateConfig";
 import { RecordingStartingPoint } from "@/types/record";
 import {
@ -42,7 +42,10 @@ export default function Events() {
    "alert",
  );

-  const [showReviewed, setShowReviewed] = usePersistence("showReviewed", false);
+  const [showReviewed, setShowReviewed] = useUserPersistence(
+    "showReviewed",
+    false,
+  );

  const [recording, setRecording] = useOverlayState<RecordingStartingPoint>(
    "recording",
--- a/web/src/pages/Explore.tsx
+++ b/web/src/pages/Explore.tsx
@ -7,7 +7,7 @@ import ActivityIndicator from "@/components/indicators/activity-indicator";
 import AnimatedCircularProgressBar from "@/components/ui/circular-progress-bar";
 import { useApiFilterArgs } from "@/hooks/use-api-filter";
 import { useTimezone } from "@/hooks/use-date-utils";
-import { usePersistence } from "@/hooks/use-persistence";
+import { useUserPersistence } from "@/hooks/use-user-persistence";
 import { FrigateConfig } from "@/types/frigateConfig";
 import { SearchFilter, SearchQuery, SearchResult } from "@/types/search";
 import { ModelState } from "@/types/ws";
@ -47,7 +47,10 @@ export default function Explore() {

  // grid

-  const [columnCount, setColumnCount] = usePersistence("exploreGridColumns", 4);
+  const [columnCount, setColumnCount] = useUserPersistence(
+    "exploreGridColumns",
+    4,
+  );
  const gridColumns = useMemo(() => {
    if (isMobileOnly) {
      return 2;
@ -57,7 +60,7 @@ export default function Explore() {

  // default layout

-  const [defaultView, setDefaultView, defaultViewLoaded] = usePersistence(
+  const [defaultView, setDefaultView, defaultViewLoaded] = useUserPersistence(
    "exploreDefaultView",
    "summary",
  );
--- a/web/src/pages/Live.tsx
+++ b/web/src/pages/Live.tsx
@ -1,10 +1,7 @@
 import { useFullscreen } from "@/hooks/use-fullscreen";
 import useKeyboardListener from "@/hooks/use-keyboard-listener";
-import {
-  useHashState,
-  usePersistedOverlayState,
-  useSearchEffect,
-} from "@/hooks/use-overlay-state";
+import { useHashState, useSearchEffect } from "@/hooks/use-overlay-state";
+import { useUserPersistedOverlayState } from "@/hooks/use-overlay-state";
 import { FrigateConfig } from "@/types/frigateConfig";
 import LiveBirdseyeView from "@/views/live/LiveBirdseyeView";
 import LiveCameraView from "@/views/live/LiveCameraView";
@ -14,17 +11,17 @@ import { useTranslation } from "react-i18next";
 import { useEffect, useMemo, useRef } from "react";
 import useSWR from "swr";
 import { useAllowedCameras } from "@/hooks/use-allowed-cameras";
-import { useIsCustomRole } from "@/hooks/use-is-custom-role";
+import { useIsAdmin } from "@/hooks/use-is-admin";

 function Live() {
  const { t } = useTranslation(["views/live"]);
  const { data: config } = useSWR<FrigateConfig>("config");
-  const isCustomRole = useIsCustomRole();
+  const isAdmin = useIsAdmin();

  // selection

  const [selectedCameraName, setSelectedCameraName] = useHashState();
-  const [cameraGroup, setCameraGroup, loaded, ,] = usePersistedOverlayState(
+  const [cameraGroup, setCameraGroup, loaded] = useUserPersistedOverlayState(
    "cameraGroup",
    "default" as string,
  );
@ -94,7 +91,7 @@ function Live() {

  const includesBirdseye = useMemo(() => {
    // Restricted users should never have access to birdseye
-    if (isCustomRole) {
+    if (!isAdmin) {
      return false;
    }

@ -109,7 +106,7 @@ function Live() {
    } else {
      return false;
    }
-  }, [config, cameraGroup, isCustomRole]);
+  }, [config, cameraGroup, isAdmin]);

  const cameras = useMemo(() => {
    if (!config) {
--- a/web/src/types/review.ts
+++ b/web/src/types/review.ts
@ -87,6 +87,13 @@ export type ZoomLevel = {
 };

 export enum ThreatLevel {
-  SUSPICIOUS = 1,
-  DANGER = 2,
+  NORMAL = 0,
+  NEEDS_REVIEW = 1,
+  SECURITY_CONCERN = 2,
 }
+
+export const THREAT_LEVEL_LABELS: Record<ThreatLevel, string> = {
+  [ThreatLevel.NORMAL]: "Normal",
+  [ThreatLevel.NEEDS_REVIEW]: "Needs review",
+  [ThreatLevel.SECURITY_CONCERN]: "Security concern",
+};
--- a/web/src/utils/cameraUtil.ts
+++ b/web/src/utils/cameraUtil.ts
@ -1,3 +1,4 @@
+import { baseUrl } from "@/api/baseUrl";
 import { generateFixedHash, isValidId } from "./stringUtil";

 /**
@ -52,9 +53,12 @@ export async function detectReolinkCamera(
      password,
    });

-    const response = await fetch(`/api/reolink/detect?${params.toString()}`, {
-      method: "GET",
-    });
+    const response = await fetch(
+      `${baseUrl}api/reolink/detect?${params.toString()}`,
+      {
+        method: "GET",
+      },
+    );

    if (!response.ok) {
      return null;
--- a/web/src/views/live/DraggableGridLayout.tsx
+++ b/web/src/views/live/DraggableGridLayout.tsx
@ -1,4 +1,4 @@
-import { usePersistence } from "@/hooks/use-persistence";
+import { useUserPersistence } from "@/hooks/use-user-persistence";
 import {
  AllGroupsStreamingSettings,
  BirdseyeConfig,
@ -24,6 +24,7 @@ import "react-resizable/css/styles.css";
 import {
  AudioState,
  LivePlayerMode,
+  LiveStreamMetadata,
  StatsState,
  VolumeState,
 } from "@/types/live";
@ -39,7 +40,7 @@ import { IoClose } from "react-icons/io5";
 import { LuLayoutDashboard, LuPencil } from "react-icons/lu";
 import { cn } from "@/lib/utils";
 import { EditGroupDialog } from "@/components/filter/CameraGroupSelector";
-import { usePersistedOverlayState } from "@/hooks/use-overlay-state";
+import { useUserPersistedOverlayState } from "@/hooks/use-overlay-state";
 import { FaCompress, FaExpand } from "react-icons/fa";
 import {
  Tooltip,
@ -47,7 +48,6 @@ import {
  TooltipContent,
 } from "@/components/ui/tooltip";
 import { Toaster } from "@/components/ui/sonner";
-import useCameraLiveMode from "@/hooks/use-camera-live-mode";
 import LiveContextMenu from "@/components/menu/LiveContextMenu";
 import { useStreamingSettings } from "@/context/streaming-settings-provider";
 import { useTranslation } from "react-i18next";
@ -65,6 +65,16 @@ type DraggableGridLayoutProps = {
  setIsEditMode: React.Dispatch<React.SetStateAction<boolean>>;
  fullscreen: boolean;
  toggleFullscreen: () => void;
+  preferredLiveModes: { [key: string]: LivePlayerMode };
+  setPreferredLiveModes: React.Dispatch<
+    React.SetStateAction<{ [key: string]: LivePlayerMode }>
+  >;
+  resetPreferredLiveMode: (cameraName: string) => void;
+  isRestreamedStates: { [key: string]: boolean };
+  supportsAudioOutputStates: {
+    [key: string]: { supportsAudio: boolean; cameraName: string };
+  };
+  streamMetadata: { [key: string]: LiveStreamMetadata };
 };
 export default function DraggableGridLayout({
  cameras,
@ -79,6 +89,12 @@ export default function DraggableGridLayout({
  setIsEditMode,
  fullscreen,
  toggleFullscreen,
+  preferredLiveModes,
+  setPreferredLiveModes,
+  resetPreferredLiveMode,
+  isRestreamedStates,
+  supportsAudioOutputStates,
+  streamMetadata,
 }: DraggableGridLayoutProps) {
  const { t } = useTranslation(["views/live"]);
  const { data: config } = useSWR<FrigateConfig>("config");
@ -86,8 +102,8 @@ export default function DraggableGridLayout({

  // preferred live modes per camera

-  const [globalAutoLive] = usePersistence("autoLiveView", true);
-  const [displayCameraNames] = usePersistence("displayCameraNames", false);
+  const [globalAutoLive] = useUserPersistence("autoLiveView", true);
+  const [displayCameraNames] = useUserPersistence("displayCameraNames", false);

  const { allGroupsStreamingSettings, setAllGroupsStreamingSettings } =
    useStreamingSettings();
@ -98,42 +114,18 @@ export default function DraggableGridLayout({
    }
  }, [allGroupsStreamingSettings, cameraGroup]);

-  const activeStreams = useMemo(() => {
-    const streams: { [cameraName: string]: string } = {};
-    cameras.forEach((camera) => {
-      const availableStreams = camera.live.streams || {};
-      const streamNameFromSettings =
-        currentGroupStreamingSettings?.[camera.name]?.streamName || "";
-      const streamExists =
-        streamNameFromSettings &&
-        Object.values(availableStreams).includes(streamNameFromSettings);
-
-      const streamName = streamExists
-        ? streamNameFromSettings
-        : Object.values(availableStreams)[0] || "";
-
-      streams[camera.name] = streamName;
-    });
-    return streams;
-  }, [cameras, currentGroupStreamingSettings]);
-
-  const {
-    preferredLiveModes,
-    setPreferredLiveModes,
-    resetPreferredLiveMode,
-    isRestreamedStates,
-    supportsAudioOutputStates,
-  } = useCameraLiveMode(cameras, windowVisible, activeStreams);
-
  // grid layout

  const ResponsiveGridLayout = useMemo(() => WidthProvider(Responsive), []);

-  const [gridLayout, setGridLayout, isGridLayoutLoaded] = usePersistence<
+  const [gridLayout, setGridLayout, isGridLayoutLoaded] = useUserPersistence<
    Layout[]
  >(`${cameraGroup}-draggable-layout`);

-  const [group] = usePersistedOverlayState("cameraGroup", "default" as string);
+  const [group] = useUserPersistedOverlayState(
+    "cameraGroup",
+    "default" as string,
+  );

  const groups = useMemo(() => {
    if (!config) {
@ -153,6 +145,11 @@ export default function DraggableGridLayout({
  useEffect(() => {
    setIsEditMode(false);
    setEditGroup(false);
+    // Reset camera tracking state when group changes to prevent the camera-change
+    // effect from incorrectly overwriting the loaded layout
+    setCurrentCameras(undefined);
+    setCurrentIncludeBirdseye(undefined);
+    setCurrentGridLayout(undefined);
  }, [cameraGroup, setIsEditMode]);

  // camera state
@ -176,104 +173,120 @@ export default function DraggableGridLayout({
    [setGridLayout, isGridLayoutLoaded, gridLayout, currentGridLayout],
  );

-  const generateLayout = useCallback(() => {
-    if (!isGridLayoutLoaded) {
-      return;
-    }
-
-    const cameraNames =
-      includeBirdseye && birdseyeConfig?.enabled
-        ? ["birdseye", ...cameras.map((camera) => camera?.name || "")]
-        : cameras.map((camera) => camera?.name || "");
-
-    const optionsMap: Layout[] = currentGridLayout
-      ? currentGridLayout.filter((layout) => cameraNames?.includes(layout.i))
-      : [];
-
-    cameraNames.forEach((cameraName, index) => {
-      const existingLayout = optionsMap.find(
-        (layout) => layout.i === cameraName,
-      );
-
-      // Skip if the camera already exists in the layout
-      if (existingLayout) {
+  const generateLayout = useCallback(
+    (baseLayout: Layout[] | undefined) => {
+      if (!isGridLayoutLoaded) {
        return;
      }

-      let aspectRatio;
-      let col;
+      const cameraNames =
+        includeBirdseye && birdseyeConfig?.enabled
+          ? ["birdseye", ...cameras.map((camera) => camera?.name || "")]
+          : cameras.map((camera) => camera?.name || "");

-      // Handle "birdseye" camera as a special case
-      if (cameraName === "birdseye") {
-        aspectRatio =
-          (birdseyeConfig?.width || 1) / (birdseyeConfig?.height || 1);
-        col = 0; // Set birdseye camera in the first column
-      } else {
-        const camera = cameras.find((cam) => cam.name === cameraName);
-        aspectRatio =
-          (camera && camera?.detect.width / camera?.detect.height) || 16 / 9;
-        col = index % 3; // Regular cameras distributed across columns
-      }
+      const optionsMap: Layout[] = baseLayout
+        ? baseLayout.filter((layout) => cameraNames?.includes(layout.i))
+        : [];

-      // Calculate layout options based on aspect ratio
-      const columnsPerPlayer = 4;
-      let height;
-      let width;
+      cameraNames.forEach((cameraName, index) => {
+        const existingLayout = optionsMap.find(
+          (layout) => layout.i === cameraName,
+        );

-      if (aspectRatio < 1) {
-        // Portrait
-        height = 2 * columnsPerPlayer;
-        width = columnsPerPlayer;
-      } else if (aspectRatio > 2) {
-        // Wide
-        height = 1 * columnsPerPlayer;
-        width = 2 * columnsPerPlayer;
-      } else {
-        // Landscape
-        height = 1 * columnsPerPlayer;
-        width = columnsPerPlayer;
-      }
+        // Skip if the camera already exists in the layout
+        if (existingLayout) {
+          return;
+        }

-      const options = {
-        i: cameraName,
-        x: col * width,
-        y: 0, // don't set y, grid does automatically
-        w: width,
-        h: height,
-      };
+        let aspectRatio;
+        let col;

-      optionsMap.push(options);
-    });
+        // Handle "birdseye" camera as a special case
+        if (cameraName === "birdseye") {
+          aspectRatio =
+            (birdseyeConfig?.width || 1) / (birdseyeConfig?.height || 1);
+          col = 0; // Set birdseye camera in the first column
+        } else {
+          const camera = cameras.find((cam) => cam.name === cameraName);
+          aspectRatio =
+            (camera && camera?.detect.width / camera?.detect.height) || 16 / 9;
+          col = index % 3; // Regular cameras distributed across columns
+        }

-    return optionsMap;
-  }, [
-    cameras,
-    isGridLayoutLoaded,
-    currentGridLayout,
-    includeBirdseye,
-    birdseyeConfig,
-  ]);
+        // Calculate layout options based on aspect ratio
+        const columnsPerPlayer = 4;
+        let height;
+        let width;
+
+        if (aspectRatio < 1) {
+          // Portrait
+          height = 2 * columnsPerPlayer;
+          width = columnsPerPlayer;
+        } else if (aspectRatio > 2) {
+          // Wide
+          height = 1 * columnsPerPlayer;
+          width = 2 * columnsPerPlayer;
+        } else {
+          // Landscape
+          height = 1 * columnsPerPlayer;
+          width = columnsPerPlayer;
+        }
+
+        const options = {
+          i: cameraName,
+          x: col * width,
+          y: 0, // don't set y, grid does automatically
+          w: width,
+          h: height,
+        };
+
+        optionsMap.push(options);
+      });
+
+      return optionsMap;
+    },
+    [cameras, isGridLayoutLoaded, includeBirdseye, birdseyeConfig],
+  );

  useEffect(() => {
    if (isGridLayoutLoaded) {
      if (gridLayout) {
-        // set current grid layout from loaded
-        setCurrentGridLayout(gridLayout);
+        // set current grid layout from loaded, possibly adding new cameras
+        const updatedLayout = generateLayout(gridLayout);
+        setCurrentGridLayout(updatedLayout);
+        // Only save if cameras were added (layout changed)
+        if (!isEqual(updatedLayout, gridLayout)) {
+          setGridLayout(updatedLayout);
+        }
+        // Set camera tracking state so the camera-change effect has a baseline
+        setCurrentCameras(cameras);
+        setCurrentIncludeBirdseye(includeBirdseye);
      } else {
        // idb is empty, set it with an initial layout
-        setGridLayout(generateLayout());
+        const newLayout = generateLayout(undefined);
+        setCurrentGridLayout(newLayout);
+        setGridLayout(newLayout);
+        setCurrentCameras(cameras);
+        setCurrentIncludeBirdseye(includeBirdseye);
      }
    }
  }, [
-    isEditMode,
    gridLayout,
-    currentGridLayout,
    setGridLayout,
    isGridLayoutLoaded,
    generateLayout,
+    cameras,
+    includeBirdseye,
  ]);

  useEffect(() => {
+    // Only regenerate layout when cameras change WITHIN an already-loaded group
+    // Skip if currentCameras is undefined (means we just switched groups and
+    // the first useEffect hasn't run yet to set things up)
+    if (!isGridLayoutLoaded || currentCameras === undefined) {
+      return;
+    }
+
    if (
      !isEqual(cameras, currentCameras) ||
      includeBirdseye !== currentIncludeBirdseye
@ -281,15 +294,17 @@ export default function DraggableGridLayout({
      setCurrentCameras(cameras);
      setCurrentIncludeBirdseye(includeBirdseye);

-      // set new grid layout in idb
-      setGridLayout(generateLayout());
+      // Regenerate layout based on current layout, adding any new cameras
+      const updatedLayout = generateLayout(currentGridLayout);
+      setCurrentGridLayout(updatedLayout);
+      setGridLayout(updatedLayout);
    }
  }, [
    cameras,
    includeBirdseye,
    currentCameras,
    currentIncludeBirdseye,
-    setCurrentGridLayout,
+    currentGridLayout,
    generateLayout,
    setGridLayout,
    isGridLayoutLoaded,
@ -624,6 +639,7 @@ export default function DraggableGridLayout({
                    resetPreferredLiveMode(camera.name)
                  }
                  config={config}
+                  streamMetadata={streamMetadata}
                >
                  <LivePlayer
                    key={camera.name}
@ -838,6 +854,7 @@ type GridLiveContextMenuProps = {
  unmuteAll: () => void;
  resetPreferredLiveMode: () => void;
  config?: FrigateConfig;
+  streamMetadata?: { [key: string]: LiveStreamMetadata };
 };

 const GridLiveContextMenu = React.forwardRef<
@ -868,6 +885,7 @@ const GridLiveContextMenu = React.forwardRef<
      unmuteAll,
      resetPreferredLiveMode,
      config,
+      streamMetadata,
      ...props
    },
    ref,
@ -899,6 +917,7 @@ const GridLiveContextMenu = React.forwardRef<
          unmuteAll={unmuteAll}
          resetPreferredLiveMode={resetPreferredLiveMode}
          config={config}
+          streamMetadata={streamMetadata}
        >
          {children}
        </LiveContextMenu>
--- a/web/src/views/live/LiveCameraView.tsx
+++ b/web/src/views/live/LiveCameraView.tsx
@ -101,7 +101,7 @@ import {
  SelectTrigger,
  SelectValue,
 } from "@/components/ui/select";
-import { usePersistence } from "@/hooks/use-persistence";
+import { useUserPersistence } from "@/hooks/use-user-persistence";
 import { Label } from "@/components/ui/label";
 import { Switch } from "@/components/ui/switch";
 import axios from "axios";
@ -146,7 +146,7 @@ export default function LiveCameraView({

  // supported features

-  const [streamName, setStreamName] = usePersistence<string>(
+  const [streamName, setStreamName] = useUserPersistence<string>(
    `${camera.name}-stream`,
    Object.values(camera.live.streams)[0],
  );
@ -279,7 +279,7 @@ export default function LiveCameraView({
  const [pip, setPip] = useState(false);
  const [lowBandwidth, setLowBandwidth] = useState(false);

-  const [playInBackground, setPlayInBackground] = usePersistence<boolean>(
+  const [playInBackground, setPlayInBackground] = useUserPersistence<boolean>(
    `${camera.name}-background-play`,
    false,
  );
--- a/web/src/views/live/LiveDashboardView.tsx
+++ b/web/src/views/live/LiveDashboardView.tsx
@ -13,7 +13,7 @@ import {
  TooltipProvider,
  TooltipTrigger,
 } from "@/components/ui/tooltip";
-import { usePersistence } from "@/hooks/use-persistence";
+import { useUserPersistence } from "@/hooks/use-user-persistence";
 import {
  AllGroupsStreamingSettings,
  CameraConfig,
@ -54,7 +54,7 @@ import { useTranslation } from "react-i18next";
 import { EmptyCard } from "@/components/card/EmptyCard";
 import { BsFillCameraVideoOffFill } from "react-icons/bs";
 import { AuthContext } from "@/context/auth-context";
-import { useIsCustomRole } from "@/hooks/use-is-custom-role";
+import { useIsAdmin } from "@/hooks/use-is-admin";

 type LiveDashboardViewProps = {
  cameras: CameraConfig[];
@ -78,7 +78,7 @@ export default function LiveDashboardView({

  // layout

-  const [mobileLayout, setMobileLayout] = usePersistence<"grid" | "list">(
+  const [mobileLayout, setMobileLayout] = useUserPersistence<"grid" | "list">(
    "live-layout",
    isDesktop ? "grid" : "list",
  );
@ -211,8 +211,8 @@ export default function LiveDashboardView({
    };
  }, []);

-  const [globalAutoLive] = usePersistence("autoLiveView", true);
-  const [displayCameraNames] = usePersistence("displayCameraNames", false);
+  const [globalAutoLive] = useUserPersistence("autoLiveView", true);
+  const [displayCameraNames] = useUserPersistence("displayCameraNames", false);

  const { allGroupsStreamingSettings, setAllGroupsStreamingSettings } =
    useStreamingSettings();
@ -265,6 +265,7 @@ export default function LiveDashboardView({
    resetPreferredLiveMode,
    isRestreamedStates,
    supportsAudioOutputStates,
+    streamMetadata,
  } = useCameraLiveMode(cameras, windowVisible, activeStreams);

  const birdseyeConfig = useMemo(() => config?.birdseye, [config]);
@ -650,6 +651,12 @@ export default function LiveDashboardView({
              setIsEditMode={setIsEditMode}
              fullscreen={fullscreen}
              toggleFullscreen={toggleFullscreen}
+              preferredLiveModes={preferredLiveModes}
+              setPreferredLiveModes={setPreferredLiveModes}
+              resetPreferredLiveMode={resetPreferredLiveMode}
+              isRestreamedStates={isRestreamedStates}
+              supportsAudioOutputStates={supportsAudioOutputStates}
+              streamMetadata={streamMetadata}
            />
          )}
        </>
@ -661,10 +668,10 @@ export default function LiveDashboardView({
 function NoCameraView() {
  const { t } = useTranslation(["views/live"]);
  const { auth } = useContext(AuthContext);
-  const isCustomRole = useIsCustomRole();
+  const isAdmin = useIsAdmin();

  // Check if this is a restricted user with no cameras in this group
-  const isRestricted = isCustomRole && auth.isAuthenticated;
+  const isRestricted = !isAdmin && auth.isAuthenticated;

  return (
    <div className="flex size-full items-center justify-center">
--- a/web/src/views/settings/AuthenticationView.tsx
+++ b/web/src/views/settings/AuthenticationView.tsx
@ -478,33 +478,32 @@ export default function AuthenticationView({
                      <TableCell className="text-right">
                        <TooltipProvider>
                          <div className="flex items-center justify-end gap-2">
-                            {user.username !== "admin" &&
-                              user.username !== "viewer" && (
-                                <Tooltip>
-                                  <TooltipTrigger asChild>
-                                    <Button
-                                      size="sm"
-                                      variant="outline"
-                                      className="h-8 px-2"
-                                      onClick={() => {
-                                        setSelectedUser(user.username);
-                                        setSelectedUserRole(
-                                          user.role || "viewer",
-                                        );
-                                        setShowRoleChange(true);
-                                      }}
-                                    >
-                                      <LuUserCog className="size-3.5" />
-                                      <span className="ml-1.5 hidden sm:inline-block">
-                                        {t("role.title", { ns: "common" })}
-                                      </span>
-                                    </Button>
-                                  </TooltipTrigger>
-                                  <TooltipContent>
-                                    <p>{t("users.table.changeRole")}</p>
-                                  </TooltipContent>
-                                </Tooltip>
-                              )}
+                            {user.username !== "admin" && (
+                              <Tooltip>
+                                <TooltipTrigger asChild>
+                                  <Button
+                                    size="sm"
+                                    variant="outline"
+                                    className="h-8 px-2"
+                                    onClick={() => {
+                                      setSelectedUser(user.username);
+                                      setSelectedUserRole(
+                                        user.role || "viewer",
+                                      );
+                                      setShowRoleChange(true);
+                                    }}
+                                  >
+                                    <LuUserCog className="size-3.5" />
+                                    <span className="ml-1.5 hidden sm:inline-block">
+                                      {t("role.title", { ns: "common" })}
+                                    </span>
+                                  </Button>
+                                </TooltipTrigger>
+                                <TooltipContent>
+                                  <p>{t("users.table.changeRole")}</p>
+                                </TooltipContent>
+                              </Tooltip>
+                            )}

                            <Tooltip>
                              <TooltipTrigger asChild>
--- a/web/src/views/settings/MasksAndZonesView.tsx
+++ b/web/src/views/settings/MasksAndZonesView.tsx
@ -35,6 +35,7 @@ import { useTranslation } from "react-i18next";

 import { useDocDomain } from "@/hooks/use-doc-domain";
 import { getTranslatedLabel } from "@/utils/i18n";
+import { cn } from "@/lib/utils";

 type MasksAndZoneViewProps = {
  selectedCamera: string;
@ -697,7 +698,10 @@ export default function MasksAndZonesView({
          </div>
          <div
            ref={containerRef}
-            className="flex max-h-[50%] md:mr-3 md:h-dvh md:max-h-full md:w-7/12 md:grow"
+            className={cn(
+              "flex max-h-[50%] md:h-dvh md:max-h-full md:w-7/12 md:grow",
+              isDesktop && "md:mr-3",
+            )}
          >
            <div className="mx-auto flex size-full flex-row justify-center">
              {cameraConfig &&
--- a/web/src/views/settings/MotionTunerView.tsx
+++ b/web/src/views/settings/MotionTunerView.tsx
@ -23,6 +23,8 @@ import { LuExternalLink } from "react-icons/lu";
 import { StatusBarMessagesContext } from "@/context/statusbar-provider";
 import { Trans, useTranslation } from "react-i18next";
 import { useDocDomain } from "@/hooks/use-doc-domain";
+import { cn } from "@/lib/utils";
+import { isDesktop } from "react-device-detect";

 type MotionTunerViewProps = {
  selectedCamera: string;
@ -325,7 +327,12 @@ export default function MotionTunerView({
      </div>

      {cameraConfig ? (
-        <div className="flex max-h-[70%] md:mr-3 md:h-dvh md:max-h-full md:w-7/12 md:grow">
+        <div
+          className={cn(
+            "flex max-h-[70%] md:h-dvh md:max-h-full md:w-7/12 md:grow",
+            isDesktop && "md:mr-3",
+          )}
+        >
          <div className="size-full min-h-10">
            <AutoUpdatingCameraImage
              camera={cameraConfig.name}
--- a/web/src/views/settings/ObjectSettingsView.tsx
+++ b/web/src/views/settings/ObjectSettingsView.tsx
@ -7,7 +7,7 @@ import { Label } from "@/components/ui/label";
 import useSWR from "swr";
 import Heading from "@/components/ui/heading";
 import { Switch } from "@/components/ui/switch";
-import { usePersistence } from "@/hooks/use-persistence";
+import { useUserPersistence } from "@/hooks/use-user-persistence";
 import { Skeleton } from "@/components/ui/skeleton";
 import { useCameraActivity } from "@/hooks/use-camera-activity";
 import { Tabs, TabsContent, TabsList, TabsTrigger } from "@/components/ui/tabs";
@ -104,7 +104,7 @@ export default function ObjectSettingsView({
    },
  ];

-  const [options, setOptions, optionsLoaded] = usePersistence<Options>(
+  const [options, setOptions, optionsLoaded] = useUserPersistence<Options>(
    `${selectedCamera}-feed`,
    emptyObject,
  );
--- a/web/src/views/settings/TriggerView.tsx
+++ b/web/src/views/settings/TriggerView.tsx
@ -43,6 +43,7 @@ import { useTriggers } from "@/api/ws";
 import { useCameraFriendlyName } from "@/hooks/use-camera-friendly-name";
 import { CiCircleAlert } from "react-icons/ci";
 import { useDocDomain } from "@/hooks/use-doc-domain";
+import { isDesktop } from "react-device-detect";

 type ConfigSetBody = {
  requires_restart: number;
@ -440,7 +441,12 @@ export default function TriggerView({
  return (
    <div className="flex size-full flex-col md:flex-row">
      <Toaster position="top-center" closeButton={true} />
-      <div className="scrollbar-container order-last mb-2 mt-2 flex h-full w-full flex-col overflow-y-auto pb-2 md:order-none md:mr-3 md:mt-0">
+      <div
+        className={cn(
+          "scrollbar-container order-last mb-2 mt-2 flex h-full w-full flex-col overflow-y-auto pb-2",
+          isDesktop && "order-none mr-3 mt-0",
+        )}
+      >
        {!isSemanticSearchEnabled ? (
          <div className="mb-5 flex flex-row items-center justify-between gap-2">
            <div className="flex flex-col items-start">
@ -651,7 +657,7 @@ export default function TriggerView({
              </div>

              {/* Desktop Table View */}
-              <div className="scrollbar-container hidden flex-1 overflow-hidden rounded-lg border border-border bg-background_alt md:mr-3 md:block">
+              <div className="scrollbar-container hidden flex-1 overflow-hidden rounded-lg border border-border bg-background_alt md:block">
                <div className="h-full overflow-auto">
                  <Table>
                    <TableHeader className="sticky top-0 bg-muted/50">
--- a/web/src/views/settings/UiSettingsView.tsx
+++ b/web/src/views/settings/UiSettingsView.tsx
@ -1,15 +1,17 @@
 import Heading from "@/components/ui/heading";
 import { Label } from "@/components/ui/label";
 import { Switch } from "@/components/ui/switch";
-import { useCallback, useEffect } from "react";
+import { useCallback, useContext, useEffect } from "react";
 import { Toaster } from "sonner";
 import { toast } from "sonner";
 import { Separator } from "../../components/ui/separator";
 import { Button } from "../../components/ui/button";
 import useSWR from "swr";
 import { FrigateConfig } from "@/types/frigateConfig";
-import { del as delData } from "idb-keyval";
-import { usePersistence } from "@/hooks/use-persistence";
+import {
+  useUserPersistence,
+  deleteUserNamespacedKey,
+} from "@/hooks/use-user-persistence";
 import { isSafari } from "react-device-detect";
 import {
  Select,
@ -19,6 +21,7 @@ import {
  SelectTrigger,
 } from "../../components/ui/select";
 import { useTranslation } from "react-i18next";
+import { AuthContext } from "@/context/auth-context";

 const PLAYBACK_RATE_DEFAULT = isSafari ? [0.5, 1, 2] : [0.5, 1, 2, 4, 8, 16];
 const WEEK_STARTS_ON = ["Sunday", "Monday"];
@ -26,13 +29,16 @@ const WEEK_STARTS_ON = ["Sunday", "Monday"];
 export default function UiSettingsView() {
  const { data: config } = useSWR<FrigateConfig>("config");
  const { t } = useTranslation("views/settings");
+  const { auth } = useContext(AuthContext);
+  const username = auth?.user?.username;
+
  const clearStoredLayouts = useCallback(() => {
    if (!config) {
      return [];
    }

    Object.entries(config.camera_groups).forEach(async (value) => {
-      await delData(`${value[0]}-draggable-layout`)
+      await deleteUserNamespacedKey(`${value[0]}-draggable-layout`, username)
        .then(() => {
          toast.success(
            t("general.toast.success.clearStoredLayout", {
@ -56,14 +62,14 @@ export default function UiSettingsView() {
          );
        });
    });
-  }, [config, t]);
+  }, [config, t, username]);

  const clearStreamingSettings = useCallback(async () => {
    if (!config) {
      return [];
    }

-    await delData(`streaming-settings`)
+    await deleteUserNamespacedKey(`streaming-settings`, username)
      .then(() => {
        toast.success(t("general.toast.success.clearStreamingSettings"), {
          position: "top-center",
@ -83,7 +89,7 @@ export default function UiSettingsView() {
          },
        );
      });
-  }, [config, t]);
+  }, [config, t, username]);

  useEffect(() => {
    document.title = t("documentTitle.general");
@ -91,15 +97,15 @@ export default function UiSettingsView() {

  // settings

-  const [autoLive, setAutoLive] = usePersistence("autoLiveView", true);
-  const [cameraNames, setCameraName] = usePersistence(
+  const [autoLive, setAutoLive] = useUserPersistence("autoLiveView", true);
+  const [cameraNames, setCameraName] = useUserPersistence(
    "displayCameraNames",
    false,
  );
-  const [playbackRate, setPlaybackRate] = usePersistence("playbackRate", 1);
-  const [weekStartsOn, setWeekStartsOn] = usePersistence("weekStartsOn", 0);
-  const [alertVideos, setAlertVideos] = usePersistence("alertVideos", true);
-  const [fallbackTimeout, setFallbackTimeout] = usePersistence(
+  const [playbackRate, setPlaybackRate] = useUserPersistence("playbackRate", 1);
+  const [weekStartsOn, setWeekStartsOn] = useUserPersistence("weekStartsOn", 0);
+  const [alertVideos, setAlertVideos] = useUserPersistence("alertVideos", true);
+  const [fallbackTimeout, setFallbackTimeout] = useUserPersistence(
    "liveFallbackTimeout",
    3,
  );
Author	SHA1	Message	Date
dependabot[bot]	1ae28a9ea3	Merge `8a677760e5` into `9d4aac2b8e`	2025-12-02 14:16:12 +01:00
GuoQing Liu	9d4aac2b8e	Revise the README_CN (#21048 ) Some checks are pending CI / AMD64 Build (push) Waiting to run Details CI / ARM Build (push) Waiting to run Details CI / Jetson Jetpack 6 (push) Waiting to run Details CI / AMD64 Extra Build (push) Blocked by required conditions Details CI / ARM Extra Build (push) Blocked by required conditions Details CI / Synaptics Build (push) Blocked by required conditions Details CI / Assemble and push default build (push) Blocked by required conditions Details * docs: update chinese readme * style: Improve the styling of the Chinese document jump tips bar in dark mode * docs: add license translation	2025-12-01 10:52:30 -07:00
Nicolas Mowen	aa09132dfd	Update ROCm to 7.1.1 (#21113 ) Some checks are pending CI / AMD64 Build (push) Waiting to run Details CI / ARM Build (push) Waiting to run Details CI / Jetson Jetpack 6 (push) Waiting to run Details CI / AMD64 Extra Build (push) Blocked by required conditions Details CI / ARM Extra Build (push) Blocked by required conditions Details CI / Synaptics Build (push) Blocked by required conditions Details CI / Assemble and push default build (push) Blocked by required conditions Details * Update ROCm to 7.1.1 * testing for build * Fix * remove debug	2025-12-01 08:07:35 -07:00
Josh Hawkins	24766ce427	Use user-namespaced keys for idb persistence (#21110 ) * add new hooks * use new hooks for user based keys * fix layout race condition	2025-12-01 07:59:54 -06:00
Nicolas Mowen	97b29d177a	Miscellaneous Fixes (#21072 ) Some checks failed CI / AMD64 Build (push) Has been cancelled Details CI / ARM Build (push) Has been cancelled Details CI / Jetson Jetpack 6 (push) Has been cancelled Details CI / AMD64 Extra Build (push) Has been cancelled Details CI / ARM Extra Build (push) Has been cancelled Details CI / Synaptics Build (push) Has been cancelled Details CI / Assemble and push default build (push) Has been cancelled Details * Implement renaming in model editing dialog * add transcription faq * remove incorrect constraint for viewer as username should be able to change anyone's role other than admin * Don't save redundant state changes * prevent crash when a camera doesn't support onvif imaging service required for focus support * Fine tune behavior * Stop redundant go2rtc stream metadata requests and defer audio information to allow bandwidth for image requests * Improve cleanup logic for capture process --------- Co-authored-by: Josh Hawkins <32435876+hawkeye217@users.noreply.github.com>	2025-11-30 06:54:42 -06:00
Ryan Hass	1a75251ffb	Add yolov9 inference speeds for UHD 730 GPU. (#21090 ) Some checks are pending CI / AMD64 Extra Build (push) Blocked by required conditions Details CI / AMD64 Build (push) Waiting to run Details CI / ARM Build (push) Waiting to run Details CI / Jetson Jetpack 6 (push) Waiting to run Details CI / ARM Extra Build (push) Blocked by required conditions Details CI / Synaptics Build (push) Blocked by required conditions Details CI / Assemble and push default build (push) Blocked by required conditions Details This adds the inference speeds measured on an i5-11400T with a UHD 730 GPU running at nominal temperatures.	2025-11-29 07:32:16 -06:00
Josh Hawkins	048475e750	API admin exemptions and route guard updates (#21094 ) * update exempt paths and add missing guard to api endpoints * admin only frigate+ submission	2025-11-29 07:30:04 -06:00
Nicolas Mowen	1b57fb15a7	Miscellaneous Fixes (#21063 ) Some checks failed CI / AMD64 Build (push) Has been cancelled Details CI / ARM Build (push) Has been cancelled Details CI / Jetson Jetpack 6 (push) Has been cancelled Details CI / AMD64 Extra Build (push) Has been cancelled Details CI / ARM Extra Build (push) Has been cancelled Details CI / Synaptics Build (push) Has been cancelled Details CI / Assemble and push default build (push) Has been cancelled Details * Fix history management failing when updating URL * Handle case where user doesn't have images that represent all states If a user selects all imags and can't proceed we show a warning that they can still proceed but the model won't be trained until they get at least one image for every state. * Still create all classes We stil need to create all classes even if the user didn't assign images to them. * fix camera group access for non admin users changes from previous PR wrongly included users from the standard viewer role (but excluded custom viewer roles) * Adjust threat level interaction to be less strict * use base path when fetching go2rtc data * show config error message when starting in safe mode * fix genai migration * fix genai * Fix genai migration --------- Co-authored-by: Josh Hawkins <32435876+hawkeye217@users.noreply.github.com>	2025-11-27 07:58:35 -06:00
Josh Hawkins	cd606ad240	Enforce default admin role requirement for API endpoints (#21065 ) Some checks are pending CI / AMD64 Extra Build (push) Blocked by required conditions Details CI / ARM Extra Build (push) Blocked by required conditions Details CI / AMD64 Build (push) Waiting to run Details CI / ARM Build (push) Waiting to run Details CI / Jetson Jetpack 6 (push) Waiting to run Details CI / Synaptics Build (push) Blocked by required conditions Details CI / Assemble and push default build (push) Blocked by required conditions Details * require admin role by default * update all endpoint access guards * explicit paths and prefixes exception lists * fix tests to use mock auth * add helper and simplify auth conditions * add missing exempt path * fix test * make metrics endpoint require auth	2025-11-26 15:07:28 -06:00
Nicolas Mowen	de2144f158	Miscellaneous Fixes (#21050 ) Some checks are pending CI / AMD64 Build (push) Waiting to run Details CI / ARM Build (push) Waiting to run Details CI / Jetson Jetpack 6 (push) Waiting to run Details CI / AMD64 Extra Build (push) Blocked by required conditions Details CI / ARM Extra Build (push) Blocked by required conditions Details CI / Synaptics Build (push) Blocked by required conditions Details CI / Assemble and push default build (push) Blocked by required conditions Details * Don't add to history when opening search dialog * Update caniuse * Revamp the history handling for dialog components * clarify audio transcription docs * Use titlecase helper * Allow running object clasasification on stationary objects * small spacing tweaks for tablets * require admin role to delete users * explicitly prevent deletion of admin user --------- Co-authored-by: Josh Hawkins <32435876+hawkeye217@users.noreply.github.com>	2025-11-26 07:23:51 -06:00