client: allow direct login on chrome if flag is explicitly true

client: fixup alt address usage
postbeta
2026-02-03 22:23:27 +00:00 · 2023-09-19 19:03:16 -07:00 · 2023-09-19 18:57:15 -07:00 · 2023-09-19 18:56:45 -07:00 · 2023-09-19 16:46:09 -07:00 · 2023-09-19 16:25:08 -07:00
285 changed files with 23280 additions and 29710 deletions
--- a/.github/workflows/docker-HEAD.yml
+++ b/.github/workflows/docker-HEAD.yml
@@ -1,50 +0,0 @@
-name: Publish Scrypted (git HEAD)
-
-on:
-  workflow_dispatch:
-  release:
-    types: [published]
-
-jobs:
-  build:
-    name: Push Docker image to Docker Hub
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        node: ["16-bullseye"]
-    steps:
-      - name: Check out the repo
-        uses: actions/checkout@v2
-      
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-        
-      - name: Login to Docker Hub
-        uses: docker/login-action@v1
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-
-      - name: Login to Github Container Registry
-        uses: docker/login-action@v1
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build and push Docker image (scrypted)
-        uses: docker/build-push-action@v2
-        with:
-          build-args: BASE=${{ matrix.node }}
-          context: .
-          file: docker/Dockerfile.HEAD
-          platforms: linux/amd64,linux/arm64,linux/armhf
-          push: true
-          tags: |
-            koush/scrypted:HEAD
-            ghcr.io/koush/scrypted:HEAD
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
--- a/.github/workflows/docker-common.yml
+++ b/.github/workflows/docker-common.yml
@@ -2,56 +2,70 @@ name: Publish Scrypted Common

 on:
  workflow_dispatch:
-  release:
-    types: [published]
-  schedule:
-    # publish the common base once a month.
-    - cron:  '30 8 2 * *'

 jobs:
  build:
    name: Push Docker image to Docker Hub
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
+#     runs-on: ubuntu-latest
    strategy:
      matrix:
-        NODE_VERSION: ["18"]
-        BASE: ["bullseye", "bookworm"]
+        NODE_VERSION: ["18", "20"]
+        BASE: ["jammy"]
        FLAVOR: ["full", "lite", "thin"]
    steps:
      - name: Check out the repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      
      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up SSH
+        uses: MrSquaare/ssh-setup-action@v2
+        with:
+          host: ${{ secrets.DOCKER_SSH_HOST_ARM64 }}
+          private-key: ${{ secrets.DOCKER_SSH_PRIVATE_KEY }}
+
+      - name: Set up SSH
+        uses: MrSquaare/ssh-setup-action@v2
+        with:
+          host: ${{ secrets.DOCKER_SSH_HOST_ARM7 }}
+          private-key: ${{ secrets.DOCKER_SSH_PRIVATE_KEY }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-        
+        uses: docker/setup-buildx-action@v2
+        with:
+          platforms: linux/arm64,linux/armhf
+          append: |
+            - endpoint: ssh://${{ secrets.DOCKER_SSH_USER }}@${{ secrets.DOCKER_SSH_HOST_ARM64 }}
+              platforms: linux/arm64
+            - endpoint: ssh://${{ secrets.DOCKER_SSH_USER }}@${{ secrets.DOCKER_SSH_HOST_ARM7 }}
+              platforms: linux/armhf
+
      - name: Login to Docker Hub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Login to Github Container Registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and push Docker image (scrypted-common)
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v4
        with:
          build-args: |
            NODE_VERSION=${{ matrix.NODE_VERSION }}
            BASE=${{ matrix.BASE }}
          context: install/docker/
          file: install/docker/Dockerfile.${{ matrix.FLAVOR }}
-          platforms: linux/amd64,linux/arm64,linux/armhf
+          platforms: linux/amd64,linux/armhf,linux/arm64
          push: true
          tags: |
            koush/scrypted-common:${{ matrix.NODE_VERSION }}-${{ matrix.BASE }}-${{ matrix.FLAVOR }}
-#            ${{ matrix.NODE_VERSION == '16-bullseye' && 'koush/scrypted-common:latest' || '' }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -15,10 +15,11 @@ on:
 jobs:
  build:
    name: Push Docker image to Docker Hub
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
+#     runs-on: ubuntu-latest
    strategy:
      matrix:
-        BASE: ["18-bullseye-full", "18-bullseye-lite", "18-bullseye-thin"]
+        BASE: ["18-jammy-full", "18-jammy-lite", "18-jammy-thin", "20-jammy-full", "20-jammy-lite", "20-jammy-thin"]
        SUPERVISOR: ["", ".s6"]
    steps:
      - name: Check out the repo
@@ -38,8 +39,27 @@ jobs:
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2

+      - name: Set up SSH
+        uses: MrSquaare/ssh-setup-action@v2
+        with:
+          host: ${{ secrets.DOCKER_SSH_HOST_ARM64 }}
+          private-key: ${{ secrets.DOCKER_SSH_PRIVATE_KEY }}
+
+      - name: Set up SSH
+        uses: MrSquaare/ssh-setup-action@v2
+        with:
+          host: ${{ secrets.DOCKER_SSH_HOST_ARM7 }}
+          private-key: ${{ secrets.DOCKER_SSH_PRIVATE_KEY }}
+
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
+        with:
+          platforms: linux/arm64,linux/armhf
+          append: |
+            - endpoint: ssh://${{ secrets.DOCKER_SSH_USER }}@${{ secrets.DOCKER_SSH_HOST_ARM64 }}
+              platforms: linux/arm64
+            - endpoint: ssh://${{ secrets.DOCKER_SSH_USER }}@${{ secrets.DOCKER_SSH_HOST_ARM7 }}
+              platforms: linux/armhf

      - name: Login to Docker Hub
        uses: docker/login-action@v2
@@ -55,7 +75,7 @@ jobs:
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and push Docker image
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v4
        with:
          build-args: |
            BASE=${{ matrix.BASE }}
@@ -66,19 +86,19 @@ jobs:
          push: true
          tags: |
            ${{ format('koush/scrypted:{0}{1}-v{2}', matrix.BASE, matrix.SUPERVISOR, github.event.inputs.publish_tag || steps.package-version.outputs.NPM_VERSION) }}
-            ${{ matrix.BASE == '18-bullseye-full' && matrix.SUPERVISOR == '.s6' && format('koush/scrypted:{0}', github.event.inputs.tag) || '' }}
-            ${{ github.event.inputs.tag == 'latest' && matrix.BASE == '18-bullseye-full' && matrix.SUPERVISOR == '' && 'koush/scrypted:full' || '' }}
-            ${{ github.event.inputs.tag == 'latest' && matrix.BASE == '18-bullseye-lite' && matrix.SUPERVISOR == '' && 'koush/scrypted:lite' || '' }}
-            ${{ github.event.inputs.tag == 'latest' && matrix.BASE == '18-bullseye-thin' && matrix.SUPERVISOR == '' && 'koush/scrypted:thin' || '' }}
-            ${{ github.event.inputs.tag == 'latest' && matrix.BASE == '18-bullseye-lite' && matrix.SUPERVISOR == '.s6' && 'koush/scrypted:lite-s6' || '' }}
-            ${{ github.event.inputs.tag == 'latest' && matrix.BASE == '18-bullseye-thin' && matrix.SUPERVISOR == '.s6' && 'koush/scrypted:thin-s6' || '' }}
+            ${{ matrix.BASE == '18-jammy-full' && matrix.SUPERVISOR == '.s6' && format('koush/scrypted:{0}', github.event.inputs.tag) || '' }}
+            ${{ github.event.inputs.tag == 'latest' && matrix.BASE == '18-jammy-full' && matrix.SUPERVISOR == '' && 'koush/scrypted:full' || '' }}
+            ${{ github.event.inputs.tag == 'latest' && matrix.BASE == '18-jammy-lite' && matrix.SUPERVISOR == '' && 'koush/scrypted:lite' || '' }}
+            ${{ github.event.inputs.tag == 'latest' && matrix.BASE == '18-jammy-thin' && matrix.SUPERVISOR == '' && 'koush/scrypted:thin' || '' }}
+            ${{ github.event.inputs.tag == 'latest' && matrix.BASE == '18-jammy-lite' && matrix.SUPERVISOR == '.s6' && 'koush/scrypted:lite-s6' || '' }}
+            ${{ github.event.inputs.tag == 'latest' && matrix.BASE == '18-jammy-thin' && matrix.SUPERVISOR == '.s6' && 'koush/scrypted:thin-s6' || '' }}

            ${{ format('ghcr.io/koush/scrypted:{0}{1}-v{2}', matrix.BASE, matrix.SUPERVISOR, github.event.inputs.publish_tag || steps.package-version.outputs.NPM_VERSION) }}
-            ${{ matrix.BASE == '18-bullseye-full' && matrix.SUPERVISOR == '.s6' && format('ghcr.io/koush/scrypted:{0}', github.event.inputs.tag) || '' }}
-            ${{ github.event.inputs.tag == 'latest' && matrix.BASE == '18-bullseye-full' && matrix.SUPERVISOR == '' && 'ghcr.io/koush/scrypted:full' || '' }}
-            ${{ github.event.inputs.tag == 'latest' && matrix.BASE == '18-bullseye-lite' && matrix.SUPERVISOR == '' && 'ghcr.io/koush/scrypted:lite' || '' }}
-            ${{ github.event.inputs.tag == 'latest' && matrix.BASE == '18-bullseye-thin' && matrix.SUPERVISOR == '' && 'ghcr.io/koush/scrypted:thin' || '' }}
-            ${{ github.event.inputs.tag == 'latest' && matrix.BASE == '18-bullseye-lite' && matrix.SUPERVISOR == '.s6' && 'ghcr.io/koush/scrypted:lite-s6' || '' }}
-            ${{ github.event.inputs.tag == 'latest' && matrix.BASE == '18-bullseye-thin' && matrix.SUPERVISOR == '.s6' && 'ghcr.io/koush/scrypted:thin-s6' || '' }}
+            ${{ matrix.BASE == '18-jammy-full' && matrix.SUPERVISOR == '.s6' && format('ghcr.io/koush/scrypted:{0}', github.event.inputs.tag) || '' }}
+            ${{ github.event.inputs.tag == 'latest' && matrix.BASE == '18-jammy-full' && matrix.SUPERVISOR == '' && 'ghcr.io/koush/scrypted:full' || '' }}
+            ${{ github.event.inputs.tag == 'latest' && matrix.BASE == '18-jammy-lite' && matrix.SUPERVISOR == '' && 'ghcr.io/koush/scrypted:lite' || '' }}
+            ${{ github.event.inputs.tag == 'latest' && matrix.BASE == '18-jammy-thin' && matrix.SUPERVISOR == '' && 'ghcr.io/koush/scrypted:thin' || '' }}
+            ${{ github.event.inputs.tag == 'latest' && matrix.BASE == '18-jammy-lite' && matrix.SUPERVISOR == '.s6' && 'ghcr.io/koush/scrypted:lite-s6' || '' }}
+            ${{ github.event.inputs.tag == 'latest' && matrix.BASE == '18-jammy-thin' && matrix.SUPERVISOR == '.s6' && 'ghcr.io/koush/scrypted:thin-s6' || '' }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -3,9 +3,9 @@ name: Test
 on:
  push:
    branches: ["main"]
-    paths: ["docker/**", ".github/workflows/test.yml"]
+    paths: ["install/**", ".github/workflows/test.yml"]
  pull_request:
-    paths: ["docker/**", ".github/workflows/test.yml"]
+    paths: ["install/**", ".github/workflows/test.yml"]
  workflow_dispatch:
  
 jobs:
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,4 @@
 .DS_Store
 __pycache__
+venv
+.venv
--- a/.gitmodules
+++ b/.gitmodules
@@ -33,5 +33,5 @@
 	path = plugins/sample-cameraprovider
 	url = ../../koush/scrypted-sample-cameraprovider
 [submodule "plugins/cloud/node-nat-upnp"]
-	path = plugins/cloud/node-nat-upnp
+	path = plugins/cloud/external/node-nat-upnp
 	url = ../../koush/node-nat-upnp.git
--- a/README.md
+++ b/README.md
@@ -1,59 +1,20 @@
 # Scrypted

-Scrypted is a high performance home video integration and automation platform.
- * Video load instantly, everywhere: [Demo](https://www.reddit.com/r/homebridge/comments/r34k6b/if_youre_using_homebridge_for_cameras_ditch_it/)
- * [HomeKit Secure Video Support](https://github.com/koush/scrypted/wiki/HomeKit-Secure-Video-Setup)
- * Google Home support: "Ok Google, Stream Backyard"
- * Alexa Support: Streaming to Alexa app on iOS/Android and Echo Show.
+Scrypted is a high performance home video integration platform and NVR with smart detections. [Instant, low latency, streaming](https://streamable.com/xbxn7z) to HomeKit, Google Home, and Alexa. Supports most cameras. [Learn more](https://docs.scrypted.app).

-<img width="400" alt="Scrypted_Management_Console" src="https://user-images.githubusercontent.com/73924/185666320-ae972867-6c2c-488a-8413-fd8a215e9fee.png">
+<img src="https://github.com/koush/scrypted/assets/73924/57e1d556-cd3d-4448-81f9-a6c51b6513de">

-# Installation
+## Installation and Documentation

-Select the appropriate guide. After installation is finished, remember to visit [HomeKit Secure Video Setup](https://github.com/koush/scrypted/wiki/HomeKit-Secure-Video-Setup).
+Installation and camera onboarding instructions can be found in the [docs](https://docs.scrypted.app).

- * [Raspberry Pi](https://github.com/koush/scrypted/wiki/Installation:-Raspberry-Pi)
- * Linux
-   * [Docker Compose](https://github.com/koush/scrypted/wiki/Installation:-Docker-Compose-Linux) - This is the recommended method. Local installation may interfere with other server software.
-   * [Docker](https://github.com/koush/scrypted/wiki/Installation:-Docker-Linux) - Use Docker Compose. This is a reference documentation.
-   * [Local Installation](https://github.com/koush/scrypted/wiki/Installation:-Linux) - Use this if Docker scares you or whatever.
- * Mac
-   * [Local Installation](https://github.com/koush/scrypted/wiki/Installation:-Mac)
-<!--    * Docker Desktop is [not supported](https://github.com/koush/scrypted/wiki/Installation:-Docker-Desktop). -->
- * Windows
-   * [Local Installation](https://github.com/koush/scrypted/wiki/Installation:-Windows)
-   * [WSL2 Installation](https://github.com/koush/scrypted/wiki/Installation:-WSL2-Windows)
- * [Home Assistant OS](https://github.com/koush/scrypted/wiki/Installation:-Home-Assistant-OS)
-<!--    * Docker Desktop is [not supported](https://github.com/koush/scrypted/wiki/Installation:-Docker-Desktop). -->
- * [ReadyNAS: Docker](https://github.com/koush/scrypted/wiki/Installation:-Docker-ReadyNAS)
- * [Synology: Docker](https://github.com/koush/scrypted/wiki/Installation:-Docker-Synology-NAS)
- * [QNAP: Docker](https://github.com/koush/scrypted/wiki/Installation:-Docker-QNAP-NAS)
- * [Unraid: Docker](https://github.com/koush/scrypted/wiki/Installation:-Docker-Unraid)
- 
-## Discord
-
-Chat on Discord for support, tips, announcements, and bug reporting. There is an active and helpful community.
-
-[Join Scrypted Discord](https://discord.gg/DcFzmBHYGq)
-
-## Wiki
-
-There are many topics covered in the [Scrypted Wiki](https://github.com/koush/scrypted/wiki) sidebar. Review them for documented support, tips, and guides before asking for assistance on GitHub or Discord.
-
-## Supported Platforms
-
- * Google Home
- * Apple HomeKit
- * Amazon Alexa
-
-Supported accessories: 
- * Camera and Core Plugins: https://github.com/koush/scrypted/tree/main/plugins
- * Community Plugins: https://github.com/orgs/scryptedapp/repositories
+## Community

+Scrypted has active communities on [Discord](https://discord.gg/DcFzmBHYGq), [Reddit](https://reddit.com/r/scrypted), and [Github](https://github.com/koush/scrypted). Check them out if you have questions!

 ## Development

-## Debug Scrypted Plugins in VSCode
+## Debug Scrypted Plugins in VS Code

 ```sh
 # this is an example for homekit.
@@ -66,7 +27,7 @@ cd scrypted
 code plugins/homekit
 ```

-You can now launch (using the Start Debugging play button) the HomeKit Plugin in VSCode. Please be aware that you do *not* need to restart the Scrypted Server if you make changes to a plugin. Edit the plugin, launch, and the updated plugin will deploy on the running server.
+You can now launch (using the Start Debugging play button) the HomeKit Plugin in VS Code. Please be aware that you do *not* need to restart the Scrypted Server if you make changes to a plugin. Edit the plugin, launch, and the updated plugin will deploy on the running server.

 If you do not want to set up VS Code, you can also run build and install the plugin directly from the command line:

@@ -80,7 +41,7 @@ npm run build && npm run scrypted-deploy 127.0.0.1
 Want to write your own plugin? Full documentation is available here: https://developer.scrypted.app


-## Debug the Scrypted Server in VSCode
+## Debug the Scrypted Server in VS Code

 Debugging the server should not be necessary, as the server only provides the hosting and RPC mechanism for plugins. The following is for reference purpose. Most development can be done by debugging the relevant plugin.

@@ -94,4 +55,4 @@ cd scrypted
 code server
 ```

-You can now launch the Scrypted Server in VSCode.
+You can now launch the Scrypted Server in VS Code.
--- a/common/package-lock.json
+++ b/common/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "@scrypted/common",
-  "version": "1.0.1",
+  "version": "1.0.2",
  "lockfileVersion": 2,
  "requires": true,
  "packages": {
    "": {
      "name": "@scrypted/common",
-      "version": "1.0.1",
+      "version": "1.0.2",
      "license": "ISC",
      "dependencies": {
        "@scrypted/sdk": "file:../sdk",
--- a/common/package.json
+++ b/common/package.json
@@ -1,5 +1,6 @@
 {
  "name": "@scrypted/common",
+  "private": true,
  "version": "1.0.1",
  "description": "",
  "main": "index.js",
--- a/common/src/async-queue.ts
+++ b/common/src/async-queue.ts
@@ -0,0 +1,171 @@
+import { Deferred } from "./deferred";
+
+class EndError extends Error {
+}
+
+export function createAsyncQueue<T>() {
+    let ended: Error | undefined;
+    const waiting: Deferred<T>[] = [];
+    const queued: { item: T, dequeued?: Deferred<void> }[] = [];
+
+    const dequeue = async () => {
+        if (queued.length) {
+            const { item, dequeued: enqueue } = queued.shift()!;
+            enqueue?.resolve();
+            return item;
+        }
+
+        if (ended)
+            throw ended;
+
+        const deferred = new Deferred<T>();
+        waiting.push(deferred);
+        return deferred.promise;
+    }
+
+    const submit = (item: T, dequeued?: Deferred<void>, signal?: AbortSignal) => {
+        if (ended)
+            return false;
+
+        if (waiting.length) {
+            const deferred = waiting.shift();
+            dequeued?.resolve();
+            deferred.resolve(item);
+            return true;
+        }
+
+        const qi = {
+            item,
+            dequeued,
+        };
+        queued!.push(qi);
+
+        signal?.addEventListener('abort', () => {
+            const index = queued.indexOf(qi);
+            if (index === -1)
+                return;
+            queued.splice(index, 1);
+            dequeued?.reject(new Error('abort'));
+        });
+
+        return true;
+    }
+
+    function queue() {
+        return (async function* () {
+            while (true) {
+                try {
+                    const item = await dequeue();
+                    yield item;
+                }
+                catch (e) {
+                    if (e instanceof EndError)
+                        return;
+                    throw e;
+                }
+            }
+        })();
+    }
+
+    function clear(error?: Error) {
+        const ret: T[] = [];
+        const items = queued.splice(0, queued.length);
+        for (const item of items) {
+            if (error)
+                item.dequeued?.reject(error)
+            else
+                item.dequeued?.resolve(undefined);
+            ret.push(item.item);
+        }
+
+        return ret;
+    }
+
+    return {
+        clear() {
+            return clear();
+        },
+        queued,
+        async pipe(callback: (i: T) => void) {
+            for await (const i of queue()) {
+                callback(i as any);
+            }
+        },
+        submit(item: T, signal?: AbortSignal) {
+            return submit(item, undefined, signal);
+        },
+        end(e?: Error) {
+            if (ended)
+                return false;
+            // catch to prevent unhandled rejection.
+            ended = e || new EndError()
+            clear(e);
+            return true;
+        },
+        async enqueue(item: T, signal?: AbortSignal) {
+            const dequeued = new Deferred<void>();
+            if (!submit(item, dequeued, signal))
+                return false;
+            await dequeued.promise;
+            return true;
+        },
+        dequeue,
+        get queue() {
+            return queue();
+        }
+    }
+}
+
+// async function testSlowEnqueue() {
+//     const asyncQueue = createAsyncQueue<number>();
+
+//     asyncQueue.submit(-1);
+//     asyncQueue.submit(-1);
+//     asyncQueue.submit(-1);
+//     asyncQueue.submit(-1);
+
+//     (async () => {
+//         console.log('go');
+//         for (let i = 0; i < 10; i++) {
+//             asyncQueue.submit(i);
+//             await sleep(100);
+//         }
+//         asyncQueue.end(new Error('fail'));
+//     })();
+
+
+//     const runQueue = async (str?: string) => {
+//         for await (const n of asyncQueue.queue) {
+//             console.log(str, n);
+//         }
+//     }
+
+//     runQueue('start');
+
+//     setTimeout(runQueue, 400);
+// }
+
+
+
+// async function testSlowDequeue() {
+//     const asyncQueue = createAsyncQueue<number>();
+
+//     const runQueue = async (str?: string) => {
+//         for await (const n of asyncQueue.queue) {
+//             await sleep(100);
+//         }
+//     }
+
+//     runQueue()
+//     .catch(e => console.error('queue threw', e));
+
+//     console.log('go');
+//     for (let i = 0; i < 10; i++) {
+//         console.log(await asyncQueue.enqueue(i));
+//         console.log(i);
+//     }
+//     asyncQueue.end(new Error('fail'));
+//     console.log(await asyncQueue.enqueue(555));
+// }
+
+// testSlowDequeue();
--- a/common/src/autoenable-mixin-provider.ts
+++ b/common/src/autoenable-mixin-provider.ts
@@ -3,14 +3,13 @@ import sdk from "@scrypted/sdk";

 const { systemManager } = sdk;

-const autoIncludeToken = 'v4';

 export abstract class AutoenableMixinProvider extends ScryptedDeviceBase {
    hasEnabledMixin: { [id: string]: string } = {};
    pluginsComponent: Promise<any>;
    unshiftMixin = false;

-    constructor(nativeId?: string) {
+    constructor(nativeId?: string, public autoIncludeToken = 'v4') {
        super(nativeId);

        try {
@@ -30,10 +29,12 @@ export abstract class AutoenableMixinProvider extends ScryptedDeviceBase {
            this.maybeEnableMixin(eventSource);
        });

-        for (const id of Object.keys(systemManager.getSystemState())) {
-            const device = systemManager.getDeviceById(id);
-            this.maybeEnableMixin(device);
-        }
+        process.nextTick(() => {
+            for (const id of Object.keys(systemManager.getSystemState())) {
+                const device = systemManager.getDeviceById(id);
+                this.maybeEnableMixin(device);
+            }
+        });
    }

    async shouldEnableMixin(device: ScryptedDevice) {
@@ -44,7 +45,7 @@ export abstract class AutoenableMixinProvider extends ScryptedDeviceBase {
        if (!device || device.mixins?.includes(this.id))
            return;

-        if (this.hasEnabledMixin[device.id] === autoIncludeToken)
+        if (this.hasEnabledMixin[device.id] === this.autoIncludeToken)
            return;

        const match = await this.canMixin(device.type, device.interfaces);
@@ -66,9 +67,9 @@ export abstract class AutoenableMixinProvider extends ScryptedDeviceBase {
    }

    setHasEnabledMixin(id: string) {
-        if (this.hasEnabledMixin[id] === autoIncludeToken)
+        if (this.hasEnabledMixin[id] === this.autoIncludeToken)
            return;
-        this.hasEnabledMixin[id] = autoIncludeToken;
+        this.hasEnabledMixin[id] = this.autoIncludeToken;
        this.storage.setItem('hasEnabledMixin', JSON.stringify(this.hasEnabledMixin));
    }

--- a/common/src/ffmpeg-rebroadcast.ts
+++ b/common/src/ffmpeg-rebroadcast.ts
@@ -4,6 +4,7 @@ import { EventEmitter } from 'events';
 import { Server } from 'net';
 import { Duplex } from 'stream';
 import { cloneDeep } from './clone-deep';
+import { Deferred } from "./deferred";
 import { listenZeroSingleClient } from './listen-cluster';
 import { ffmpegLogInitialOutput, safeKillFFmpeg, safePrintFFmpegArguments } from './media-helpers';
 import { createRtspParser } from "./rtsp-server";
@@ -228,6 +229,7 @@ export async function startParserSession<T extends string>(ffmpegInput: FFmpegIn
    ffmpegLogInitialOutput(console, cp, undefined, options?.storage);
    cp.on('exit', () => kill(new Error('ffmpeg exited')));

+    const deferredStart = new Deferred<void>();
    // now parse the created pipes
    const start = () => {
        for (const p of startParsers) {
@@ -246,6 +248,7 @@ export async function startParserSession<T extends string>(ffmpegInput: FFmpegIn
                const { resetActivityTimer } = setupActivityTimer(container, kill, events, options?.timeout);

                for await (const chunk of parser.parse(pipe as any, parseInt(inputVideoResolution?.[2]), parseInt(inputVideoResolution?.[3]))) {
+                    await deferredStart.promise;
                    events.emit(container, chunk);
                    resetActivityTimer();
                }
@@ -257,21 +260,26 @@ export async function startParserSession<T extends string>(ffmpegInput: FFmpegIn
        });
    };

-    await parseVideoCodec(cp);
    const rtsp = (options.parsers as any).rtsp as ReturnType<typeof createRtspParser>;
    rtsp.sdp.then(sdp => {
        const parsed = parseSdp(sdp);
-        const audio = parsed.msections.find(msection=>msection.type === 'audio');
-        const video = parsed.msections.find(msection=>msection.type === 'video');
+        const audio = parsed.msections.find(msection => msection.type === 'audio');
+        const video = parsed.msections.find(msection => msection.type === 'video');
        inputVideoCodec = video?.codec;
        inputAudioCodec = audio?.codec;
    });

-    const sdp = rtsp.sdp.then(sdpString => [Buffer.from(sdpString)]);
+    const sdp = new Deferred<Buffer[]>();
+    rtsp.sdp.then(r => sdp.resolve([Buffer.from(r)]));
+    killed.then(() => sdp.reject(new Error("ffmpeg killed before sdp could be parsed")));
+
+    start();

    return {
-        start,
-        sdp,
+        start() {
+            deferredStart.resolve();
+        },
+        sdp: sdp.promise,
        get inputAudioCodec() {
            return inputAudioCodec;
        },
--- a/common/src/listen-cluster.ts
+++ b/common/src/listen-cluster.ts
@@ -1,6 +1,6 @@
-import net from 'net';
-import { once } from 'events';
 import dgram, { SocketType } from 'dgram';
+import { once } from 'events';
+import net from 'net';

 export async function closeQuiet(socket: dgram.Socket | net.Server) {
    if (!socket)
@@ -37,6 +37,23 @@ export async function createBindZero(socketType?: SocketType) {
    return createBindUdp(0, socketType);
 }

+export async function createSquentialBindZero(socketType?: SocketType) {
+    let attempts = 0;
+    while (true) {
+        const rtpServer = await createBindZero(socketType);
+        try {
+            const rtcpServer = await createBindUdp(rtpServer.port + 1, socketType);
+            return [rtpServer, rtcpServer];
+        }
+        catch (e) {
+            attempts++;
+            closeQuiet(rtpServer.server);
+        }
+        if (attempts === 10)
+            throw new Error('unable to reserve sequential udp ports')
+    }
+}
+
 export async function reserveUdpPort() {
    const udp = await createBindZero();
    await new Promise(resolve => udp.server.close(() => resolve(undefined)));
@@ -62,4 +79,4 @@ export async function bind(server: dgram.Socket, port: number) {
    }
 }

-export { listenZero, listenZeroSingleClient, ListenZeroSingleClientTimeoutError } from "@scrypted/server/src/listen-zero";
+export { ListenZeroSingleClientTimeoutError, listenZero, listenZeroSingleClient } from "@scrypted/server/src/listen-zero";
--- a/common/src/rtc-signaling.ts
+++ b/common/src/rtc-signaling.ts
@@ -51,14 +51,8 @@ function silence() {
    return ret;
 }

-export class BrowserSignalingSession implements RTCSignalingSession {
-    private pc: RTCPeerConnection;
-    pcDeferred = new Deferred<RTCPeerConnection>();
-    dcDeferred = new Deferred<RTCDataChannel>();
-    microphone: RTCRtpSender;
-    micEnabled = false;
-    onPeerConnection: (pc: RTCPeerConnection) => Promise<void>;
-    options: RTCSignalingOptions = {
+function createOptions() {
+    const options: RTCSignalingOptions = {
        userAgent: getUserAgent(),
        capabilities: {
            audio: RTCRtpReceiver.getCapabilities?.('audio') || {
@@ -76,6 +70,18 @@ export class BrowserSignalingSession implements RTCSignalingSession {
            height: screen.height,
        },
    };
+    return options;
+}
+
+export class BrowserSignalingSession implements RTCSignalingSession {
+    private pc: RTCPeerConnection;
+    pcDeferred = new Deferred<RTCPeerConnection>();
+    dcDeferred = new Deferred<RTCDataChannel>();
+    microphone: RTCRtpSender;
+    micEnabled = false;
+    onPeerConnection: (pc: RTCPeerConnection) => Promise<void>;
+    __proxy_props = { options: createOptions() };
+    options = createOptions();

    constructor() {
    }
@@ -284,6 +290,10 @@ function createCandidateQueue(console: Console, type: string, session: RTCSignal
    }
 }

+export async function legacyGetSignalingSessionOptions(session: RTCSignalingSession) {
+    return typeof session.options === 'object' ? session.options : await session.getOptions();
+}
+
 export async function connectRTCSignalingClients(
    console: Console,
    offerClient: RTCSignalingSession,
@@ -291,8 +301,8 @@ export async function connectRTCSignalingClients(
    answerClient: RTCSignalingSession,
    answerSetup: Partial<RTCAVSignalingSetup>
 ) {
-    const offerOptions = await offerClient.getOptions();
-    const answerOptions = await answerClient.getOptions();
+    const offerOptions = await legacyGetSignalingSessionOptions(offerClient);
+    const answerOptions = await legacyGetSignalingSessionOptions(answerClient);
    const disableTrickle = offerOptions?.disableTrickle || answerOptions?.disableTrickle;

    if (offerOptions?.offer && answerOptions?.offer)
--- a/common/src/rtsp-server.ts
+++ b/common/src/rtsp-server.ts
@@ -6,14 +6,14 @@ import { parseHTTPHeadersQuotedKeyValueSet } from 'http-auth-utils/dist/utils';
 import net from 'net';
 import { Duplex, Readable, Writable } from 'stream';
 import tls from 'tls';
+import { URL } from 'url';
 import { Deferred } from './deferred';
-import { closeQuiet, createBindUdp, createBindZero, listenZeroSingleClient } from './listen-cluster';
+import { closeQuiet, createBindZero, createSquentialBindZero, listenZeroSingleClient } from './listen-cluster';
 import { timeoutPromise } from './promise-utils';
 import { readLength, readLine } from './read-stream';
 import { MSection, parseSdp } from './sdp-utils';
 import { sleep } from './sleep';
 import { StreamChunk, StreamParser, StreamParserOptions } from './stream-parser';
-import { URL } from 'url';

 const REQUIRED_WWW_AUTHENTICATE_KEYS = ['realm', 'nonce'];

@@ -195,48 +195,17 @@ export function createRtspParser(options?: StreamParserOptions): RtspStreamParse
            '-f', 'rtsp',
        ],
        findSyncFrame(streamChunks: StreamChunk[]) {
-            let foundIndex: number;
-            let nonVideo: {
-                [codec: string]: StreamChunk,
-            } = {};
-
-            const createSyncFrame = () => {
-                const ret = streamChunks.slice(foundIndex);
-                // for (const nv of Object.values(nonVideo)) {
-                //     ret.unshift(nv);
-                // }
-                return ret;
-            }
-
            for (let prebufferIndex = 0; prebufferIndex < streamChunks.length; prebufferIndex++) {
                const streamChunk = streamChunks[prebufferIndex];
                if (streamChunk.type !== 'h264') {
-                    nonVideo[streamChunk.type] = streamChunk;
                    continue;
                }

-                if (findH264NaluType(streamChunk, H264_NAL_TYPE_SPS))
-                    foundIndex = prebufferIndex;
-            }
-
-            if (foundIndex !== undefined)
-                return createSyncFrame();
-
-            nonVideo = {};
-            // some streams don't contain codec info, so find an idr frame instead.
-            for (let prebufferIndex = 0; prebufferIndex < streamChunks.length; prebufferIndex++) {
-                const streamChunk = streamChunks[prebufferIndex];
-                if (streamChunk.type !== 'h264') {
-                    nonVideo[streamChunk.type] = streamChunk;
-                    continue;
+                if (findH264NaluType(streamChunk, H264_NAL_TYPE_SPS) || findH264NaluType(streamChunk, H264_NAL_TYPE_IDR)) {
+                    return streamChunks.slice(prebufferIndex);
                }
-                if (findH264NaluType(streamChunk, H264_NAL_TYPE_IDR))
-                    foundIndex = prebufferIndex;
            }

-            if (foundIndex !== undefined)
-                return createSyncFrame();
-
            // oh well!
        },
        sdp: new Promise<string>(r => resolve = r),
@@ -964,8 +933,7 @@ export class RtspServer {
            const match = transport.match(/.*?client_port=([0-9]+)-([0-9]+)/);
            const [_, rtp, rtcp] = match;

-            const rtpServer = await createBindZero();
-            const rtcpServer = await createBindUdp(rtpServer.port + 1);
+            const [rtpServer, rtcpServer] = await createSquentialBindZero();
            this.client.on('close', () => closeQuiet(rtpServer.server));
            this.client.on('close', () => closeQuiet(rtcpServer.server));
            this.setupTracks[msection.control] = {
--- a/external/ring-client-api
+++ b/external/ring-client-api
--- a/external/unifi-protect
+++ b/external/unifi-protect
--- a/external/werift
+++ b/external/werift
--- a/install/config.yaml
+++ b/install/config.yaml
@@ -1,6 +1,6 @@
 # Home Assistant Addon Configuration
 name: Scrypted
-version: "18-bullseye-full.s6-v0.13.2"
+version: "18-jammy-full.s6-v0.50.0"
 slug: scrypted
 description: Scrypted is a high performance home video integration and automation platform
 url: "https://github.com/koush/scrypted"
@@ -27,6 +27,7 @@ environment:
  SCRYPTED_NVR_VOLUME: "/data/scrypted_nvr"
  SCRYPTED_ADMIN_ADDRESS: "172.30.32.2"
  SCRYPTED_ADMIN_USERNAME: "homeassistant"
+  SCRYPTED_INSTALL_ENVIRONMENT: "ha"
 backup_exclude:
  - '/server/**'
  - '/data/scrypted_nvr/**'
@@ -34,6 +35,7 @@ backup_exclude:
 map:
  - config:rw
  - media:rw
+  - share:rw
 devices:
  - /dev/mem
  - /dev/dri/renderD128
--- a/install/docker/Dockerfile
+++ b/install/docker/Dockerfile
@@ -1,4 +1,4 @@
-ARG BASE="18-bullseye-full"
+ARG BASE="18-jammy-full"
 FROM koush/scrypted-common:${BASE}

 WORKDIR /
--- a/install/docker/Dockerfile.HEAD
+++ b/install/docker/Dockerfile.HEAD
@@ -1,4 +1,4 @@
-ARG BASE="16-bullseye"
+ARG BASE="16-jammy"
 FROM koush/scrypted-common:${BASE}

 WORKDIR /
--- a/install/docker/Dockerfile.full
+++ b/install/docker/Dockerfile.full
@@ -6,63 +6,53 @@
 # This common file will be used by both Docker and the linux
 # install script.
 ################################################################
-ARG BASE="bullseye"
-FROM debian:${BASE} as header
+ARG BASE="jammy"
+FROM ubuntu:${BASE} as header

-RUN apt-get update && apt-get -y install curl wget
+ENV DEBIAN_FRONTEND=noninteractive

-# switch to nvm?
-ARG NODE_VERSION=18
-RUN curl -fsSL https://deb.nodesource.com/setup_${NODE_VERSION}.x | bash -
-RUN apt-get update
-RUN apt-get install -y nodejs
-
-# Coral Edge TPU
-# https://coral.ai/docs/accelerator/get-started/#runtime-on-linux
-RUN echo "deb https://packages.cloud.google.com/apt coral-edgetpu-stable main" | tee /etc/apt/sources.list.d/coral-edgetpu.list
-RUN curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
-RUN apt-get -y update
-RUN apt-get -y install libedgetpu1-std
-
-# intel opencl gpu for openvino
-RUN if [ "$(uname -m)" = "x86_64" ]; \
-    then \
-        apt-get -y install \
-        intel-opencl-icd; \
-    fi
-
-RUN apt-get -y install software-properties-common apt-utils
-RUN apt-get -y update
-RUN apt-get -y upgrade
-
-# base development stuff
-RUN apt-get -y install \
+# base tools and development stuff
+RUN apt-get update && apt-get -y install \
+    curl software-properties-common apt-utils \
    build-essential \
    cmake \
+    ffmpeg \
    gcc \
    libcairo2-dev \
    libgirepository1.0-dev \
-    libvips \
-    pkg-config
+    pkg-config && \
+    apt-get -y update && \
+    apt-get -y upgrade
+
+ARG NODE_VERSION=18
+RUN curl -fsSL https://deb.nodesource.com/setup_${NODE_VERSION}.x | bash -
+RUN apt-get update && apt-get install -y nodejs
+
+# python native
+RUN apt-get -y install \
+    python3 \
+    python3-dev \
+    python3-pip \
+    python3-setuptools \
+    python3-wheel

 # these are necessary for pillow-simd, additional on disk size is small
 # but could consider removing this.
 RUN apt-get -y install \
    libjpeg-dev zlib1g-dev

+# plugins support fallback to pillow, but vips is faster.
+RUN apt-get -y install \
+    libvips
+
 # gstreamer native https://gstreamer.freedesktop.org/documentation/installing/on-linux.html?gi-language=c#install-gstreamer-on-ubuntu-or-debian
 RUN apt-get -y install \
    gstreamer1.0-tools gstreamer1.0-plugins-base gstreamer1.0-plugins-good gstreamer1.0-plugins-bad gstreamer1.0-libav gstreamer1.0-alsa \
    gstreamer1.0-vaapi

-# python native
+# python3 gstreamer bindings
 RUN apt-get -y install \
-    python3 \
-    python3-dev \
-    python3-gst-1.0 \
-    python3-pip \
-    python3-setuptools \
-    python3-wheel
+    python3-gst-1.0

 # armv7l does not have wheels for any of these
 # and compile times would forever, if it works at all.
@@ -70,21 +60,21 @@ RUN apt-get -y install \
 # which causes weird behavior in python which looks at the arch version
 # which still reports 64bit, even if running in 32bit docker.
 # this scenario is not supported and will be reported at runtime.
-RUN if [ "$(uname -m)" != "x86_64" ]; \
-    then \
-        apt-get -y install \
-        python3-matplotlib \
-        python3-numpy \
-        python3-opencv \
-        python3-pil \
-        python3-skimage; \
-    fi
+# this bit is not necessary on amd64, but leaving it for consistency.
+RUN apt-get -y install \
+    python3-matplotlib \
+    python3-numpy \
+    python3-opencv \
+    python3-pil \
+    python3-skimage

-# python pip
+# allow pip to install to system
 RUN rm -f /usr/lib/python**/EXTERNALLY-MANAGED
-RUN python3 -m pip install --upgrade pip
+
 # pyvips is broken on x86 due to mismatch ffi
 # https://stackoverflow.com/questions/62658237/it-seems-that-the-version-of-the-libffi-library-seen-at-runtime-is-different-fro
+
+RUN python3 -m pip install --upgrade pip
 RUN python3 -m pip install --force-reinstall --no-binary :all: cffi
 RUN python3 -m pip install debugpy typing_extensions psutil

@@ -96,15 +86,51 @@ RUN python3 -m pip install debugpy typing_extensions psutil
 ################################################################
 FROM header as base

-ENV SCRYPTED_DOCKER_SERVE="true"
+# intel opencl gpu for openvino
+RUN bash -c "if [ \"$(uname -m)\" == \"x86_64\" ]; \
+    then \
+        apt-get update && apt-get install -y gpg-agent && \
+        rm -f /usr/share/keyrings/intel-graphics.gpg && \
+        curl -L https://repositories.intel.com/graphics/intel-graphics.key | gpg --dearmor --output /usr/share/keyrings/intel-graphics.gpg && \
+        echo 'deb [arch=amd64,i386 signed-by=/usr/share/keyrings/intel-graphics.gpg] https://repositories.intel.com/graphics/ubuntu jammy arc' | tee  /etc/apt/sources.list.d/intel.gpu.jammy.list && \
+        apt-get -y update && \
+        apt-get -y install intel-opencl-icd intel-media-va-driver-non-free && \
+        apt-get -y dist-upgrade; \
+    fi"
+
+# python 3.9 from ppa.
+# 3.9 is the version with prebuilt support for tensorflow lite
+RUN add-apt-repository ppa:deadsnakes/ppa && \
+    apt-get -y install \
+    python3.9 \
+    python3.9-dev \
+    python3.9-distutils
+
+# allow pip to install to system
+RUN rm -f /usr/lib/python**/EXTERNALLY-MANAGED
+
+RUN python3.9 -m pip install --upgrade pip
+RUN python3.9 -m pip install --force-reinstall --no-binary :all: cffi
+RUN python3.9 -m pip install debugpy typing_extensions psutil
+
+# Coral Edge TPU
+# https://coral.ai/docs/accelerator/get-started/#runtime-on-linux
+RUN echo "deb https://packages.cloud.google.com/apt coral-edgetpu-stable main" | tee /etc/apt/sources.list.d/coral-edgetpu.list
+RUN curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
+RUN apt-get -y update && apt-get -y install libedgetpu1-std
+
+ENV SCRYPTED_INSTALL_ENVIRONMENT="docker"
 ENV SCRYPTED_CAN_RESTART="true"
 ENV SCRYPTED_VOLUME="/server/volume"
 ENV SCRYPTED_INSTALL_PATH="/server"

+RUN test -f "/usr/bin/ffmpeg"
+ENV SCRYPTED_FFMPEG_PATH="/usr/bin/ffmpeg"
+
 # changing this forces pip and npm to perform reinstalls.
 # if this base image changes, this version must be updated.
-ENV SCRYPTED_BASE_VERSION=20230329
-ENV SCRYPTED_DOCKER_FLAVOR=full
+ENV SCRYPTED_BASE_VERSION="20230727"
+ENV SCRYPTED_DOCKER_FLAVOR="full"

 ################################################################
 # End section generated from template/Dockerfile.full.footer
--- a/install/docker/Dockerfile.lite
+++ b/install/docker/Dockerfile.lite
@@ -1,27 +1,24 @@
-ARG BASE="bullseye"
-FROM debian:${BASE} as header
+ARG BASE="jammy"
+FROM ubuntu:${BASE} as header

-RUN apt-get update && apt-get -y install curl wget
+ENV DEBIAN_FRONTEND=noninteractive

-# switch to nvm?
-ARG NODE_VERSION=18
-RUN curl -fsSL https://deb.nodesource.com/setup_${NODE_VERSION}.x | bash -
-RUN apt-get update
-RUN apt-get install -y nodejs
-
-RUN apt-get -y update
-RUN apt-get -y upgrade
-RUN apt-get -y install software-properties-common apt-utils
-RUN apt-get -y update
-
-# base development stuff
-RUN apt-get -y install \
+# base tools and development stuff
+RUN apt-get update && apt-get -y install \
+    curl software-properties-common apt-utils \
    build-essential \
    cmake \
+    ffmpeg \
    gcc \
    libcairo2-dev \
    libgirepository1.0-dev \
-    pkg-config
+    pkg-config && \
+    apt-get -y update && \
+    apt-get -y upgrade
+
+ARG NODE_VERSION=18
+RUN curl -fsSL https://deb.nodesource.com/setup_${NODE_VERSION}.x | bash -
+RUN apt-get update && apt-get install -y nodejs

 # python native
 RUN apt-get -y install \
@@ -36,12 +33,15 @@ RUN rm -f /usr/lib/python**/EXTERNALLY-MANAGED
 RUN python3 -m pip install --upgrade pip
 RUN python3 -m pip install debugpy typing_extensions psutil

-ENV SCRYPTED_DOCKER_SERVE="true"
+ENV SCRYPTED_INSTALL_ENVIRONMENT="docker"
 ENV SCRYPTED_CAN_RESTART="true"
 ENV SCRYPTED_VOLUME="/server/volume"
 ENV SCRYPTED_INSTALL_PATH="/server"

+RUN test -f "/usr/bin/ffmpeg"
+ENV SCRYPTED_FFMPEG_PATH="/usr/bin/ffmpeg"
+
 # changing this forces pip and npm to perform reinstalls.
 # if this base image changes, this version must be updated.
-ENV SCRYPTED_BASE_VERSION=20230329
-ENV SCRYPTED_DOCKER_FLAVOR=lite
+ENV SCRYPTED_BASE_VERSION="20230727"
+ENV SCRYPTED_DOCKER_FLAVOR="lite"
--- a/install/docker/Dockerfile.nvidia
+++ b/install/docker/Dockerfile.nvidia
@@ -1,4 +1,4 @@
-FROM koush/18-bullseye-full.s6
+FROM koush/18-jammy-full.s6

 WORKDIR /

--- a/install/docker/Dockerfile.s6
+++ b/install/docker/Dockerfile.s6
@@ -1,8 +1,8 @@
-ARG BASE="18-bullseye-full"
+ARG BASE="18-jammy-full"
 FROM koush/scrypted-common:${BASE}

 # avahi advertiser support
-RUN apt-get -y install \
+RUN apt-get update && apt-get -y install \
    libnss-mdns \
    avahi-discover \
    libavahi-compat-libdnssd-dev \
@@ -12,13 +12,14 @@ RUN apt-get -y install \
 COPY fs /

 # s6 process supervisor
-ARG S6_OVERLAY_VERSION=3.1.1.2
+ARG S6_OVERLAY_VERSION=3.1.5.0
 ENV S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0
 ENV S6_KEEP_ENV=1
-RUN case "$(uname -m)" in \
-    x86_64) S6_ARCH='x86_64';; \
-    armv7l) S6_ARCH='armhf';; \
-    aarch64) S6_ARCH='aarch64';; \
+ARG TARGETARCH
+RUN case "${TARGETARCH}" in \
+    amd64) S6_ARCH='x86_64';; \
+    arm) S6_ARCH='armhf';; \
+    arm64) S6_ARCH='aarch64';; \
    *) echo "Your system architecture isn't supported."; exit 1 ;; \
    esac \
  && cd /tmp \
--- a/install/docker/Dockerfile.thin
+++ b/install/docker/Dockerfile.thin
@@ -1,25 +1,25 @@
-ARG BASE="bullseye"
-FROM debian:${BASE} as header
+ARG BASE="jammy"
+FROM ubuntu:${BASE} as header

-RUN apt-get update && apt-get -y install curl wget
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get -y update && \
+    apt-get -y upgrade && \
+    apt-get -y install curl software-properties-common apt-utils ffmpeg

 # switch to nvm?
 ARG NODE_VERSION=18
-RUN curl -fsSL https://deb.nodesource.com/setup_${NODE_VERSION}.x | bash -
-RUN apt-get update
-RUN apt-get install -y nodejs
+RUN curl -fsSL https://deb.nodesource.com/setup_${NODE_VERSION}.x | bash - && apt-get update && apt-get install -y nodejs

-RUN apt-get -y update
-RUN apt-get -y upgrade
-RUN apt-get -y install software-properties-common apt-utils
-RUN apt-get -y update
-
-ENV SCRYPTED_DOCKER_SERVE="true"
+ENV SCRYPTED_INSTALL_ENVIRONMENT="docker"
 ENV SCRYPTED_CAN_RESTART="true"
 ENV SCRYPTED_VOLUME="/server/volume"
 ENV SCRYPTED_INSTALL_PATH="/server"

+RUN test -f "/usr/bin/ffmpeg"
+ENV SCRYPTED_FFMPEG_PATH="/usr/bin/ffmpeg"
+
 # changing this forces pip and npm to perform reinstalls.
 # if this base image changes, this version must be updated.
-ENV SCRYPTED_BASE_VERSION=20230329
-ENV SCRYPTED_DOCKER_FLAVOR=thin
+ENV SCRYPTED_BASE_VERSION="20230727"
+ENV SCRYPTED_DOCKER_FLAVOR="thin"
--- a/install/docker/docker-build-nvidia.sh
+++ b/install/docker/docker-build-nvidia.sh
@@ -1,3 +1,3 @@
 ./docker-build.sh

-docker build -t koush/scrypted:18-bullseye-full.nvidia -f Dockerfile.nvidia
+docker build -t koush/scrypted:18-jammy-full.nvidia -f Dockerfile.nvidia
--- a/install/docker/docker-build.sh
+++ b/install/docker/docker-build.sh
@@ -3,7 +3,8 @@
 set -x

 NODE_VERSION=18
-IMAGE_BASE=bookworm
+SCRYPTED_INSTALL_VERSION=beta
+IMAGE_BASE=jammy
 FLAVOR=full
 BASE=$NODE_VERSION-$IMAGE_BASE-$FLAVOR
 echo $BASE
@@ -14,4 +15,4 @@ docker build -t koush/scrypted-common:$BASE -f Dockerfile.$FLAVOR \
    --build-arg NODE_VERSION=$NODE_VERSION --build-arg BASE=$IMAGE_BASE . && \
 \
 docker build -t koush/scrypted:$SUPERVISOR_BASE -f Dockerfile$SUPERVISOR \
-    --build-arg BASE=$BASE .
+    --build-arg BASE=$BASE --build-arg SCRYPTED_INSTALL_VERSION=$SCRYPTED_INSTALL_VERSION .
--- a/install/docker/docker-compose.yml
+++ b/install/docker/docker-compose.yml
@@ -3,9 +3,10 @@ version: "3.5"
 # The Scrypted docker-compose.yml file typically resides at:
 # ~/.scrypted/docker-compose.yml

+
+# Scrypted NVR Storage (Optional Network Volume: Part 1 of 3)
 # Example volumes SMB (CIFS) and NFS.
 # Uncomment only one.
-
 # volumes:
 #     nvr:
 #         driver_opts:
@@ -20,38 +21,38 @@ version: "3.5"

 services:
    scrypted:
-        image: koush/scrypted
        environment:
+            # Scrypted NVR Storage (Part 2 of 3)
+
+            # Uncomment the next line to configure the NVR plugin to store recordings
+            # use the /nvr directory within the container. This can also be configured
+            # within the plugin manually.
+            # The drive or network share will ALSO need to be configured in the volumes
+            # section below.
+            # - SCRYPTED_NVR_VOLUME=/nvr
+
            - SCRYPTED_WEBHOOK_UPDATE_AUTHORIZATION=Bearer SET_THIS_TO_SOME_RANDOM_TEXT
            - SCRYPTED_WEBHOOK_UPDATE=http://localhost:10444/v1/update
-            # nvidia support
+
+            # Uncomment next 3 lines for Nvidia GPU support.
            # - NVIDIA_VISIBLE_DEVICES=all
            # - NVIDIA_DRIVER_CAPABILITIES=all
-        # runtime: nvidia
-        container_name: scrypted
-        restart: unless-stopped
-        network_mode: host

-        devices:
-            # hardware accelerated video decoding, opencl, etc.
-            - /dev/dri:/dev/dri
-            # uncomment below as necessary.
-            # zwave usb serial device
-            #   - /dev/ttyACM0:/dev/ttyACM0
-            # all usb devices, such as coral tpu
-            #   - /dev/bus/usb:/dev/bus/usb
-            # coral PCI devices
-            # - /dev/apex_0:/dev/apex_0
-            # - /dev/apex_1:/dev/apex_1
+            # Uncomment next line to run avahi-daemon inside the container
+            # Don't use if dbus and avahi run on the host and are bind-mounted
+            # (see below under "volumes")
+            # - SCRYPTED_DOCKER_AVAHI=true
+        # runtime: nvidia

        volumes:
-            - ~/.scrypted/volume:/server/volume
-            # modify and add the additional volume for Scrypted NVR
-            # the following example would mount the /mnt/sda/video path on the host
-            # to the /nvr path inside the docker container.
-            # - /mnt/sda/video:/nvr
+            # Scrypted NVR Storage (Part 3 of 3)

-            # or use a network mount from one of the examples above
+            # Modify to add the additional volume for Scrypted NVR.
+            # The following example would mount the /mnt/sda/video path on the host
+            # to the /nvr path inside the docker container.
+            # - /mnt/media/video:/nvr
+
+            # Or use a network mount from one of the CIFS/NFS examples at the top of this file.
            # - type: volume
            #   source: nvr
            #   target: /nvr
@@ -60,8 +61,37 @@ services:

            # uncomment the following lines to expose Avahi, an mDNS advertiser.
            # make sure Avahi is running on the host machine, otherwise this will not work.
+            # not compatible with Avahi enabled via SCRYPTED_DOCKER_AVAHI=true
            # - /var/run/dbus:/var/run/dbus
            # - /var/run/avahi-daemon/socket:/var/run/avahi-daemon/socket
+
+            # Default volume for the Scrypted database. Typically should not be changed.
+            - ~/.scrypted/volume:/server/volume
+        devices: [
+            # uncomment the common systems devices to pass
+            # them through to docker.
+
+            # all usb devices, such as coral tpu
+            # "/dev/bus/usb:/dev/bus/usb",
+
+            # hardware accelerated video decoding, opencl, etc.
+            # "/dev/dri:/dev/dri",
+
+            # uncomment below as necessary.
+            # zwave usb serial device
+
+            # "/dev/ttyACM0:/dev/ttyACM0",
+
+            # coral PCI devices
+            # "/dev/apex_0:/dev/apex_0",
+            # "/dev/apex_1:/dev/apex_1",
+        ]
+
+        container_name: scrypted
+        restart: unless-stopped
+        network_mode: host
+        image: koush/scrypted
+
        # logging is noisy and will unnecessarily wear on flash storage.
        # scrypted has per device in memory logging that is preferred.
        logging:
--- a/install/docker/fs/etc/s6-overlay/s6-rc.d/avahi/run
+++ b/install/docker/fs/etc/s6-overlay/s6-rc.d/avahi/run
@@ -1,7 +1,7 @@
 #!/bin/bash

-if [ -z "$SCRYPTED_DOCKER_AVAHI" ]
-then
+if [[ "${SCRYPTED_DOCKER_AVAHI}" != "true" ]]; then
+  echo "SCRYPTED_DOCKER_AVAHI != true, not starting avahi-daemon" >/dev/stderr
  while true
  do
    sleep 1000
@@ -13,4 +13,4 @@ until [ -e /var/run/dbus/system_bus_socket ]; do
  sleep 1s
 done
 echo "Starting Avahi daemon..."
-exec avahi-daemon --no-chroot -f /etc/avahi/avahi-daemon.conf
+exec avahi-daemon --no-chroot -f /etc/avahi/avahi-daemon.conf
--- a/install/docker/fs/etc/s6-overlay/s6-rc.d/dbus/run
+++ b/install/docker/fs/etc/s6-overlay/s6-rc.d/dbus/run
@@ -1,4 +1,12 @@
 #!/bin/bash

+if [[ "${SCRYPTED_DOCKER_AVAHI}" != "true" ]]; then
+  echo "SCRYPTED_DOCKER_AVAHI != true, not starting dbus-daemon" >/dev/stderr
+  while true
+  do
+    sleep 1000
+  done
+fi
+
 echo "Starting dbus..."
-exec dbus-daemon --system --nofork
+exec dbus-daemon --system --nofork
--- a/install/docker/fs/etc/s6-overlay/scripts/setup.sh
+++ b/install/docker/fs/etc/s6-overlay/scripts/setup.sh
@@ -1,5 +1,15 @@
 #!/bin/bash

+if [[ "${SCRYPTED_DOCKER_AVAHI}" != "true" ]]; then
+  echo "SCRYPTED_DOCKER_AVAHI != true, won't manage dbus nor avahi-daemon" >/dev/stderr
+  exit 0
+fi
+
+if grep -qE " ((/var)?/run/dbus|(/var)?/run/avahi-daemon(/socket)?) " /proc/mounts; then
+  echo "dbus and/or avahi-daemon volumes are bind mounted, won't touch them" >/dev/stderr
+  exit 0
+fi
+
 # make run folders
 mkdir -p /var/run/dbus
 mkdir -p /var/run/avahi-daemon
@@ -22,4 +32,4 @@ if [ ! -z "$DSM_HOSTNAME" ]; then
  sed -i "s/.*host-name.*/host-name=${DSM_HOSTNAME}/" /etc/avahi/avahi-daemon.conf
 else
  sed -i "s/.*host-name.*/#host-name=/" /etc/avahi/avahi-daemon.conf
-fi
+fi
--- a/install/docker/install-scrypted-docker-compose.sh
+++ b/install/docker/install-scrypted-docker-compose.sh
@@ -43,6 +43,10 @@ WATCHTOWER_HTTP_API_TOKEN=$(echo $RANDOM | md5sum)
 DOCKER_COMPOSE_YML=$SCRYPTED_HOME/docker-compose.yml
 echo "Created $DOCKER_COMPOSE_YML"
 curl -s https://raw.githubusercontent.com/koush/scrypted/main/install/docker/docker-compose.yml | sed s/SET_THIS_TO_SOME_RANDOM_TEXT/"$(echo $RANDOM | md5sum | head -c 32)"/g > $DOCKER_COMPOSE_YML
+if [ -d /dev/dri ]
+then
+    sed -i 's/'#' - \/dev\/dri/- \/dev\/dri/g' $DOCKER_COMPOSE_YML
+fi

 echo "Setting permissions on $SCRYPTED_HOME"
 chown -R $SERVICE_USER $SCRYPTED_HOME
--- a/install/docker/template/Dockerfile.full.footer
+++ b/install/docker/template/Dockerfile.full.footer
@@ -3,15 +3,51 @@
 ################################################################
 FROM header as base

-ENV SCRYPTED_DOCKER_SERVE="true"
+# intel opencl gpu for openvino
+RUN bash -c "if [ \"$(uname -m)\" == \"x86_64\" ]; \
+    then \
+        apt-get update && apt-get install -y gpg-agent && \
+        rm -f /usr/share/keyrings/intel-graphics.gpg && \
+        curl -L https://repositories.intel.com/graphics/intel-graphics.key | gpg --dearmor --output /usr/share/keyrings/intel-graphics.gpg && \
+        echo 'deb [arch=amd64,i386 signed-by=/usr/share/keyrings/intel-graphics.gpg] https://repositories.intel.com/graphics/ubuntu jammy arc' | tee  /etc/apt/sources.list.d/intel.gpu.jammy.list && \
+        apt-get -y update && \
+        apt-get -y install intel-opencl-icd intel-media-va-driver-non-free && \
+        apt-get -y dist-upgrade; \
+    fi"
+
+# python 3.9 from ppa.
+# 3.9 is the version with prebuilt support for tensorflow lite
+RUN add-apt-repository ppa:deadsnakes/ppa && \
+    apt-get -y install \
+    python3.9 \
+    python3.9-dev \
+    python3.9-distutils
+
+# allow pip to install to system
+RUN rm -f /usr/lib/python**/EXTERNALLY-MANAGED
+
+RUN python3.9 -m pip install --upgrade pip
+RUN python3.9 -m pip install --force-reinstall --no-binary :all: cffi
+RUN python3.9 -m pip install debugpy typing_extensions psutil
+
+# Coral Edge TPU
+# https://coral.ai/docs/accelerator/get-started/#runtime-on-linux
+RUN echo "deb https://packages.cloud.google.com/apt coral-edgetpu-stable main" | tee /etc/apt/sources.list.d/coral-edgetpu.list
+RUN curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
+RUN apt-get -y update && apt-get -y install libedgetpu1-std
+
+ENV SCRYPTED_INSTALL_ENVIRONMENT="docker"
 ENV SCRYPTED_CAN_RESTART="true"
 ENV SCRYPTED_VOLUME="/server/volume"
 ENV SCRYPTED_INSTALL_PATH="/server"

+RUN test -f "/usr/bin/ffmpeg"
+ENV SCRYPTED_FFMPEG_PATH="/usr/bin/ffmpeg"
+
 # changing this forces pip and npm to perform reinstalls.
 # if this base image changes, this version must be updated.
-ENV SCRYPTED_BASE_VERSION=20230329
-ENV SCRYPTED_DOCKER_FLAVOR=full
+ENV SCRYPTED_BASE_VERSION="20230727"
+ENV SCRYPTED_DOCKER_FLAVOR="full"

 ################################################################
 # End section generated from template/Dockerfile.full.footer
--- a/install/docker/template/Dockerfile.full.header
+++ b/install/docker/template/Dockerfile.full.header
@@ -3,63 +3,53 @@
 # This common file will be used by both Docker and the linux
 # install script.
 ################################################################
-ARG BASE="bullseye"
-FROM debian:${BASE} as header
+ARG BASE="jammy"
+FROM ubuntu:${BASE} as header

-RUN apt-get update && apt-get -y install curl wget
+ENV DEBIAN_FRONTEND=noninteractive

-# switch to nvm?
-ARG NODE_VERSION=18
-RUN curl -fsSL https://deb.nodesource.com/setup_${NODE_VERSION}.x | bash -
-RUN apt-get update
-RUN apt-get install -y nodejs
-
-# Coral Edge TPU
-# https://coral.ai/docs/accelerator/get-started/#runtime-on-linux
-RUN echo "deb https://packages.cloud.google.com/apt coral-edgetpu-stable main" | tee /etc/apt/sources.list.d/coral-edgetpu.list
-RUN curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
-RUN apt-get -y update
-RUN apt-get -y install libedgetpu1-std
-
-# intel opencl gpu for openvino
-RUN if [ "$(uname -m)" = "x86_64" ]; \
-    then \
-        apt-get -y install \
-        intel-opencl-icd; \
-    fi
-
-RUN apt-get -y install software-properties-common apt-utils
-RUN apt-get -y update
-RUN apt-get -y upgrade
-
-# base development stuff
-RUN apt-get -y install \
+# base tools and development stuff
+RUN apt-get update && apt-get -y install \
+    curl software-properties-common apt-utils \
    build-essential \
    cmake \
+    ffmpeg \
    gcc \
    libcairo2-dev \
    libgirepository1.0-dev \
-    libvips \
-    pkg-config
+    pkg-config && \
+    apt-get -y update && \
+    apt-get -y upgrade
+
+ARG NODE_VERSION=18
+RUN curl -fsSL https://deb.nodesource.com/setup_${NODE_VERSION}.x | bash -
+RUN apt-get update && apt-get install -y nodejs
+
+# python native
+RUN apt-get -y install \
+    python3 \
+    python3-dev \
+    python3-pip \
+    python3-setuptools \
+    python3-wheel

 # these are necessary for pillow-simd, additional on disk size is small
 # but could consider removing this.
 RUN apt-get -y install \
    libjpeg-dev zlib1g-dev

+# plugins support fallback to pillow, but vips is faster.
+RUN apt-get -y install \
+    libvips
+
 # gstreamer native https://gstreamer.freedesktop.org/documentation/installing/on-linux.html?gi-language=c#install-gstreamer-on-ubuntu-or-debian
 RUN apt-get -y install \
    gstreamer1.0-tools gstreamer1.0-plugins-base gstreamer1.0-plugins-good gstreamer1.0-plugins-bad gstreamer1.0-libav gstreamer1.0-alsa \
    gstreamer1.0-vaapi

-# python native
+# python3 gstreamer bindings
 RUN apt-get -y install \
-    python3 \
-    python3-dev \
-    python3-gst-1.0 \
-    python3-pip \
-    python3-setuptools \
-    python3-wheel
+    python3-gst-1.0

 # armv7l does not have wheels for any of these
 # and compile times would forever, if it works at all.
@@ -67,21 +57,21 @@ RUN apt-get -y install \
 # which causes weird behavior in python which looks at the arch version
 # which still reports 64bit, even if running in 32bit docker.
 # this scenario is not supported and will be reported at runtime.
-RUN if [ "$(uname -m)" != "x86_64" ]; \
-    then \
-        apt-get -y install \
-        python3-matplotlib \
-        python3-numpy \
-        python3-opencv \
-        python3-pil \
-        python3-skimage; \
-    fi
+# this bit is not necessary on amd64, but leaving it for consistency.
+RUN apt-get -y install \
+    python3-matplotlib \
+    python3-numpy \
+    python3-opencv \
+    python3-pil \
+    python3-skimage

-# python pip
+# allow pip to install to system
 RUN rm -f /usr/lib/python**/EXTERNALLY-MANAGED
-RUN python3 -m pip install --upgrade pip
+
 # pyvips is broken on x86 due to mismatch ffi
 # https://stackoverflow.com/questions/62658237/it-seems-that-the-version-of-the-libffi-library-seen-at-runtime-is-different-fro
+
+RUN python3 -m pip install --upgrade pip
 RUN python3 -m pip install --force-reinstall --no-binary :all: cffi
 RUN python3 -m pip install debugpy typing_extensions psutil

--- a/install/local/install-scrypted-dependencies-linux.sh
+++ b/install/local/install-scrypted-dependencies-linux.sh
@@ -45,7 +45,7 @@ ARG() {
 }

 ENV() {
-    echo "ignoring ENV $1"
+    export $@
 }

 source <(curl -s https://raw.githubusercontent.com/koush/scrypted/main/install/docker/template/Dockerfile.full.header)
--- a/install/local/install-scrypted-dependencies-mac.sh
+++ b/install/local/install-scrypted-dependencies-mac.sh
@@ -58,6 +58,9 @@ brew unpin gst-python

 ### END HACK WORKAROUND

+# seems to be necessary for python-codecs' pycairo dependency or something?
+RUN_IGNORE gobject-introspection libffi pkg-config
+
 # gstreamer plugins
 RUN_IGNORE brew install gstreamer gst-plugins-base gst-plugins-good gst-plugins-bad gst-libav
 # gst python bindings
--- a/packages/cli/.vscode/launch.json
+++ b/packages/cli/.vscode/launch.json
@@ -19,11 +19,11 @@
                "-r",
                "ts-node/register"
            ],
+            "preLaunchTask": "npm: build",
            "args": [
                "ffplay",
-                "Kitchen",
-                "getRecordingStream",
-                "{\"startTime\":1677699495709}"
+                "Baby Camera@192.168.2.109",
+                "getVideoStream",
            ],
            "sourceMaps": true,
            "resolveSourceMapLocations": [
@@ -35,4 +35,4 @@
            ],
        },
    ]
-}
+}
--- a/packages/cli/package-lock.json
+++ b/packages/cli/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "scrypted",
-  "version": "1.0.67",
+  "version": "1.0.69",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "scrypted",
-      "version": "1.0.67",
+      "version": "1.0.69",
      "license": "ISC",
      "dependencies": {
        "@scrypted/client": "^1.1.43",
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@@ -1,6 +1,6 @@
 {
  "name": "scrypted",
-  "version": "1.0.67",
+  "version": "1.0.69",
  "description": "",
  "main": "./dist/main.js",
  "bin": {
--- a/packages/cli/src/main.ts
+++ b/packages/cli/src/main.ts
@@ -172,8 +172,11 @@ async function main() {
                ffmpegInput.inputArguments = ffmpegInput.inputArguments.map(i => i === ffmpegInput.url ? ffmpegInput.urls?.[0] : i);
            }
        }
-        console.log('ffplay', ...ffmpegInput.inputArguments);
-        child_process.spawn('ffplay', ffmpegInput.inputArguments, {
+        const args = [...ffmpegInput.inputArguments];
+        if (ffmpegInput.h264FilterArguments)
+            args.push(...ffmpegInput.h264FilterArguments);
+        console.log('ffplay', ...args);
+        child_process.spawn('ffplay', args, {
            stdio: 'inherit',
        });
        sdk.disconnect();
--- a/packages/client/package-lock.json
+++ b/packages/client/package-lock.json
@@ -1,15 +1,15 @@
 {
  "name": "@scrypted/client",
-  "version": "1.1.54",
+  "version": "1.1.55",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "@scrypted/client",
-      "version": "1.1.54",
+      "version": "1.1.55",
      "license": "ISC",
      "dependencies": {
-        "@scrypted/types": "^0.2.91",
+        "@scrypted/types": "^0.2.94",
        "axios": "^0.25.0",
        "engine.io-client": "^6.4.0",
        "rimraf": "^3.0.2"
@@ -21,9 +21,9 @@
      }
    },
    "node_modules/@scrypted/types": {
-      "version": "0.2.91",
-      "resolved": "https://registry.npmjs.org/@scrypted/types/-/types-0.2.91.tgz",
-      "integrity": "sha512-GfWil8cl2QwlTXk506ZXDALQfuv7zN48PtPlpmBMO/IYTQFtb+RB2zr+FwC9gdvRaZgs9NCCS2Fiig1OY7uxdQ=="
+      "version": "0.2.94",
+      "resolved": "https://registry.npmjs.org/@scrypted/types/-/types-0.2.94.tgz",
+      "integrity": "sha512-615C6lLnJGk0qhp+Y72B3xeD2CS9p/h8JUmFDjKh4H4IjL6zlV10tZVAXWQt3Q5rmy1WAaS3nScR6NgxZ5woOA=="
    },
    "node_modules/@socket.io/component-emitter": {
      "version": "3.1.0",
--- a/packages/client/package.json
+++ b/packages/client/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@scrypted/client",
-  "version": "1.1.54",
+  "version": "1.1.55",
  "description": "",
  "main": "dist/packages/client/src/index.js",
  "scripts": {
@@ -17,7 +17,7 @@
    "typescript": "^4.9.5"
  },
  "dependencies": {
-    "@scrypted/types": "^0.2.91",
+    "@scrypted/types": "^0.2.94",
    "axios": "^0.25.0",
    "engine.io-client": "^6.4.0",
    "rimraf": "^3.0.2"
--- a/packages/client/src/index.ts
+++ b/packages/client/src/index.ts
@@ -1,5 +1,5 @@
 import { MediaObjectOptions, RTCConnectionManagement, RTCSignalingSession, ScryptedStatic } from "@scrypted/types";
-import axios, { AxiosRequestConfig } from 'axios';
+import axios, { AxiosRequestConfig, AxiosRequestHeaders } from 'axios';
 import * as eio from 'engine.io-client';
 import { SocketOptions } from 'engine.io-client';
 import { Deferred } from "../../../common/src/deferred";
@@ -8,7 +8,6 @@ import { BrowserSignalingSession, waitPeerConnectionIceConnected, waitPeerIceCon
 import { DataChannelDebouncer } from "../../../plugins/webrtc/src/datachannel-debouncer";
 import type { IOSocket } from '../../../server/src/io';
 import { MediaObject } from '../../../server/src/plugin/mediaobject';
-import type { MediaObjectRemote } from '../../../server/src/plugin/plugin-api';
 import { attachPluginRemote } from '../../../server/src/plugin/plugin-remote';
 import { RpcPeer } from '../../../server/src/rpc';
 import { createRpcDuplexSerializer, createRpcSerializer } from '../../../server/src/rpc-serializer';
@@ -48,9 +47,8 @@ export interface ScryptedClientStatic extends ScryptedStatic {
    browserSignalingSession?: BrowserSignalingSession;
    address?: string;
    connectionType: ScryptedClientConnectionType;
-    authorization?: string;
-    queryToken?: { [parameter: string]: string };
-    rpcPeer: RpcPeer,
+    rpcPeer: RpcPeer;
+    loginResult: ScryptedClientLoginResult;
 }

 export interface ScryptedConnectionOptions {
@@ -59,6 +57,7 @@ export interface ScryptedConnectionOptions {
    webrtc?: boolean;
    baseUrl?: string;
    axiosConfig?: AxiosRequestConfig;
+    previousLoginResult?: ScryptedClientLoginResult;
 }

 export interface ScryptedLoginOptions extends ScryptedConnectionOptions {
@@ -138,6 +137,7 @@ export async function loginScryptedClient(options: ScryptedLoginOptions) {
    // should maybe move this into the cloud server itself.
    const scryptedCloud = response.headers['x-scrypted-cloud'] === 'true';
    const directAddress = response.headers['x-scrypted-direct-address'];
+    const cloudAddress = response.headers['x-scrypted-cloud-address'];

    return {
        error: response.data.error as string,
@@ -147,20 +147,35 @@ export async function loginScryptedClient(options: ScryptedLoginOptions) {
        addresses,
        scryptedCloud,
        directAddress,
+        cloudAddress,
    };
 }

 export async function checkScryptedClientLogin(options?: ScryptedConnectionOptions) {
    let { baseUrl } = options || {};
-    const url = combineBaseUrl(baseUrl, 'login');
+    let url = combineBaseUrl(baseUrl, 'login');
+    const headers: AxiosRequestHeaders = {};
+    if (options?.previousLoginResult?.queryToken) {
+        // headers.Authorization = options?.previousLoginResult?.authorization;
+        // const search = new URLSearchParams(options.previousLoginResult.queryToken);
+        // url += '?' + search.toString();
+        const token = options?.previousLoginResult.username + ":" + options.previousLoginResult.token;
+        const hash = Buffer.from(token).toString('base64');
+
+        headers.Authorization = `Basic ${hash}`;
+    }
    const response = await axios.get(url, {
        withCredentials: true,
+        headers,
        ...options?.axiosConfig,
    });
    const scryptedCloud = response.headers['x-scrypted-cloud'] === 'true';
    const directAddress = response.headers['x-scrypted-direct-address'];
+    const cloudAddress = response.headers['x-scrypted-cloud-address'];

    return {
+        baseUrl,
+        hostname: response.data.hostname as string,
        redirect: response.data.redirect as string,
        username: response.data.username as string,
        expiration: response.data.expiration as number,
@@ -172,9 +187,21 @@ export async function checkScryptedClientLogin(options?: ScryptedConnectionOptio
        addresses: response.data.addresses as string[],
        scryptedCloud,
        directAddress,
+        cloudAddress,
    };
 }

+export interface ScryptedClientLoginResult {
+    username: string;
+    token: string;
+    authorization: string;
+    queryToken: { [parameter: string]: string };
+    localAddresses: string[];
+    scryptedCloud: boolean;
+    directAddress: string;
+    cloudAddress: string;
+}
+
 export class ScryptedClientLoginError extends Error {
    constructor(public result: Awaited<ReturnType<typeof checkScryptedClientLogin>>) {
        super(result.error);
@@ -210,38 +237,95 @@ export async function redirectScryptedLogout(baseUrl?: string) {
 export async function connectScryptedClient(options: ScryptedClientOptions): Promise<ScryptedClientStatic> {
    const start = Date.now();
    let { baseUrl, pluginId, clientName, username, password } = options;
+
    let authorization: string;
    let queryToken: any;
-
-    const extraHeaders: { [header: string]: string } = {};
    let localAddresses: string[];
    let scryptedCloud: boolean;
    let directAddress: string;
+    let cloudAddress: string;
+    let token: string;

    console.log('@scrypted/client', packageJson.version);

+    const extraHeaders: { [header: string]: string } = {};
+
+    // Chrome will complain about websites making xhr requests to self signed https sites, even
+    // if the cert has been accepted. Other browsers seem fine.
+    // So the default is not to connect to IP addresses on Chrome, but do so on other browsers.
+    const isChrome = globalThis.navigator?.userAgent.includes('Chrome');
+    const isNotChromeOrIsInstalledApp = !isChrome || isInstalledApp();
+    let tryAlternateAddresses = false;
+
    if (username && password) {
        const loginResult = await loginScryptedClient(options as ScryptedLoginOptions);
        if (loginResult.authorization)
            extraHeaders['Authorization'] = loginResult.authorization;
        localAddresses = loginResult.addresses;
        scryptedCloud = loginResult.scryptedCloud;
+        directAddress = loginResult.directAddress;
+        cloudAddress = loginResult.cloudAddress;
        authorization = loginResult.authorization;
        queryToken = loginResult.queryToken;
+        token = loginResult.token;
        console.log('login result', Date.now() - start, loginResult);
    }
    else {
-        const loginCheck = await checkScryptedClientLogin({
+        const urlsToCheck = new Set<string>();
+        for (const u of [
+            ...options?.previousLoginResult?.localAddresses || [],
+            options?.previousLoginResult?.directAddress,
+            options?.previousLoginResult?.cloudAddress,
+        ]) {
+            if (u && options?.previousLoginResult?.token && (isNotChromeOrIsInstalledApp || options.direct))
+                urlsToCheck.add(u);
+        }
+
+        // the alternate urls must have a valid response.
+        const loginCheckPromises = [...urlsToCheck].map(async baseUrl => {
+            const loginCheck = await checkScryptedClientLogin({
+                baseUrl,
+                previousLoginResult: options?.previousLoginResult,
+            });
+
+            if (loginCheck.error || loginCheck.redirect)
+                throw new Error('login error');
+
+            if (!loginCheck.authorization || !loginCheck.username || !loginCheck.queryToken) {
+                console.error(loginCheck);
+                throw new Error('malformed login result');
+            }
+
+            return loginCheck;
+        });
+
+        const baseUrlCheck = checkScryptedClientLogin({
            baseUrl,
        });
+        loginCheckPromises.push(baseUrlCheck);
+
+        let loginCheck: Awaited<ReturnType<typeof checkScryptedClientLogin>>;
+        try {
+            loginCheck = await Promise.any(loginCheckPromises);
+            tryAlternateAddresses ||= loginCheck.baseUrl !== baseUrl;
+        }
+        catch (e) {
+            loginCheck = await baseUrlCheck;
+        }
+
+        if (tryAlternateAddresses)
+            console.log('Found direct login. Allowing alternate addresses.')
+
        if (loginCheck.error || loginCheck.redirect)
            throw new ScryptedClientLoginError(loginCheck);
        localAddresses = loginCheck.addresses;
        scryptedCloud = loginCheck.scryptedCloud;
        directAddress = loginCheck.directAddress;
+        cloudAddress = loginCheck.cloudAddress;
        username = loginCheck.username;
        authorization = loginCheck.authorization;
        queryToken = loginCheck.queryToken;
+        token = loginCheck.token;
        console.log('login checked', Date.now() - start, loginCheck);
    }

@@ -262,25 +346,41 @@ export async function connectScryptedClient(options: ScryptedClientOptions): Pro
    // watch for this flush.
    const flush = new Deferred<void>();

-    // Chrome will complain about websites making xhr requests to self signed https sites, even
-    // if the cert has been accepted. Other browsers seem fine.
-    // So the default is not to connect to IP addresses on Chrome, but do so on other browsers.
-    const isChrome = globalThis.navigator?.userAgent.includes('Chrome');
-    const isNotChromeOrIsInstalledApp = !isChrome || isInstalledApp();
-
    const addresses: string[] = [];
    const localAddressDefault = isNotChromeOrIsInstalledApp;
-    if (((scryptedCloud && options.local === undefined && localAddressDefault) || options.local) && localAddresses) {
+
+    tryAlternateAddresses ||= scryptedCloud;
+
+    if (((tryAlternateAddresses && options.local === undefined && localAddressDefault) || options.local) && localAddresses) {
        addresses.push(...localAddresses);
    }

    const directAddressDefault = directAddress && (isNotChromeOrIsInstalledApp || !isIPAddress(directAddress));
-    if (((scryptedCloud && options.direct === undefined && directAddressDefault) || options.direct) && directAddress) {
+    if (((tryAlternateAddresses && options.direct === undefined && directAddressDefault) || options.direct) && directAddress) {
        addresses.push(directAddress);
    }

+    if (((tryAlternateAddresses && options.direct === undefined) || options.direct) && cloudAddress) {
+        addresses.push(cloudAddress);
+    }
+
    const tryAddresses = !!addresses.length;
-    const tryWebrtc = !!globalThis.RTCPeerConnection && (scryptedCloud && options.webrtc === undefined) || options.webrtc;
+    const webrtcLastFailedKey = 'webrtcLastFailed';
+    const canUseWebrtc = !!globalThis.RTCPeerConnection;
+    let tryWebrtc = canUseWebrtc && options.webrtc;
+    // try webrtc by default on scrypted cloud.
+    // but webrtc takes a while to fail, so backoff if it fails to prevent continual slow starts.
+    if (scryptedCloud && canUseWebrtc && globalThis.localStorage && options.webrtc === undefined) {
+        tryWebrtc = true;
+        const webrtcLastFailed = parseFloat(localStorage.getItem(webrtcLastFailedKey));
+        // if webrtc has failed in the past day, dont attempt to use it.
+        const now = Date.now();
+        if (webrtcLastFailed < now && webrtcLastFailed > now - 1 * 24 * 60 * 60 * 1000) {
+            tryWebrtc = false;
+            console.warn('WebRTC API connection recently failed. Skipping.')
+        }
+    }
+
    console.log({
        tryLocalAddressess: tryAddresses,
        tryWebrtc,
@@ -457,7 +557,7 @@ export async function connectScryptedClient(options: ScryptedClientOptions): Pro
    const p2pPromises = [...promises];

    promises.push((async () => {
-        const waitDuration = tryWebrtc ? 3000 : (tryAddresses ? 1000 : 0);
+        const waitDuration = tryWebrtc ? 10000 : (tryAddresses ? 1000 : 0);
        console.log('waiting', waitDuration);
        if (waitDuration) {
            // give the peer to peers a second, but then try connecting directly.
@@ -484,6 +584,9 @@ export async function connectScryptedClient(options: ScryptedClientOptions): Pro
    const any = Promise.any(promises);
    let { ready, connectionType, address, rpcPeer } = await any;

+    if (tryWebrtc && connectionType !== 'webrtc')
+        localStorage.setItem(webrtcLastFailedKey, Date.now().toString());
+
    console.log('connected', connectionType, address)

    socket = ready;
@@ -601,9 +704,17 @@ export async function connectScryptedClient(options: ScryptedClientOptions): Pro
            pluginHostAPI: undefined,
            rtcConnectionManagement,
            browserSignalingSession,
-            authorization,
-            queryToken,
            rpcPeer,
+            loginResult: {
+                username,
+                token,
+                directAddress,
+                localAddresses,
+                scryptedCloud,
+                queryToken,
+                authorization,
+                cloudAddress,
+            }
        }

        socket.on('close', () => {
--- a/packages/deferred/package-lock.json
+++ b/packages/deferred/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "@scrypted/rpc",
-  "version": "0.0.2",
+  "version": "0.0.4",
  "lockfileVersion": 2,
  "requires": true,
  "packages": {
    "": {
      "name": "@scrypted/rpc",
-      "version": "0.0.2",
+      "version": "0.0.4",
      "license": "ISC",
      "devDependencies": {
        "@types/node": "^18.11.18",
--- a/packages/deferred/package.json
+++ b/packages/deferred/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@scrypted/deferred",
-  "version": "0.0.2",
+  "version": "0.0.4",
  "description": "",
  "main": "dist/index.js",
  "scripts": {
--- a/packages/deferred/src/async-queue.ts
+++ b/packages/deferred/src/async-queue.ts
@@ -0,0 +1 @@
+../../../common/src/async-queue.ts
--- a/packages/deferred/src/deferred.ts
+++ b/packages/deferred/src/deferred.ts
@@ -0,0 +1 @@
+../../../common/src/deferred.ts
--- a/packages/deferred/src/index.ts
+++ b/packages/deferred/src/index.ts
@@ -1 +0,0 @@
-../../../common/src/deferred.ts
--- a/packages/deferred/src/index.ts
+++ b/packages/deferred/src/index.ts
@@ -0,0 +1,2 @@
+export * from './deferred';
+export * from './async-queue';
--- a/packages/h264-repacketizer/.vscode/launch.json
+++ b/packages/h264-repacketizer/.vscode/launch.json
@@ -0,0 +1,23 @@
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "ts-node",
+            "type": "node",
+            "request": "launch",
+            "args": [
+                "${workspaceFolder}/test/test.ts"
+            ],
+            "runtimeArgs": [
+                "-r",
+                "ts-node/register"
+            ],
+            "cwd": "${workspaceRoot}",
+            "protocol": "inspector",
+            "internalConsoleOptions": "openOnSessionStart"
+        }
+    ]
+}
--- a/packages/h264-repacketizer/package-lock.json
+++ b/packages/h264-repacketizer/package-lock.json
@@ -1,16 +1,17 @@
 {
-  "name": "@scrypted/h264-packetizer",
+  "name": "@scrypted/h264-repacketizer",
  "version": "0.0.7",
  "lockfileVersion": 2,
  "requires": true,
  "packages": {
    "": {
-      "name": "@scrypted/h264-packetizer",
+      "name": "@scrypted/h264-repacketizer",
      "version": "0.0.7",
      "license": "ISC",
      "devDependencies": {
        "@types/node": "^18.11.18",
        "rimraf": "^4.1.1",
+        "ts-node": "^10.9.1",
        "typescript": "^4.7.4"
      }
    },
@@ -43,12 +44,121 @@
    "../sdk/types": {
      "extraneous": true
    },
+    "node_modules/@cspotcode/source-map-support": {
+      "version": "0.8.1",
+      "resolved": "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz",
+      "integrity": "sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw==",
+      "dev": true,
+      "dependencies": {
+        "@jridgewell/trace-mapping": "0.3.9"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@jridgewell/resolve-uri": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.1.tgz",
+      "integrity": "sha512-dSYZh7HhCDtCKm4QakX0xFpsRDqjjtZf/kjI/v3T3Nwt5r8/qz/M19F9ySyOqU94SXBmeG9ttTul+YnR4LOxFA==",
+      "dev": true,
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "node_modules/@jridgewell/sourcemap-codec": {
+      "version": "1.4.15",
+      "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz",
+      "integrity": "sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg==",
+      "dev": true
+    },
+    "node_modules/@jridgewell/trace-mapping": {
+      "version": "0.3.9",
+      "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz",
+      "integrity": "sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ==",
+      "dev": true,
+      "dependencies": {
+        "@jridgewell/resolve-uri": "^3.0.3",
+        "@jridgewell/sourcemap-codec": "^1.4.10"
+      }
+    },
+    "node_modules/@tsconfig/node10": {
+      "version": "1.0.9",
+      "resolved": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.9.tgz",
+      "integrity": "sha512-jNsYVVxU8v5g43Erja32laIDHXeoNvFEpX33OK4d6hljo3jDhCBDhx5dhCCTMWUojscpAagGiRkBKxpdl9fxqA==",
+      "dev": true
+    },
+    "node_modules/@tsconfig/node12": {
+      "version": "1.0.11",
+      "resolved": "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.11.tgz",
+      "integrity": "sha512-cqefuRsh12pWyGsIoBKJA9luFu3mRxCA+ORZvA4ktLSzIuCUtWVxGIuXigEwO5/ywWFMZ2QEGKWvkZG1zDMTag==",
+      "dev": true
+    },
+    "node_modules/@tsconfig/node14": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.3.tgz",
+      "integrity": "sha512-ysT8mhdixWK6Hw3i1V2AeRqZ5WfXg1G43mqoYlM2nc6388Fq5jcXyr5mRsqViLx/GJYdoL0bfXD8nmF+Zn/Iow==",
+      "dev": true
+    },
+    "node_modules/@tsconfig/node16": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.4.tgz",
+      "integrity": "sha512-vxhUy4J8lyeyinH7Azl1pdd43GJhZH/tP2weN8TntQblOY+A0XbT8DJk1/oCPuOOyg/Ja757rG0CgHcWC8OfMA==",
+      "dev": true
+    },
    "node_modules/@types/node": {
      "version": "18.11.18",
      "resolved": "https://registry.npmjs.org/@types/node/-/node-18.11.18.tgz",
      "integrity": "sha512-DHQpWGjyQKSHj3ebjFI/wRKcqQcdR+MoFBygntYOZytCqNfkd2ZC4ARDJ2DQqhjH5p85Nnd3jhUJIXrszFX/JA==",
      "dev": true
    },
+    "node_modules/acorn": {
+      "version": "8.10.0",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.10.0.tgz",
+      "integrity": "sha512-F0SAmZ8iUtS//m8DmCTA0jlh6TDKkHQyK6xc6V4KDTyZKA9dnvX9/3sRTVQrWm79glUAZbnmmNcdYwUIHWVybw==",
+      "dev": true,
+      "bin": {
+        "acorn": "bin/acorn"
+      },
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "node_modules/acorn-walk": {
+      "version": "8.2.0",
+      "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.2.0.tgz",
+      "integrity": "sha512-k+iyHEuPgSw6SbuDpGQM+06HQUa04DZ3o+F6CSzXMvvI5KMvnaEqXe+YVe555R9nn6GPt404fos4wcgpw12SDA==",
+      "dev": true,
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "node_modules/arg": {
+      "version": "4.1.3",
+      "resolved": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz",
+      "integrity": "sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA==",
+      "dev": true
+    },
+    "node_modules/create-require": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz",
+      "integrity": "sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ==",
+      "dev": true
+    },
+    "node_modules/diff": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz",
+      "integrity": "sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A==",
+      "dev": true,
+      "engines": {
+        "node": ">=0.3.1"
+      }
+    },
+    "node_modules/make-error": {
+      "version": "1.3.6",
+      "resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz",
+      "integrity": "sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==",
+      "dev": true
+    },
    "node_modules/rimraf": {
      "version": "4.1.1",
      "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-4.1.1.tgz",
@@ -64,6 +174,49 @@
        "url": "https://github.com/sponsors/isaacs"
      }
    },
+    "node_modules/ts-node": {
+      "version": "10.9.1",
+      "resolved": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.1.tgz",
+      "integrity": "sha512-NtVysVPkxxrwFGUUxGYhfux8k78pQB3JqYBXlLRZgdGUqTO5wU/UyHop5p70iEbGhB7q5KmiZiU0Y3KlJrScEw==",
+      "dev": true,
+      "dependencies": {
+        "@cspotcode/source-map-support": "^0.8.0",
+        "@tsconfig/node10": "^1.0.7",
+        "@tsconfig/node12": "^1.0.7",
+        "@tsconfig/node14": "^1.0.0",
+        "@tsconfig/node16": "^1.0.2",
+        "acorn": "^8.4.1",
+        "acorn-walk": "^8.1.1",
+        "arg": "^4.1.0",
+        "create-require": "^1.1.0",
+        "diff": "^4.0.1",
+        "make-error": "^1.1.1",
+        "v8-compile-cache-lib": "^3.0.1",
+        "yn": "3.1.1"
+      },
+      "bin": {
+        "ts-node": "dist/bin.js",
+        "ts-node-cwd": "dist/bin-cwd.js",
+        "ts-node-esm": "dist/bin-esm.js",
+        "ts-node-script": "dist/bin-script.js",
+        "ts-node-transpile-only": "dist/bin-transpile.js",
+        "ts-script": "dist/bin-script-deprecated.js"
+      },
+      "peerDependencies": {
+        "@swc/core": ">=1.2.50",
+        "@swc/wasm": ">=1.2.50",
+        "@types/node": "*",
+        "typescript": ">=2.7"
+      },
+      "peerDependenciesMeta": {
+        "@swc/core": {
+          "optional": true
+        },
+        "@swc/wasm": {
+          "optional": true
+        }
+      }
+    },
    "node_modules/typescript": {
      "version": "4.7.4",
      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.7.4.tgz",
@@ -76,26 +229,165 @@
      "engines": {
        "node": ">=4.2.0"
      }
+    },
+    "node_modules/v8-compile-cache-lib": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz",
+      "integrity": "sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg==",
+      "dev": true
+    },
+    "node_modules/yn": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz",
+      "integrity": "sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q==",
+      "dev": true,
+      "engines": {
+        "node": ">=6"
+      }
    }
  },
  "dependencies": {
+    "@cspotcode/source-map-support": {
+      "version": "0.8.1",
+      "resolved": "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz",
+      "integrity": "sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw==",
+      "dev": true,
+      "requires": {
+        "@jridgewell/trace-mapping": "0.3.9"
+      }
+    },
+    "@jridgewell/resolve-uri": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.1.tgz",
+      "integrity": "sha512-dSYZh7HhCDtCKm4QakX0xFpsRDqjjtZf/kjI/v3T3Nwt5r8/qz/M19F9ySyOqU94SXBmeG9ttTul+YnR4LOxFA==",
+      "dev": true
+    },
+    "@jridgewell/sourcemap-codec": {
+      "version": "1.4.15",
+      "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz",
+      "integrity": "sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg==",
+      "dev": true
+    },
+    "@jridgewell/trace-mapping": {
+      "version": "0.3.9",
+      "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz",
+      "integrity": "sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ==",
+      "dev": true,
+      "requires": {
+        "@jridgewell/resolve-uri": "^3.0.3",
+        "@jridgewell/sourcemap-codec": "^1.4.10"
+      }
+    },
+    "@tsconfig/node10": {
+      "version": "1.0.9",
+      "resolved": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.9.tgz",
+      "integrity": "sha512-jNsYVVxU8v5g43Erja32laIDHXeoNvFEpX33OK4d6hljo3jDhCBDhx5dhCCTMWUojscpAagGiRkBKxpdl9fxqA==",
+      "dev": true
+    },
+    "@tsconfig/node12": {
+      "version": "1.0.11",
+      "resolved": "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.11.tgz",
+      "integrity": "sha512-cqefuRsh12pWyGsIoBKJA9luFu3mRxCA+ORZvA4ktLSzIuCUtWVxGIuXigEwO5/ywWFMZ2QEGKWvkZG1zDMTag==",
+      "dev": true
+    },
+    "@tsconfig/node14": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.3.tgz",
+      "integrity": "sha512-ysT8mhdixWK6Hw3i1V2AeRqZ5WfXg1G43mqoYlM2nc6388Fq5jcXyr5mRsqViLx/GJYdoL0bfXD8nmF+Zn/Iow==",
+      "dev": true
+    },
+    "@tsconfig/node16": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.4.tgz",
+      "integrity": "sha512-vxhUy4J8lyeyinH7Azl1pdd43GJhZH/tP2weN8TntQblOY+A0XbT8DJk1/oCPuOOyg/Ja757rG0CgHcWC8OfMA==",
+      "dev": true
+    },
    "@types/node": {
      "version": "18.11.18",
      "resolved": "https://registry.npmjs.org/@types/node/-/node-18.11.18.tgz",
      "integrity": "sha512-DHQpWGjyQKSHj3ebjFI/wRKcqQcdR+MoFBygntYOZytCqNfkd2ZC4ARDJ2DQqhjH5p85Nnd3jhUJIXrszFX/JA==",
      "dev": true
    },
+    "acorn": {
+      "version": "8.10.0",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.10.0.tgz",
+      "integrity": "sha512-F0SAmZ8iUtS//m8DmCTA0jlh6TDKkHQyK6xc6V4KDTyZKA9dnvX9/3sRTVQrWm79glUAZbnmmNcdYwUIHWVybw==",
+      "dev": true
+    },
+    "acorn-walk": {
+      "version": "8.2.0",
+      "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.2.0.tgz",
+      "integrity": "sha512-k+iyHEuPgSw6SbuDpGQM+06HQUa04DZ3o+F6CSzXMvvI5KMvnaEqXe+YVe555R9nn6GPt404fos4wcgpw12SDA==",
+      "dev": true
+    },
+    "arg": {
+      "version": "4.1.3",
+      "resolved": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz",
+      "integrity": "sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA==",
+      "dev": true
+    },
+    "create-require": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz",
+      "integrity": "sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ==",
+      "dev": true
+    },
+    "diff": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz",
+      "integrity": "sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A==",
+      "dev": true
+    },
+    "make-error": {
+      "version": "1.3.6",
+      "resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz",
+      "integrity": "sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==",
+      "dev": true
+    },
    "rimraf": {
      "version": "4.1.1",
      "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-4.1.1.tgz",
      "integrity": "sha512-Z4Y81w8atcvaJuJuBB88VpADRH66okZAuEm+Jtaufa+s7rZmIz+Hik2G53kGaNytE7lsfXyWktTmfVz0H9xuDg==",
      "dev": true
    },
+    "ts-node": {
+      "version": "10.9.1",
+      "resolved": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.1.tgz",
+      "integrity": "sha512-NtVysVPkxxrwFGUUxGYhfux8k78pQB3JqYBXlLRZgdGUqTO5wU/UyHop5p70iEbGhB7q5KmiZiU0Y3KlJrScEw==",
+      "dev": true,
+      "requires": {
+        "@cspotcode/source-map-support": "^0.8.0",
+        "@tsconfig/node10": "^1.0.7",
+        "@tsconfig/node12": "^1.0.7",
+        "@tsconfig/node14": "^1.0.0",
+        "@tsconfig/node16": "^1.0.2",
+        "acorn": "^8.4.1",
+        "acorn-walk": "^8.1.1",
+        "arg": "^4.1.0",
+        "create-require": "^1.1.0",
+        "diff": "^4.0.1",
+        "make-error": "^1.1.1",
+        "v8-compile-cache-lib": "^3.0.1",
+        "yn": "3.1.1"
+      }
+    },
    "typescript": {
      "version": "4.7.4",
      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.7.4.tgz",
      "integrity": "sha512-C0WQT0gezHuw6AdY1M2jxUO83Rjf0HP7Sk1DtXj6j1EwkQNZrHAg2XPWlq62oqEhYvONq5pkC2Y9oPljWToLmQ==",
      "dev": true
+    },
+    "v8-compile-cache-lib": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz",
+      "integrity": "sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg==",
+      "dev": true
+    },
+    "yn": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz",
+      "integrity": "sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q==",
+      "dev": true
    }
  }
 }
--- a/packages/h264-repacketizer/package.json
+++ b/packages/h264-repacketizer/package.json
@@ -14,6 +14,7 @@
  "devDependencies": {
    "@types/node": "^18.11.18",
    "rimraf": "^4.1.1",
+    "ts-node": "^10.9.1",
    "typescript": "^4.7.4"
  }
 }
--- a/packages/h264-repacketizer/test/test.ts
+++ b/packages/h264-repacketizer/test/test.ts
@@ -0,0 +1,93 @@
+import { H264Repacketizer, depacketizeStapA } from '../src/index';
+import { H264_NAL_TYPE_IDR, H264_NAL_TYPE_PPS, H264_NAL_TYPE_SEI, H264_NAL_TYPE_SPS, H264_NAL_TYPE_STAP_A, RtspServer, getNaluTypesInNalu } from '../../../common/src/rtsp-server';
+import fs from 'fs';
+
+import { getNvrSessionStream } from '../../../../nvr/nvr-plugin/src/session-stream';
+
+// eslint-disable-next-line @typescript-eslint/ban-ts-comment
+// @ts-ignore
+import { RtpPacket } from '../../../external/werift/packages/rtp/src/rtp/rtp';
+
+function parse(parameters: string) {
+    const spspps = parameters.split(',');
+    // empty sprop-parameter-sets is apparently a thing:
+    //     a=fmtp:96 profile-level-id=420029; packetization-mode=1; sprop-parameter-sets=
+    if (spspps?.length !== 2) {
+        return {
+            sps: undefined,
+            pps: undefined,
+        };
+    }
+    const [sps, pps] = spspps;
+
+    return {
+        sps: Buffer.from(sps, 'base64'),
+        pps: Buffer.from(pps, 'base64'),
+    }
+}
+
+async function main() {
+    const spspps = parse('Z2QAM6wVFKAoALWQ,aO48sA==');
+    //                    Z2QAM6wVFKAoALWQ
+    //                    Z00AMpY1QEABg03BQEFQAAADABAAAAMDKEA=
+
+
+    const repacketizer = new H264Repacketizer(console, 1300, undefined);
+
+    const stream = fs.createReadStream('/Users/koush/Downloads/rtsp/1692537093973.rtsp', {
+        start: 0,
+        highWaterMark: 800000,
+    });
+
+    let rtspParser = new RtspServer(stream as any, '');
+    rtspParser.setupTracks = {
+        '0': {
+            codec: '0',
+            protocol: 'tcp',
+            control: '',
+            destination: 0,
+        },
+        '2': {
+            codec: '2',
+            protocol: 'tcp',
+            control: '',
+            destination: 2,
+        },
+    }
+    for await (const rtspSample of rtspParser.handleRecord()) {
+        if (rtspSample.type !== '0')
+            continue;
+        const rtp = RtpPacket.deSerialize(rtspSample.packet);
+        const nalus = getNaluTypesInNalu(rtp.payload);
+        if (nalus.has(H264_NAL_TYPE_SEI)) {
+            console.warn('SEI', rtp.payload)
+        }
+        if (nalus.has(H264_NAL_TYPE_SPS)) {
+            console.warn('SPS', rtp.payload, spspps.sps)
+        }
+        if (nalus.has(H264_NAL_TYPE_PPS)) {
+            console.warn('PPS', rtp.payload, spspps.sps)
+        }
+        if (nalus.has(H264_NAL_TYPE_STAP_A)) {
+            const parts = depacketizeStapA(rtp.payload);
+            console.log('stapa', parts);
+            for (const part of parts) {
+
+            }
+        }
+
+        if (nalus.has(H264_NAL_TYPE_IDR)) {
+            const h264Packetizer = new H264Repacketizer(console, 65535, spspps as any);
+            // offset the stapa packet by -1 so the sequence numbers can be reused.
+            h264Packetizer.extraPackets = -1;
+            const stapas: RtpPacket[] = [];
+            const idr = RtpPacket.deSerialize(rtspSample.packet);
+            h264Packetizer.maybeSendStapACodecInfo(idr, stapas);
+            if (stapas.length === 1) {
+                const stapa = stapas[0].serialize();
+                // console.log(stapa);
+            }
+        }
+    }
+}
+main();
--- a/packages/h264-repacketizer/tsconfig.json
+++ b/packages/h264-repacketizer/tsconfig.json
@@ -1,7 +1,7 @@
 {
    "compilerOptions": {
        "module": "commonjs",
-        "target": "ES2019",
+        "target": "ES2020",
        "noImplicitAny": true,
        "outDir": "./dist",
        "esModuleInterop": true,
@@ -10,6 +10,7 @@
        "declaration": true,
        "resolveJsonModule": true,
    },
+    "exclude": ["**/node_modules"],
    "include": [
        "src/**/*"
    ],
--- a/packages/python-client/.gitignore
+++ b/packages/python-client/.gitignore
@@ -0,0 +1 @@
+.venv
--- a/packages/python-client/.vscode/launch.json
+++ b/packages/python-client/.vscode/launch.json
@@ -0,0 +1,16 @@
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "Python: Current File",
+            "type": "python",
+            "request": "launch",
+            "program": "${workspaceFolder}/test.py",
+            "console": "integratedTerminal",
+            "justMyCode": true
+        }
+    ]
+}
--- a/packages/python-client/plugin_remote.py
+++ b/packages/python-client/plugin_remote.py
@@ -0,0 +1 @@
+../../server/python/plugin_remote.py
--- a/packages/python-client/requirements.txt
+++ b/packages/python-client/requirements.txt
@@ -0,0 +1,3 @@
+python-engineio[asyncio_client]
+aiohttp
+aiodns
--- a/packages/python-client/rpc.py
+++ b/packages/python-client/rpc.py
@@ -0,0 +1 @@
+../../server/python/rpc.py
--- a/packages/python-client/rpc_reader.py
+++ b/packages/python-client/rpc_reader.py
@@ -0,0 +1 @@
+../../server/python/rpc_reader.py
--- a/packages/python-client/scrypted_python
+++ b/packages/python-client/scrypted_python
@@ -0,0 +1 @@
+../../sdk/types/scrypted_python
--- a/packages/python-client/test.py
+++ b/packages/python-client/test.py
@@ -0,0 +1,151 @@
+from __future__ import annotations
+
+import asyncio
+import os
+from contextlib import nullcontext
+
+import aiohttp
+import engineio
+
+import plugin_remote
+import rpc_reader
+from plugin_remote import DeviceManager, MediaManager, SystemManager
+from scrypted_python.scrypted_sdk import ScryptedInterface, ScryptedStatic
+
+
+class EioRpcTransport(rpc_reader.RpcTransport):
+    def __init__(self, loop: asyncio.AbstractEventLoop):
+        super().__init__()
+        self.eio = engineio.AsyncClient(ssl_verify=False)
+        self.loop = loop
+        self.write_error: Exception = None
+        self.read_queue = asyncio.Queue()
+        self.write_queue = asyncio.Queue()
+
+        @self.eio.on("message")
+        def on_message(data):
+            self.read_queue.put_nowait(data)
+
+        asyncio.run_coroutine_threadsafe(self.send_loop(), self.loop)
+
+    async def read(self):
+        return await self.read_queue.get()
+
+    async def send_loop(self):
+        while True:
+            data = await self.write_queue.get()
+            try:
+                await self.eio.send(data)
+            except Exception as e:
+                self.write_error = e
+                self.write_queue = None
+                break
+
+    def writeBuffer(self, buffer, reject):
+        async def send():
+            try:
+                if self.write_error:
+                    raise self.write_error
+                self.write_queue.put_nowait(buffer)
+            except Exception as e:
+                reject(e)
+
+        asyncio.run_coroutine_threadsafe(send(), self.loop)
+
+    def writeJSON(self, json, reject):
+        return self.writeBuffer(json, reject)
+
+
+async def connect_scrypted_client(
+    transport: EioRpcTransport,
+    base_url: str,
+    username: str,
+    password: str,
+    plugin_id: str = "@scrypted/core",
+    session: aiohttp.ClientSession | None = None,
+) -> ScryptedStatic:
+    login_url = f"{base_url}/login"
+    login_body = {
+        "username": username,
+        "password": password,
+    }
+
+    if session:
+        cm = nullcontext(session)
+    else:
+        cm = aiohttp.ClientSession()
+
+    async with cm as _session:
+        async with _session.post(
+            login_url, verify_ssl=False, json=login_body
+        ) as response:
+            login_response = await response.json()
+
+        headers = {"Authorization": login_response["authorization"]}
+
+        await transport.eio.connect(
+            base_url,
+            headers=headers,
+            engineio_path=f"/endpoint/{plugin_id}/engine.io/api/",
+        )
+
+        ret = asyncio.Future[ScryptedStatic](loop=transport.loop)
+        peer, peerReadLoop = await rpc_reader.prepare_peer_readloop(
+            transport.loop, transport
+        )
+        peer.params["print"] = print
+
+        def callback(api, pluginId, hostInfo):
+            remote = plugin_remote.PluginRemote(
+                peer, api, pluginId, hostInfo, transport.loop
+            )
+            wrapped = remote.setSystemState
+
+            async def remoteSetSystemState(systemState):
+                await wrapped(systemState)
+
+                async def resolve():
+                    sdk = ScryptedStatic()
+                    sdk.api = api
+                    sdk.remote = remote
+                    sdk.systemManager = SystemManager(api, remote.systemState)
+                    sdk.deviceManager = DeviceManager(
+                        remote.nativeIds, sdk.systemManager
+                    )
+                    sdk.mediaManager = MediaManager(await api.getMediaManager())
+                    ret.set_result(sdk)
+
+                asyncio.run_coroutine_threadsafe(resolve(), transport.loop)
+
+            remote.setSystemState = remoteSetSystemState
+            return remote
+
+        peer.params["getRemote"] = callback
+        asyncio.run_coroutine_threadsafe(peerReadLoop(), transport.loop)
+
+        sdk = await ret
+        return sdk
+
+
+async def main():
+    transport = EioRpcTransport(asyncio.get_event_loop())
+    sdk = await connect_scrypted_client(
+        transport,
+        "https://localhost:10443",
+        os.environ["SCRYPTED_USERNAME"],
+        os.environ["SCRYPTED_PASSWORD"],
+    )
+
+    for id in sdk.systemManager.getSystemState():
+        device = sdk.systemManager.getDeviceById(id)
+        print(device.name)
+        if ScryptedInterface.OnOff.value in device.interfaces:
+            print(f"OnOff: device is {device.on}")
+
+    await transport.eio.disconnect()
+    os._exit(0)
+
+
+loop = asyncio.new_event_loop()
+asyncio.run_coroutine_threadsafe(main(), loop)
+loop.run_forever()
--- a/plugins/alexa/package-lock.json
+++ b/plugins/alexa/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@scrypted/alexa",
-   "version": "0.2.5",
+   "version": "0.2.7",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
      "": {
         "name": "@scrypted/alexa",
-         "version": "0.2.5",
+         "version": "0.2.7",
         "dependencies": {
            "axios": "^1.3.4",
            "uuid": "^9.0.0"
@@ -18,7 +18,7 @@
      },
      "../../sdk": {
         "name": "@scrypted/sdk",
-         "version": "0.2.101",
+         "version": "0.2.104",
         "dev": true,
         "license": "ISC",
         "dependencies": {
--- a/plugins/alexa/package.json
+++ b/plugins/alexa/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@scrypted/alexa",
-   "version": "0.2.5",
+   "version": "0.2.8",
   "scripts": {
      "scrypted-setup-project": "scrypted-setup-project",
      "prescrypted-setup-project": "scrypted-package-json",
--- a/plugins/alexa/src/main.ts
+++ b/plugins/alexa/src/main.ts
@@ -392,14 +392,21 @@ class AlexaPlugin extends ScryptedDeviceBase implements HttpRequestHandler, Mixi
        })
    }

+    private setReauthenticateAlert() {
+        const msg: string = "Please reauthenticate by following the directions below.";
+        this.log.a(msg);
+    }
+
    getAccessToken(): Promise<string> {
        if (this.accessToken)
            return this.accessToken;

+        this.log.clearAlerts();
+
        const { tokenInfo } = this.storageSettings.values;

        if (tokenInfo === undefined) {
-            this.log.e("Please reauthenticate by following the directions below.");
+            this.setReauthenticateAlert();
            throw new Error("'tokenInfo' is undefined");
        }

@@ -432,19 +439,19 @@ class AlexaPlugin extends ScryptedDeviceBase implements HttpRequestHandler, Mixi
                    case 'invalid_grant':
                    case 'unauthorized_client':
                        self.console.error(error?.response?.data);
-                        self.log.e(error?.response?.data?.error_description);
+                        self.log.a(error?.response?.data?.error_description);
                        self.storageSettings.values.tokenInfo = undefined;
                        self.accessToken = undefined;
                        break;

                    case 'authorization_pending':
                        self.console.warn(error?.response?.data);
-                        self.log.w(error?.response?.data?.error_description);
+                        self.log.a(error?.response?.data?.error_description);
                        break;
                    
                    case 'expired_token':
                        self.console.warn(error?.response?.data);
-                        self.log.w(error?.response?.data?.error_description);
+                        self.log.a(error?.response?.data?.error_description);
                        self.accessToken = undefined;
                        break;

@@ -488,6 +495,8 @@ class AlexaPlugin extends ScryptedDeviceBase implements HttpRequestHandler, Mixi
        });

        if (accessToken !== undefined) {
+            this.log.clearAlerts();
+            
            try {
                response.send({
                    "event": {
--- a/plugins/alexa/src/types/camera/capabilities.ts
+++ b/plugins/alexa/src/types/camera/capabilities.ts
@@ -120,7 +120,7 @@ export async function getCameraCapabilities(device: ScryptedDevice): Promise<Dis
            "interface": "Alexa.RTCSessionController",
            "version": "3",
            "configuration": {
-                isFullDuplexAudioSupported: true,
+                "isFullDuplexAudioSupported": true,
            }
        } as DiscoveryCapability
    ];
--- a/plugins/alexa/src/types/camera/handlers.ts
+++ b/plugins/alexa/src/types/camera/handlers.ts
@@ -7,10 +7,19 @@ import { Response, WebRTCAnswerGeneratedForSessionEvent, WebRTCSessionConnectedE

 export class AlexaSignalingSession implements RTCSignalingSession {
    constructor(public response: AlexaHttpResponse, public directive: any) {
+        this.options = this.createOptions();
+        this.__proxy_props = { options: this.createOptions() };
    }

+    __proxy_props: { options: RTCSignalingOptions; };
+    options: RTCSignalingOptions;
+    
    async getOptions(): Promise<RTCSignalingOptions> {
-        return {
+        return this.options;
+    }
+
+    private createOptions() {
+        const options: RTCSignalingOptions = {
            proxy: true,
            offer: {
                type: 'offer',
@@ -24,7 +33,9 @@ export class AlexaSignalingSession implements RTCSignalingSession {
                width: 1280,
                height: 720
            }
-        }
+        };
+
+        return options;
    }

    async createLocalDescription(type: "offer" | "answer", setup: RTCAVSignalingSetup, sendIceCandidate: RTCSignalingSendIceCandidate): Promise<RTCSessionDescriptionInit> {
--- a/plugins/alexa/src/types/doorbell.ts
+++ b/plugins/alexa/src/types/doorbell.ts
@@ -6,11 +6,11 @@ import { supportedTypes } from ".";
 supportedTypes.set(ScryptedDeviceType.Doorbell, {
    async discover(device: ScryptedDevice): Promise<Partial<DiscoveryEndpoint>> {
        let capabilities: any[] = [];
-        let category: DisplayCategory = 'DOORBELL';
+        const displayCategories: DisplayCategory[] = [];

        if (device.interfaces.includes(ScryptedInterface.RTCSignalingChannel)) {
            capabilities = await getCameraCapabilities(device);
-            category = 'CAMERA';
+            displayCategories.push('CAMERA');
        }

        if (device.interfaces.includes(ScryptedInterface.BinarySensor)) {
@@ -24,8 +24,11 @@ supportedTypes.set(ScryptedDeviceType.Doorbell, {
            );
        }

+        //  Important: If your device is a video doorbell, make sure that you list CAMERA before DOORBELL in the displayCategories list.
+        displayCategories.push('DOORBELL');
+
        return {
-            displayCategories: [category],
+            displayCategories,
            capabilities
        };
    },
@@ -38,6 +41,9 @@ supportedTypes.set(ScryptedDeviceType.Doorbell, {
        if (response)
            return response;
        
+        if (eventDetails.eventInterface === ScryptedInterface.BinarySensor && eventData === false)
+            return {};
+
        if (eventDetails.eventInterface === ScryptedInterface.BinarySensor && eventData === true)
            return {
                event: {
--- a/plugins/alexa/tsconfig.json
+++ b/plugins/alexa/tsconfig.json
@@ -1,6 +1,6 @@
 {
    "compilerOptions": {
-        "module": "commonjs",
+        "module": "Node16",
        "target": "ES2021",
        "resolveJsonModule": true,
        "moduleResolution": "Node16",
--- a/plugins/amcrest/package-lock.json
+++ b/plugins/amcrest/package-lock.json
@@ -1,26 +1,25 @@
 {
   "name": "@scrypted/amcrest",
-   "version": "0.0.122",
-   "lockfileVersion": 2,
+   "version": "0.0.127",
+   "lockfileVersion": 3,
   "requires": true,
   "packages": {
      "": {
         "name": "@scrypted/amcrest",
-         "version": "0.0.122",
+         "version": "0.0.127",
         "license": "Apache",
         "dependencies": {
            "@koush/axios-digest-auth": "^0.8.5",
            "@scrypted/common": "file:../../common",
            "@scrypted/sdk": "file:../../sdk",
            "@types/multiparty": "^0.0.33",
-            "multiparty": "^4.2.2"
+            "multiparty": "^4.2.3"
         },
         "devDependencies": {
-            "@types/node": "^18.15.11"
+            "@types/node": "^18.16.18"
         }
      },
      "../../common": {
-         "name": "@scrypted/common",
         "version": "1.0.1",
         "license": "ISC",
         "dependencies": {
@@ -35,8 +34,7 @@
         }
      },
      "../../sdk": {
-         "name": "@scrypted/sdk",
-         "version": "0.2.87",
+         "version": "0.2.103",
         "license": "ISC",
         "dependencies": {
            "@babel/preset-typescript": "^7.18.6",
@@ -71,9 +69,6 @@
            "typedoc": "^0.23.21"
         }
      },
-      "../sdk": {
-         "extraneous": true
-      },
      "node_modules/@koush/axios-digest-auth": {
         "version": "0.8.5",
         "resolved": "https://registry.npmjs.org/@koush/axios-digest-auth/-/axios-digest-auth-0.8.5.tgz",
@@ -100,9 +95,9 @@
         }
      },
      "node_modules/@types/node": {
-         "version": "18.15.11",
-         "resolved": "https://registry.npmjs.org/@types/node/-/node-18.15.11.tgz",
-         "integrity": "sha512-E5Kwq2n4SbMzQOn6wnmBjuK9ouqlURrcZDVfbo9ftDDTFt3nk7ZKK4GMOzoYgnpQJKcxwQw+lGaBvvlMo0qN/Q=="
+         "version": "18.16.18",
+         "resolved": "https://registry.npmjs.org/@types/node/-/node-18.16.18.tgz",
+         "integrity": "sha512-/aNaQZD0+iSBAGnvvN2Cx92HqE5sZCPZtx2TsK+4nvV23fFe09jVDvpArXr2j9DnYlzuU9WuoykDDc6wqvpNcw=="
      },
      "node_modules/auth-header": {
         "version": "1.0.0",
@@ -120,15 +115,15 @@
      "node_modules/depd": {
         "version": "1.1.2",
         "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz",
-         "integrity": "sha1-m81S4UwJd2PnSbJ0xDRu0uVgtak=",
+         "integrity": "sha512-7emPTl6Dpo6JRXOXjLRxck+FlLRX5847cLKEn00PLAgc3g2hTZZgr+e4c2v6QpSmLeFP3n5yUo7ft6avBK/5jQ==",
         "engines": {
            "node": ">= 0.6"
         }
      },
      "node_modules/follow-redirects": {
-         "version": "1.14.9",
-         "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.9.tgz",
-         "integrity": "sha512-MQDfihBQYMcyy5dhRDJUHcw7lb2Pv/TuE6xP1vyraLukNDHKbDxDNaOE3NbCAdKQApno+GPRyo1YAp89yCjK4w==",
+         "version": "1.15.2",
+         "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.2.tgz",
+         "integrity": "sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA==",
         "funding": [
            {
               "type": "individual",
@@ -145,15 +140,15 @@
         }
      },
      "node_modules/http-errors": {
-         "version": "1.8.0",
-         "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.8.0.tgz",
-         "integrity": "sha512-4I8r0C5JDhT5VkvI47QktDW75rNlGVsUf/8hzjCC/wkWI/jdTRmBb9aI7erSG82r1bjKY3F6k28WnsVxB1C73A==",
+         "version": "1.8.1",
+         "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.8.1.tgz",
+         "integrity": "sha512-Kpk9Sm7NmI+RHhnj6OIWDI1d6fIoFAtFt9RLaTMRlg/8w49juAStsrBgp0Dp4OdxdVbRIeKhtCUvoi/RuAhO4g==",
         "dependencies": {
            "depd": "~1.1.2",
            "inherits": "2.0.4",
            "setprototypeof": "1.2.0",
            "statuses": ">= 1.5.0 < 2",
-            "toidentifier": "1.0.0"
+            "toidentifier": "1.0.1"
         },
         "engines": {
            "node": ">= 0.6"
@@ -165,11 +160,11 @@
         "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
      },
      "node_modules/multiparty": {
-         "version": "4.2.2",
-         "resolved": "https://registry.npmjs.org/multiparty/-/multiparty-4.2.2.tgz",
-         "integrity": "sha512-NtZLjlvsjcoGrzojtwQwn/Tm90aWJ6XXtPppYF4WmOk/6ncdwMMKggFY2NlRRN9yiCEIVxpOfPWahVEG2HAG8Q==",
+         "version": "4.2.3",
+         "resolved": "https://registry.npmjs.org/multiparty/-/multiparty-4.2.3.tgz",
+         "integrity": "sha512-Ak6EUJZuhGS8hJ3c2fY6UW5MbkGUPMBEGd13djUzoY/BHqV/gTuFWtC6IuVA7A2+v3yjBS6c4or50xhzTQZImQ==",
         "dependencies": {
-            "http-errors": "~1.8.0",
+            "http-errors": "~1.8.1",
            "safe-buffer": "5.2.1",
            "uid-safe": "2.1.5"
         },
@@ -180,7 +175,7 @@
      "node_modules/random-bytes": {
         "version": "1.0.0",
         "resolved": "https://registry.npmjs.org/random-bytes/-/random-bytes-1.0.0.tgz",
-         "integrity": "sha1-T2ih3Arli9P7lYSMMDJNt11kNgs=",
+         "integrity": "sha512-iv7LhNVO047HzYR3InF6pUcUsPQiHTM1Qal51DcGSuZFBil1aBBWG5eHPNek7bvILMaYJ/8RU1e8w1AMdHmLQQ==",
         "engines": {
            "node": ">= 0.8"
         }
@@ -212,15 +207,15 @@
      "node_modules/statuses": {
         "version": "1.5.0",
         "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz",
-         "integrity": "sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow=",
+         "integrity": "sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA==",
         "engines": {
            "node": ">= 0.6"
         }
      },
      "node_modules/toidentifier": {
-         "version": "1.0.0",
-         "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.0.tgz",
-         "integrity": "sha512-yaOH/Pk/VEhBWWTlhI+qXxDFXlejDGcQipMlyxda9nthulaxLZUNcUqFxokp0vcYnvteJln5FNQDRrxj3YcbVw==",
+         "version": "1.0.1",
+         "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz",
+         "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==",
         "engines": {
            "node": ">=0.6"
         }
@@ -236,147 +231,5 @@
            "node": ">= 0.8"
         }
      }
-   },
-   "dependencies": {
-      "@koush/axios-digest-auth": {
-         "version": "0.8.5",
-         "resolved": "https://registry.npmjs.org/@koush/axios-digest-auth/-/axios-digest-auth-0.8.5.tgz",
-         "integrity": "sha512-EZMM0gMJ3hMUD4EuUqSwP6UGt5Vmw2TZtY7Ypec55AnxkExSXM0ySgPtqkAcnL43g1R27yAg/dQL7dRTLMqO3Q==",
-         "requires": {
-            "auth-header": "^1.0.0",
-            "axios": "^0.21.4"
-         }
-      },
-      "@scrypted/common": {
-         "version": "file:../../common",
-         "requires": {
-            "@scrypted/sdk": "file:../sdk",
-            "@scrypted/server": "file:../server",
-            "@types/node": "^16.9.0",
-            "http-auth-utils": "^3.0.2",
-            "node-fetch-commonjs": "^3.1.1",
-            "typescript": "^4.4.3"
-         }
-      },
-      "@scrypted/sdk": {
-         "version": "file:../../sdk",
-         "requires": {
-            "@babel/preset-typescript": "^7.18.6",
-            "@types/node": "^18.11.18",
-            "@types/stringify-object": "^4.0.0",
-            "adm-zip": "^0.4.13",
-            "axios": "^0.21.4",
-            "babel-loader": "^9.1.0",
-            "babel-plugin-const-enum": "^1.1.0",
-            "esbuild": "^0.15.9",
-            "ncp": "^2.0.0",
-            "raw-loader": "^4.0.2",
-            "rimraf": "^3.0.2",
-            "stringify-object": "^3.3.0",
-            "tmp": "^0.2.1",
-            "ts-loader": "^9.4.2",
-            "ts-node": "^10.4.0",
-            "typedoc": "^0.23.21",
-            "typescript": "^4.9.4",
-            "webpack": "^5.75.0",
-            "webpack-bundle-analyzer": "^4.5.0"
-         }
-      },
-      "@types/multiparty": {
-         "version": "0.0.33",
-         "resolved": "https://registry.npmjs.org/@types/multiparty/-/multiparty-0.0.33.tgz",
-         "integrity": "sha512-Il6cJUpSqgojT7NxbVJUvXkCblm50/yEJYtblISDsNIeNYf4yMAhdizzidUk6h8pJ8yhwK/3Fkb+3Dwcgtwl8w==",
-         "requires": {
-            "@types/node": "*"
-         }
-      },
-      "@types/node": {
-         "version": "18.15.11",
-         "resolved": "https://registry.npmjs.org/@types/node/-/node-18.15.11.tgz",
-         "integrity": "sha512-E5Kwq2n4SbMzQOn6wnmBjuK9ouqlURrcZDVfbo9ftDDTFt3nk7ZKK4GMOzoYgnpQJKcxwQw+lGaBvvlMo0qN/Q=="
-      },
-      "auth-header": {
-         "version": "1.0.0",
-         "resolved": "https://registry.npmjs.org/auth-header/-/auth-header-1.0.0.tgz",
-         "integrity": "sha512-CPPazq09YVDUNNVWo4oSPTQmtwIzHusZhQmahCKvIsk0/xH6U3QsMAv3sM+7+Q0B1K2KJ/Q38OND317uXs4NHA=="
-      },
-      "axios": {
-         "version": "0.21.4",
-         "resolved": "https://registry.npmjs.org/axios/-/axios-0.21.4.tgz",
-         "integrity": "sha512-ut5vewkiu8jjGBdqpM44XxjuCjq9LAKeHVmoVfHVzy8eHgxxq8SbAVQNovDA8mVi05kP0Ea/n/UzcSHcTJQfNg==",
-         "requires": {
-            "follow-redirects": "^1.14.0"
-         }
-      },
-      "depd": {
-         "version": "1.1.2",
-         "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz",
-         "integrity": "sha1-m81S4UwJd2PnSbJ0xDRu0uVgtak="
-      },
-      "follow-redirects": {
-         "version": "1.14.9",
-         "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.9.tgz",
-         "integrity": "sha512-MQDfihBQYMcyy5dhRDJUHcw7lb2Pv/TuE6xP1vyraLukNDHKbDxDNaOE3NbCAdKQApno+GPRyo1YAp89yCjK4w=="
-      },
-      "http-errors": {
-         "version": "1.8.0",
-         "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.8.0.tgz",
-         "integrity": "sha512-4I8r0C5JDhT5VkvI47QktDW75rNlGVsUf/8hzjCC/wkWI/jdTRmBb9aI7erSG82r1bjKY3F6k28WnsVxB1C73A==",
-         "requires": {
-            "depd": "~1.1.2",
-            "inherits": "2.0.4",
-            "setprototypeof": "1.2.0",
-            "statuses": ">= 1.5.0 < 2",
-            "toidentifier": "1.0.0"
-         }
-      },
-      "inherits": {
-         "version": "2.0.4",
-         "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
-         "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
-      },
-      "multiparty": {
-         "version": "4.2.2",
-         "resolved": "https://registry.npmjs.org/multiparty/-/multiparty-4.2.2.tgz",
-         "integrity": "sha512-NtZLjlvsjcoGrzojtwQwn/Tm90aWJ6XXtPppYF4WmOk/6ncdwMMKggFY2NlRRN9yiCEIVxpOfPWahVEG2HAG8Q==",
-         "requires": {
-            "http-errors": "~1.8.0",
-            "safe-buffer": "5.2.1",
-            "uid-safe": "2.1.5"
-         }
-      },
-      "random-bytes": {
-         "version": "1.0.0",
-         "resolved": "https://registry.npmjs.org/random-bytes/-/random-bytes-1.0.0.tgz",
-         "integrity": "sha1-T2ih3Arli9P7lYSMMDJNt11kNgs="
-      },
-      "safe-buffer": {
-         "version": "5.2.1",
-         "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
-         "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ=="
-      },
-      "setprototypeof": {
-         "version": "1.2.0",
-         "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz",
-         "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw=="
-      },
-      "statuses": {
-         "version": "1.5.0",
-         "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz",
-         "integrity": "sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow="
-      },
-      "toidentifier": {
-         "version": "1.0.0",
-         "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.0.tgz",
-         "integrity": "sha512-yaOH/Pk/VEhBWWTlhI+qXxDFXlejDGcQipMlyxda9nthulaxLZUNcUqFxokp0vcYnvteJln5FNQDRrxj3YcbVw=="
-      },
-      "uid-safe": {
-         "version": "2.1.5",
-         "resolved": "https://registry.npmjs.org/uid-safe/-/uid-safe-2.1.5.tgz",
-         "integrity": "sha512-KPHm4VL5dDXKz01UuEd88Df+KzynaohSL9fBh096KWAxSKZQDI2uBrVqtvRM4rwrIrRRKsdLNML/lnaaVSRioA==",
-         "requires": {
-            "random-bytes": "~1.0.0"
-         }
-      }
   }
 }
--- a/plugins/amcrest/package.json
+++ b/plugins/amcrest/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@scrypted/amcrest",
-   "version": "0.0.122",
+   "version": "0.0.127",
   "description": "Amcrest Plugin for Scrypted",
   "author": "Scrypted",
   "license": "Apache",
@@ -39,9 +39,9 @@
      "@scrypted/common": "file:../../common",
      "@scrypted/sdk": "file:../../sdk",
      "@types/multiparty": "^0.0.33",
-      "multiparty": "^4.2.2"
+      "multiparty": "^4.2.3"
   },
   "devDependencies": {
-      "@types/node": "^18.15.11"
+      "@types/node": "^18.16.18"
   }
 }
--- a/plugins/amcrest/src/amcrest-api.ts
+++ b/plugins/amcrest/src/amcrest-api.ts
@@ -71,6 +71,7 @@ export class AmcrestCameraClient {
            method: "GET",
            responseType: 'arraybuffer',
            url: `http://${this.ip}/cgi-bin/snapshot.cgi`,
+            timeout: 60000,
        });

        return Buffer.from(response.data);
--- a/plugins/amcrest/src/main.ts
+++ b/plugins/amcrest/src/main.ts
@@ -95,6 +95,7 @@ class AmcrestCamera extends RtspSmartCamera implements VideoCameraConfiguration,
        for (const element of deviceParameters) {
            try {
                const response = await this.getClient().digestAuth.request({
+                    httpsAgent: amcrestHttpsAgent,
                    url: `http://${this.getHttpAddress()}/cgi-bin/magicBox.cgi?action=${element.action}`
                });

@@ -147,6 +148,7 @@ class AmcrestCamera extends RtspSmartCamera implements VideoCameraConfiguration,
            return;

        const response = await this.getClient().digestAuth.request({
+            httpsAgent: amcrestHttpsAgent,
            url: `http://${this.getHttpAddress()}/cgi-bin/configManager.cgi?action=setConfig&${params}`
        });
        this.console.log('reconfigure result', response.data);
@@ -190,14 +192,11 @@ class AmcrestCamera extends RtspSmartCamera implements VideoCameraConfiguration,
                || event === AmcrestEvent.PhoneCallDetectStart
                || event === AmcrestEvent.AlarmIPCStart
                || event === AmcrestEvent.DahuaTalkInvite) {
-                if (event === AmcrestEvent.DahuaTalkInvite && payload && multipleCallIds)
-                {
-                    if (payload.includes(callerId))
-                    {
+                if (event === AmcrestEvent.DahuaTalkInvite && payload && multipleCallIds) {
+                    if (payload.includes(callerId)) {
                        this.binaryState = true;
                    }
-                } else 
-                {
+                } else {
                    this.binaryState = true;
                }
            }
@@ -259,25 +258,23 @@ class AmcrestCamera extends RtspSmartCamera implements VideoCameraConfiguration,

        if (!twoWayAudio)
            twoWayAudio = isDoorbell ? 'Amcrest' : 'None';
-        
-        
-        if (doorbellType == DAHUA_DOORBELL_TYPE)
-        {
+
+
+        if (doorbellType == DAHUA_DOORBELL_TYPE) {
            ret.push(
-               {
-                title: 'Multiple Call Buttons',
-                key: 'multipleCallIds',
-                description: 'Some Dahua Doorbells integrate multiple Call Buttons for apartment buildings.',
-                type: 'boolean',
-                value: (this.storage.getItem('multipleCallIds') === 'true').toString(),
-               } 
+                {
+                    title: 'Multiple Call Buttons',
+                    key: 'multipleCallIds',
+                    description: 'Some Dahua Doorbells integrate multiple Call Buttons for apartment buildings.',
+                    type: 'boolean',
+                    value: (this.storage.getItem('multipleCallIds') === 'true').toString(),
+                }
            );
        }

        const multipleCallIds = this.storage.getItem('multipleCallIds');

-        if (multipleCallIds)
-        {
+        if (multipleCallIds) {
            ret.push(
                {
                    title: 'Caller ID',
@@ -288,7 +285,7 @@ class AmcrestCamera extends RtspSmartCamera implements VideoCameraConfiguration,
                }
            )
        }
-        
+

        ret.push(
            {
@@ -309,11 +306,11 @@ class AmcrestCamera extends RtspSmartCamera implements VideoCameraConfiguration,
        );

        return ret;
-        
+
    }
-    
-    
-    
+
+
+

    async takeSmartCameraPicture(option?: PictureOptions): Promise<MediaObject> {
        return this.createMediaObject(await this.getClient().jpegSnapshot(), 'image/jpeg');
@@ -401,11 +398,11 @@ class AmcrestCamera extends RtspSmartCamera implements VideoCameraConfiguration,
                            ?.replace('.', '')?.toLowerCase()?.trim();
                        if (audioCodec?.includes('aac'))
                            audioCodec = 'aac';
-                        else if (audioCodec.includes('g711a'))
+                        else if (audioCodec?.includes('g711a'))
                            audioCodec = 'pcm_alaw';
-                        else if (audioCodec.includes('g711u'))
+                        else if (audioCodec?.includes('g711u'))
                            audioCodec = 'pcm_ulaw';
-                        else if (audioCodec.includes('g711'))
+                        else if (audioCodec?.includes('g711'))
                            audioCodec = 'pcm';

                        if (vso.audio)
@@ -490,7 +487,7 @@ class AmcrestCamera extends RtspSmartCamera implements VideoCameraConfiguration,
        this.videoStreamOptions = undefined;

        super.putSetting(key, value);
-       
+
        this.updateDevice();
        this.updateDeviceInfo();
    }
@@ -639,6 +636,7 @@ class AmcrestProvider extends RtspProvider {
        device.setHttpPortOverride(settings.httpPort?.toString());
        if (twoWayAudio)
            device.putSetting('twoWayAudio', twoWayAudio);
+        device.updateDeviceInfo();
        return nativeId;
    }

--- a/plugins/arlo/README.md
+++ b/plugins/arlo/README.md
@@ -1,15 +1,43 @@
 # Arlo Plugin for Scrypted

-The Arlo Plugin connects Scrypted to Arlo cloud, allowing you to access all of your Arlo cameras in Scrypted.
+The Arlo Plugin connects Scrypted to Arlo Cloud, allowing you to access all of your Arlo cameras in Scrypted.

-It is highly recommended to create a dedicated Arlo account for use with this plugin and share your cameras from your main account, as Arlo only permits one connection to their servers per account. Using a separate account allows you to use the Arlo app or website simultaneously with this plugin.
+It is highly recommended to create a dedicated Arlo account for use with this plugin and share your cameras from your main account, as Arlo only permits one active login to their servers per account. Using a separate account allows you to use the Arlo app or website simultaneously with this plugin, otherwise logging in from one place will log you out from all other devices.

 The account you use for this plugin must have either SMS or email set as the default 2FA option. Once you enter your username and password on the plugin settings page, you should receive a 2FA code through your default 2FA option. Enter that code into the provided box, and your cameras will appear in Scrypted. Or, see below for configuring IMAP to auto-login with 2FA.

 If you experience any trouble logging in, clear the username and password boxes, reload the plugin, and try again.

+If you are unable to see shared cameras in your separate Arlo account, ensure that both your primary and secondary accounts are upgraded according to this [forum post](https://web.archive.org/web/20230710141914/https://community.arlo.com/t5/Arlo-Secure/Invited-friend-cannot-see-devices-on-their-dashboard-Arlo-Pro-2/m-p/1889396#M1813). Verify the sharing worked by logging in via the Arlo web dashboard.
+
+**If you add or remove cameras from your main Arlo account, or share/un-share/re-share cameras with the Arlo account used with this plugin, ensure that you reload this plugin to get the updated camera state from Arlo Cloud.**
+
+## General Setup Notes
+
+* Ensure that your Arlo account's default 2FA option is set to either SMS or email.
+* Motion events notifications should be turned on in the Arlo app. If you are receiving motion push notifications, Scrypted will also receive motion events.
+* Disable smart detection and any cloud/local recording in the Arlo app. Arlo Cloud only permits one active stream per camera, so any smart detection or recording features may prevent downstream plugins (e.g. Homekit) from successfully pulling the video feed after a motion event.
+* It is highly recommended to enable the Rebroadcast plugin to allow multiple downstream plugins to pull the video feed within Scrypted.
+* If there is no audio on your camera, switch to the `FFmpeg (TCP)` parser under the `Cloud RTSP` settings.
+* Prebuffering should only be enabled if the camera is wired to a persistent power source, such as a wall outlet. Prebuffering will only work if your camera does not have a battery or `Plugged In to External Power` is selected.
+* The plugin supports pulling RTSP or DASH streams from Arlo Cloud. It is recommended to use RTSP for the lowest latency streams. DASH is inconsistent in reliability, and may return finicky codecs that require additional FFmpeg output arguments, e.g. `-vcodec h264`. *Note that both RTSP and DASH will ultimately pull the same video stream feed from your camera, and they cannot both be used at the same time due to the single stream limitation.*
+
+Note that streaming cameras uses extra Internet bandwidth, since video and audio packets will need to travel from the camera through your network, out to Arlo Cloud, and then back to your network and into Scrypted.
+
 ## IMAP 2FA

 The Arlo Plugin supports using the IMAP protocol to check an email mailbox for Arlo 2FA codes. This requires you to specify an email 2FA option as the default in your Arlo account settings.

-The plugin should work with any mailbox that supports IMAP, but so far has been tested with Gmail. To configure a Gmail mailbox, see [here](https://support.google.com/mail/answer/7126229?hl=en) to see the Gmail IMAP settings, and [here](https://support.google.com/accounts/answer/185833?hl=en) to create an App Password. Enter the App Password in place of your normal Gmail password.
+The plugin should work with any mailbox that supports IMAP, but so far has been tested with Gmail. To configure a Gmail mailbox, see [here](https://support.google.com/mail/answer/7126229?hl=en) to see the Gmail IMAP settings, and [here](https://support.google.com/accounts/answer/185833?hl=en) to create an App Password. Enter the App Password in place of your normal Gmail password.
+
+The plugin searches for emails sent by Arlo's `do_not_reply@arlo.com` address when looking for 2FA codes. If you are using a service to forward emails to the mailbox registered with this plugin (e.g. a service like iCloud's Hide My Email), it is possible that Arlo's email sender address has been overwritten by the mail forwarder. Check the email registered with this plugin to see what address the mail forwarder uses to replace Arlo's sender address, and update that in the IMAP 2FA settings.
+
+## Virtual Security System for Arlo Sirens
+
+In external integrations like Homekit, sirens are exposed as simple on-off switches. This makes it easy to accidentally hit the switch when using the Home app. The Arlo Plugin creates a "virtual" security system device per siren to allow Scrypted to arm or disarm the siren switch to protect against accidental triggers. This fake security system device will be synced into Homekit as a separate accessory from the camera, with the siren itself merged into the security system accessory.
+
+Note that the virtual security system is NOT tied to your Arlo account at all, and will not make any changes such as switching your device's motion alert armed/disarmed modes. For more information, please see the README on the virtual security system device in Scrypted.
+
+## Video Clips
+
+The Arlo Plugin will show video clips available in Arlo Cloud for cameras with cloud recording enabled. These clips are not downloaded onto your Scrypted server, but rather streamed on-demand. Deleting clips is not available in Scrypted and should be done through the Arlo app or the Arlo web dashboard.
--- a/plugins/arlo/package-lock.json
+++ b/plugins/arlo/package-lock.json
@@ -1,19 +1,20 @@
 {
   "name": "@scrypted/arlo",
-   "version": "0.7.21",
+   "version": "0.8.26",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
      "": {
         "name": "@scrypted/arlo",
-         "version": "0.7.21",
+         "version": "0.8.26",
+         "license": "Apache",
         "devDependencies": {
            "@scrypted/sdk": "file:../../sdk"
         }
      },
      "../../sdk": {
         "name": "@scrypted/sdk",
-         "version": "0.2.101",
+         "version": "0.2.104",
         "dev": true,
         "license": "ISC",
         "dependencies": {
--- a/plugins/arlo/package.json
+++ b/plugins/arlo/package.json
@@ -1,7 +1,8 @@
 {
   "name": "@scrypted/arlo",
-   "version": "0.7.21",
+   "version": "0.8.26",
   "description": "Arlo Plugin for Scrypted",
+   "license": "Apache",
   "keywords": [
      "scrypted",
      "plugin",
--- a/plugins/arlo/src/arlo_plugin/arlo/arlo_async.py
+++ b/plugins/arlo/src/arlo_plugin/arlo/arlo_async.py
@@ -41,6 +41,7 @@ import math
 import random
 import time
 import uuid
+from urllib.parse import urlparse, parse_qs

 stream_class = MQTTStream

@@ -74,20 +75,35 @@ USER_AGENTS = {
        "Gecko/20100101 Firefox/85.0",
    "linux":
        "Mozilla/5.0 (X11; Linux x86_64) "
-        "AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.96 Safari/537.36"
+        "AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.96 Safari/537.36",
+
+    # extracted from cloudscraper as a working UA for cloudflare
+    "android":
+        "Mozilla/5.0 (Linux; U; Android 8.1.0; zh-cn; PACM00 Build/O11019) "
+        "AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/57.0.2987.132 MQQBrowser/8.8 Mobile Safari/537.36"
+}
+
+# user agents for media players, e.g. the android app
+MEDIA_USER_AGENTS = {
+    "android": "ijkplayer-android-4.5_28538"
 }


 class Arlo(object):
    BASE_URL = 'my.arlo.com'
    AUTH_URL = 'ocapi-app.arlo.com'
+    BACKUP_AUTH_HOSTS = ["NTIuMzEuMTU3LjE4MQ==","MzQuMjQ4LjE1My42OQ==","My4yNDguMTI4Ljc3","MzQuMjQ2LjE0LjI5"]
+    #BACKUP_AUTH_HOSTS = BACKUP_AUTH_HOSTS[2:3]
    TRANSID_PREFIX = 'web'

+    random.shuffle(BACKUP_AUTH_HOSTS)
+
    def __init__(self, username, password):
        self.username = username
        self.password = password
        self.event_stream = None
-        self.request = Request()
+        self.request = None
+        self.logged_in = False

    def to_timestamp(self, dt):
        if sys.version[0] == '2':
@@ -136,8 +152,10 @@ class Arlo(object):
        self.user_id = user_id
        headers['Content-Type'] = 'application/json; charset=UTF-8'
        headers['User-Agent'] = USER_AGENTS['arlo']
+        self.request = Request(mode="cloudscraper")
        self.request.session.headers.update(headers)
        self.BASE_URL = 'myapi.arlo.com'
+        self.logged_in = True

    def LoginMFA(self):
        device_id = str(uuid.uuid4())
@@ -146,7 +164,6 @@ class Arlo(object):
            'schemaVersion': '1',
            'Auth-Version': '2',
            'Content-Type': 'application/json; charset=UTF-8',
-            'User-Agent': USER_AGENTS['arlo'],
            'Origin': f'https://{self.BASE_URL}',
            'Referer': f'https://{self.BASE_URL}/',
            'Source': 'arloCamWeb',
@@ -159,6 +176,7 @@ class Arlo(object):

        self.request = Request()
        try:
+            #raise Exception("testing backup hosts")
            auth_host = self.AUTH_URL
            self.request.options(f'https://{auth_host}/api/auth', headers=headers)
            logger.info("Using primary authentication host")
@@ -166,13 +184,11 @@ class Arlo(object):
            # in case cloudflare rejects our auth request...
            logger.warning(f"Using fallback authentication host due to: {e}")

-            backup_hosts = list(scrypted_arlo_go.BACKUP_AUTH_HOSTS())
-            random.shuffle(backup_hosts)
-
            auth_host = pick_host([
                base64.b64decode(h.encode("utf-8")).decode("utf-8")
-                for h in backup_hosts
+                for h in self.BACKUP_AUTH_HOSTS
            ], self.AUTH_URL, "/api/auth")
+            logger.debug(f"Selected backup authentication host {auth_host}")

            self.request = Request(mode="ip")

@@ -200,10 +216,15 @@ class Arlo(object):
            raw=True
        )
        factor_id = next(
-            i for i in factors_body['data']['items']
-            if (i['factorType'] == 'EMAIL' or i['factorType'] == 'SMS')
-            and i['factorRole'] == "PRIMARY"
-        )['factorId']
+            iter([
+                i for i in factors_body['data']['items']
+                if (i['factorType'] == 'EMAIL' or i['factorType'] == 'SMS')
+                and i['factorRole'] == "PRIMARY"
+            ]),
+            {}
+        ).get('factorId')
+        if not factor_id:
+            raise Exception("Could not find valid 2FA method - is the primary 2FA set to either Email or SMS?")

        # Start factor auth
        start_auth_body = self.request.post(
@@ -227,7 +248,10 @@ class Arlo(object):
                raw=True
            )

-            self.request = Request()
+            if finish_auth_body.get('data', {}).get('token') is None:
+                raise Exception("Could not complete 2FA, maybe invalid token? If the error persists, please try reloading the plugin and logging in again.")
+
+            self.request = Request(mode="cloudscraper")

            # Update Authorization code with new code
            headers = {
@@ -238,6 +262,7 @@ class Arlo(object):
            }
            self.request.session.headers.update(headers)
            self.BASE_URL = 'myapi.arlo.com'
+            self.logged_in = True

        return complete_auth

@@ -282,17 +307,25 @@ class Arlo(object):
                cameras[camera['deviceId']] = camera

            # filter out cameras without basestation, where they are their own basestations
-            # for now, keep doorbells and sirens in the list so they get pings
-            proper_basestations = {}
+            # this is so battery-powered devices do not drain due to pings
+            # for wired devices, keep doorbells, sirens, and arloq in the list so they get pings
+            # we also add arlo baby devices (abc1000, abc1000a) since they are standalone-only
+            # and seem to want pings
+            devices_to_ping = {}
            for basestation in basestations.values():
-                if basestation['deviceId'] == basestation.get('parentId') and basestation['deviceType'] not in ['doorbell', 'siren']:
+                if basestation['deviceId'] == basestation.get('parentId') and \
+                    basestation['deviceType'] not in ['doorbell', 'siren', 'arloq', 'arloqs'] and \
+                    basestation['modelId'].lower() not in ['abc1000', 'abc1000a']:
                    continue
-                proper_basestations[basestation['deviceId']] = basestation
+                # avd2001 is the battery doorbell, and we don't want to drain its battery, so disable pings
+                if basestation['modelId'].lower().startswith('avd2001'):
+                    continue
+                devices_to_ping[basestation['deviceId']] = basestation

-            logger.info(f"Will send heartbeat to the following basestations: {list(proper_basestations.keys())}")
+            logger.info(f"Will send heartbeat to the following devices: {list(devices_to_ping.keys())}")

-            # start heartbeat loop with only basestations
-            asyncio.get_event_loop().create_task(heartbeat(self, list(proper_basestations.values())))
+            # start heartbeat loop with only pingable devices
+            asyncio.get_event_loop().create_task(heartbeat(self, list(devices_to_ping.values())))

            # subscribe to all camera topics
            topics = [
@@ -384,58 +417,135 @@ class Arlo(object):
        basestation_id = basestation.get('deviceId')
        return self.Notify(basestation, {"action":"set","resource":"subscriptions/"+self.user_id+"_web","publishResponse":False,"properties":{"devices":[basestation_id]}})

-    def SubscribeToMotionEvents(self, basestation, camera, callback):
+    def SubscribeToErrorEvents(self, basestation, camera, callback):
+        """
+        Use this method to subscribe to error events. You must provide a callback function which will get called once per error event.
+
+        The callback function should have the following signature:
+        def callback(code, message)
+
+        This is an example of handling a specific event, in reality, you'd probably want to write a callback for HandleEvents()
+        that has a big switch statement in it to handle all the various events Arlo produces.
+
+        Returns the Task object that contains the subscription loop.
+        """
+        resource = f"cameras/{camera.get('deviceId')}"
+
+        # Note: It looks like sometimes a message is returned as an 'is' action
+        # where a 'stateChangeReason' property contains the error message. This is
+        # a bit of a hack but we will listen to both events with an 'error' key as
+        # well as 'stateChangeReason' events.
+
+        def callbackwrapper(self, event):
+            if 'error' in event:
+                error = event['error']
+            elif 'properties' in event:
+                error = event['properties'].get('stateChangeReason', {})
+            else:
+                return None
+            message = error.get('message')
+            code = error.get('code')
+            stop = callback(code, message)
+            if not stop:
+                return None
+            return stop
+
+        return asyncio.get_event_loop().create_task(
+            self.HandleEvents(basestation, resource, ['error', ('is', 'stateChangeReason')], callbackwrapper)
+        )
+
+    def SubscribeToMotionEvents(self, basestation, camera, callback, logger) -> asyncio.Task:
        """
        Use this method to subscribe to motion events. You must provide a callback function which will get called once per motion event.

        The callback function should have the following signature:
-        def callback(self, event)
+        def callback(event)

        This is an example of handling a specific event, in reality, you'd probably want to write a callback for HandleEvents()
        that has a big switch statement in it to handle all the various events Arlo produces.

        Returns the Task object that contains the subscription loop.
        """
-        resource = f"cameras/{camera.get('deviceId')}"
+        return self._subscribe_to_motion_or_audio_events(basestation, camera, callback, logger, "motionDetected")

-        def callbackwrapper(self, event):
-            properties = event.get('properties', {})
-            stop = None
-            if 'motionDetected' in properties:
-                stop = callback(properties['motionDetected'])
-            if not stop:
-                return None
-            return stop
-
-        return asyncio.get_event_loop().create_task(
-            self.HandleEvents(basestation, resource, [('is', 'motionDetected')], callbackwrapper)
-        )
-
-    def SubscribeToAudioEvents(self, basestation, camera, callback):
+    def SubscribeToAudioEvents(self, basestation, camera, callback, logger):
        """
        Use this method to subscribe to audio events. You must provide a callback function which will get called once per audio event.

        The callback function should have the following signature:
-        def callback(self, event)
+        def callback(event)

        This is an example of handling a specific event, in reality, you'd probably want to write a callback for HandleEvents()
        that has a big switch statement in it to handle all the various events Arlo produces.

        Returns the Task object that contains the subscription loop.
        """
+        return self._subscribe_to_motion_or_audio_events(basestation, camera, callback, logger, "audioDetected")
+
+    def _subscribe_to_motion_or_audio_events(self, basestation, camera, callback, logger, event_key) -> asyncio.Task:
+        """
+        Helper class to implement force reset of events (when event end signal is dropped) and delay of end
+        of event signals (when the sensor turns off and on quickly)
+
+        event_key is either motionDetected or audioDetected
+        """
+
        resource = f"cameras/{camera.get('deviceId')}"

+        # if we somehow miss the *Detected = False event, this task
+        # is used to force the caller to register the end of the event
+        force_reset_event_task: asyncio.Task = None
+
+        # when we receive a normal *Detected = False event, this
+        # task is used to delay the delivery in case the sensor
+        # registers an event immediately afterwards
+        delayed_event_end_task: asyncio.Task = None
+
+        async def reset_event(sleep_duration: float) -> None:
+            nonlocal force_reset_event_task, delayed_event_end_task
+            await asyncio.sleep(sleep_duration)
+
+            logger.debug(f"{event_key}: delivering False")
+            callback(False)
+
+            force_reset_event_task = None
+            delayed_event_end_task = None
+
        def callbackwrapper(self, event):
+            nonlocal force_reset_event_task, delayed_event_end_task
            properties = event.get('properties', {})
+
            stop = None
-            if 'audioDetected' in properties:
-                stop = callback(properties['audioDetected'])
+            if event_key in properties:
+                event_detected = properties[event_key]
+                delivery_delay = 10
+
+                logger.debug(f"{event_key}: {event_detected} {'will delay delivery by ' + str(delivery_delay) + 's' if not event_detected else ''}".rstrip())
+
+                if force_reset_event_task:
+                    logger.debug(f"{event_key}: cancelling previous force reset task")
+                    force_reset_event_task.cancel()
+                    force_reset_event_task = None
+                if delayed_event_end_task:
+                    logger.debug(f"{event_key}: cancelling previous delay event task")
+                    delayed_event_end_task.cancel()
+                    delayed_event_end_task = None
+
+                if event_detected:
+                    stop = callback(event_detected)
+
+                    # schedule a callback to reset the sensor
+                    # if we somehow miss the *Detected = False event
+                    force_reset_event_task = asyncio.get_event_loop().create_task(reset_event(60))
+                else:
+                    delayed_event_end_task = asyncio.get_event_loop().create_task(reset_event(delivery_delay))
+
            if not stop:
                return None
            return stop

        return asyncio.get_event_loop().create_task(
-            self.HandleEvents(basestation, resource, [('is', 'audioDetected')], callbackwrapper)
+            self.HandleEvents(basestation, resource, [('is', event_key)], callbackwrapper)
        )

    def SubscribeToBatteryEvents(self, basestation, camera, callback):
@@ -443,7 +553,7 @@ class Arlo(object):
        Use this method to subscribe to battery events. You must provide a callback function which will get called once per battery event.

        The callback function should have the following signature:
-        def callback(self, event)
+        def callback(event)

        This is an example of handling a specific event, in reality, you'd probably want to write a callback for HandleEvents()
        that has a big switch statement in it to handle all the various events Arlo produces.
@@ -470,7 +580,7 @@ class Arlo(object):
        Use this method to subscribe to doorbell events. You must provide a callback function which will get called once per doorbell event.

        The callback function should have the following signature:
-        def callback(self, event)
+        def callback(event)

        This is an example of handling a specific event, in reality, you'd probably want to write a callback for HandleEvents()
        that has a big switch statement in it to handle all the various events Arlo produces.
@@ -506,7 +616,7 @@ class Arlo(object):
        Use this method to subscribe to pushToTalk SDP answer events. You must provide a callback function which will get called once per SDP event.

        The callback function should have the following signature:
-        def callback(self, event)
+        def callback(event)

        This is an example of handling a specific event, in reality, you'd probably want to write a callback for HandleEvents()
        that has a big switch statement in it to handle all the various events Arlo produces.
@@ -534,7 +644,7 @@ class Arlo(object):
        Use this method to subscribe to pushToTalk ICE candidate answer events. You must provide a callback function which will get called once per candidate event.

        The callback function should have the following signature:
-        def callback(self, event)
+        def callback(event)

        This is an example of handling a specific event, in reality, you'd probably want to write a callback for HandleEvents()
        that has a big switch statement in it to handle all the various events Arlo produces.
@@ -629,7 +739,7 @@ class Arlo(object):
        If you pass in a valid device type, as a string or a list, this method will return an array of just those devices that match that type. An example would be ['basestation', 'camera']
        To filter provisioned or unprovisioned devices pass in a True/False value for filter_provisioned. By default both types are returned.
        """
-        devices = self.request.get(f'https://{self.BASE_URL}/hmsweb/v2/users/devices')
+        devices = self._getDevicesImpl()
        if device_type:
            devices = [ device for device in devices if device.get('deviceType') in device_type]

@@ -641,20 +751,45 @@ class Arlo(object):

        return devices

-    async def StartStream(self, basestation, camera):
+    @cached(cache=TTLCache(maxsize=1, ttl=60))
+    def _getDevicesImpl(self):
+        devices = self.request.get(f'https://{self.BASE_URL}/hmsweb/v2/users/devices')
+        return devices
+
+    def GetDeviceCapabilities(self, device: dict) -> dict:
+        return self._getDeviceCapabilitiesImpl(device['modelId'].lower(), device['interfaceVersion'])
+
+    @cached(cache=TTLCache(maxsize=64, ttl=60))
+    def _getDeviceCapabilitiesImpl(self, model_id: str, interface_version: str) -> dict:
+        return self.request.get(
+            f'https://{self.BASE_URL}/resources/capabilities/{model_id}/{model_id}_{interface_version}.json',
+            raw=True
+        )
+
+    async def StartStream(self, basestation, camera, mode="rtsp", eager=True):
        """
        This function returns the url of the rtsp video stream.
        This stream needs to be called within 30 seconds or else it becomes invalid.
        It can be streamed with: ffmpeg -re -i 'rtsps://<url>' -acodec copy -vcodec copy test.mp4
        The request to /users/devices/startStream returns: { url:rtsp://<url>:443/vzmodulelive?egressToken=b<xx>&userAgent=iOS&cameraId=<camid>}
+
+        If mode is set to "dash", returns the url to the mpd file for DASH streaming. Note that DASH
+        has very specific header requirements - see GetMPDHeaders()
+
+        If 'eager' is True, will return the stream url without waiting for Arlo to report that
+        the stream has started.
        """
        resource = f"cameras/{camera.get('deviceId')}"

+        if mode not in ["rtsp", "dash"]:
+            raise ValueError("mode must be 'rtsp' or 'dash'")
+
        # nonlocal variable hack for Python 2.x.
        class nl:
            stream_url_dict = None

        def trigger(self):
+            ua = USER_AGENTS['arlo'] if mode == "rtsp" else USER_AGENTS["firefox"]
            nl.stream_url_dict = self.request.post(
                f'https://{self.BASE_URL}/hmsweb/users/devices/startStream',
                params={
@@ -670,14 +805,24 @@ class Arlo(object):
                        "cameraId": camera.get('deviceId')
                    }
                },
-                headers={"xcloudId":camera.get('xCloudId')}
+                headers={"xcloudId":camera.get('xCloudId'), 'User-Agent': ua}
            )
+            if mode == "rtsp":
+                nl.stream_url_dict['url'] = nl.stream_url_dict['url'].replace("rtsp://", "rtsps://")
+            else:
+                nl.stream_url_dict['url'] = nl.stream_url_dict['url'].replace(":80", "")
+
+        if eager:
+            trigger(self)
+            return nl.stream_url_dict['url']

        def callback(self, event):
            #return nl.stream_url_dict['url'].replace("rtsp://", "rtsps://")
+            if "error" in event:
+                return None
            properties = event.get("properties", {})
            if properties.get("activityState") == "userStreamActive":
-                return nl.stream_url_dict['url'].replace("rtsp://", "rtsps://")
+                return nl.stream_url_dict['url']
            return None

        return await self.TriggerAndHandleEvent(
@@ -688,6 +833,37 @@ class Arlo(object):
            callback,
        )

+    def GetMPDHeaders(self, url: str) -> dict:
+        parsed = urlparse(url)
+        query = parse_qs(parsed.query)
+
+        headers = {
+            "Accept": "*/*",
+            "Accept-Encoding": "gzip, deflate",
+            "Accept-Language": "en-US,en;q=0.9",
+            "Connection": "keep-alive",
+            "DNT": "1",
+            "Egress-Token": query['egressToken'][0],  # this is very important
+            "Origin": "https://my.arlo.com",
+            "Referer": "https://my.arlo.com/",
+            "User-Agent": USER_AGENTS["firefox"],
+        }
+        return headers
+
+    def GetSIPInfo(self):
+        resp = self.request.get(f'https://{self.BASE_URL}/hmsweb/users/devices/sipInfo')
+        return resp
+
+    def GetSIPInfoV2(self, camera):
+        resp = self.request.get(
+            f'https://{self.BASE_URL}/hmsweb/users/devices/sipInfo/v2',
+            headers={
+                "xcloudId": camera.get('xCloudId'),
+                "cameraId": camera.get('deviceId'),
+            }
+        )
+        return resp
+
    def StartPushToTalk(self, basestation, camera):
        url = f'https://{self.BASE_URL}/hmsweb/users/devices/{self.user_id}_{camera.get("deviceId")}/pushtotalk'
        resp = self.request.get(url)
@@ -745,6 +921,8 @@ class Arlo(object):
            )

        def callback(self, event):
+            if "error" in event:
+                return None
            properties = event.get("properties", {})
            url = properties.get("presignedFullFrameSnapshotUrl")
            if url:
@@ -870,6 +1048,32 @@ class Arlo(object):
            },
        })

+    def NightlightOn(self, basestation):
+        resource = f"cameras/{basestation.get('deviceId')}"
+        return self.Notify(basestation, {
+            "action": "set",
+            "resource": resource,
+            "publishResponse": True,
+            "properties": {
+                "nightLight": {
+                    "enabled": True
+                }
+            }
+        })
+
+    def NightlightOff(self, basestation):
+        resource = f"cameras/{basestation.get('deviceId')}"
+        return self.Notify(basestation, {
+            "action": "set",
+            "resource": resource,
+            "publishResponse": True,
+            "properties": {
+                "nightLight": {
+                    "enabled": False
+                }
+            }
+        })
+
    def GetLibrary(self, device, from_date: datetime, to_date: datetime):
        """
        This call returns the following:
--- a/plugins/arlo/src/arlo_plugin/arlo/host_picker.py
+++ b/plugins/arlo/src/arlo_plugin/arlo/host_picker.py
@@ -2,28 +2,30 @@ import ssl
 from socket import setdefaulttimeout
 import requests
 from requests_toolbelt.adapters import host_header_ssl
-from cryptography import x509
-from cryptography.x509.oid import ExtensionOID
+import scrypted_arlo_go

 from .logging import logger


-setdefaulttimeout(5)
+setdefaulttimeout(15)


 def pick_host(hosts, hostname_to_match, endpoint_to_test):
-    session = requests.Session()
-    session.mount('https://', host_header_ssl.HostHeaderSSLAdapter())
+    setdefaulttimeout(5)

-    for host in hosts:
-        try:
-            c = ssl.get_server_certificate((host, 443))
-            c = x509.load_pem_x509_certificate(c.encode("utf-8"))
-            if hostname_to_match in c.subject.rfc4514_string() or \
-                hostname_to_match in c.extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME).value.get_values_for_type(x509.DNSName):
+    try:
+        session = requests.Session()
+        session.mount('https://', host_header_ssl.HostHeaderSSLAdapter())
+
+        for host in hosts:
+            try:
+                c = ssl.get_server_certificate((host, 443))
+                scrypted_arlo_go.VerifyCertHostname(c, hostname_to_match)
                r = session.post(f"https://{host}{endpoint_to_test}", headers={"Host": hostname_to_match})
                r.raise_for_status()
                return host
-        except Exception as e:
-            logger.warning(f"{host} is invalid: {e}")
-    raise Exception("no valid hosts found!")
+            except Exception as e:
+                logger.warning(f"{host} is invalid: {e}")
+        raise Exception("no valid hosts found!")
+    finally:
+        setdefaulttimeout(15)
--- a/plugins/arlo/src/arlo_plugin/arlo/logging.py
+++ b/plugins/arlo/src/arlo_plugin/arlo/logging.py
@@ -9,7 +9,7 @@ logger.setLevel(logging.INFO)
 ch = logging.StreamHandler(sys.stdout)

 # log formatting
-fmt = logging.Formatter("[Arlo] %(message)s")
+fmt = logging.Formatter("[Arlo]: %(message)s")
 ch.setFormatter(fmt)

 # configure handler to logger
--- a/plugins/arlo/src/arlo_plugin/arlo/request.py
+++ b/plugins/arlo/src/arlo_plugin/arlo/request.py
@@ -14,13 +14,19 @@
 # limitations under the License.
 ##

+from functools import partialmethod
 import requests
 from requests.exceptions import HTTPError
 from requests_toolbelt.adapters import host_header_ssl
 import cloudscraper
+from curl_cffi import requests as curl_cffi_requests
 import time
 import uuid

+from .logging import logger
+
+
+
 #from requests_toolbelt.utils import dump
 #def print_raw_http(response):
 #    data = dump.dump_all(response, request_prefix=b'', response_prefix=b'')
@@ -29,13 +35,21 @@ import uuid
 class Request(object):
    """HTTP helper class"""

-    def __init__(self, timeout=5, mode="cloudscraper"):
-        if mode == "cloudscraper":
+    def __init__(self, timeout=5, mode="curl"):
+        if mode == "curl":
+            logger.debug("HTTP helper using curl_cffi")
+            self.session = curl_cffi_requests.Session(impersonate="chrome110")
+        elif mode == "cloudscraper":
+            logger.debug("HTTP helper using cloudscraper")
            from .arlo_async import USER_AGENTS
-            self.session = cloudscraper.CloudScraper(browser={"custom": USER_AGENTS["arlo"]})
+            self.session = cloudscraper.CloudScraper(browser={"custom": USER_AGENTS["android"]})
        elif mode == "ip":
+            logger.debug("HTTP helper using requests with HostHeaderSSLAdapter")
            self.session = requests.Session()
            self.session.mount('https://', host_header_ssl.HostHeaderSSLAdapter())
+        else:
+            logger.debug("HTTP helper using requests")
+            self.session = requests.Session()
        self.timeout = timeout

    def gen_event_id(self):
--- a/plugins/arlo/src/arlo_plugin/arlo/sse_stream_async.py
+++ b/plugins/arlo/src/arlo_plugin/arlo/sse_stream_async.py
@@ -1,9 +1,10 @@
 import asyncio
 import json
-import sseclient
 import threading

-from .stream_async import Stream 
+import scrypted_arlo_go
+
+from .stream_async import Stream
 from .logging import logger


@@ -18,34 +19,45 @@ class EventStream(Stream):

        def thread_main(self):
            event_stream = self.event_stream
-            for event in event_stream:
-                logger.debug(f"Received event: {event}")
-                if event is None:
-                    logger.info(f"SSE {id(event_stream)} appears to be broken")
+            while True:
+                try:
+                    event = event_stream.Next()
+                except:
+                    logger.info(f"SSE {event_stream.UUID} exited")
+                    if self.shutting_down_stream is event_stream:
+                        self.shutting_down_stream = None
                    return None

-                if event.data.strip() == "":
+                logger.debug(f"Received event: {event}")
+
+                if event.strip() == "":
                    continue

                try:
-                    response = json.loads(event.data)
+                    response = json.loads(event.strip())
                except json.JSONDecodeError:
                    continue

                if response.get('action') == 'logout':
                    if self.event_stream_stop_event.is_set() or \
                        self.shutting_down_stream is event_stream:
-                        logger.info(f"SSE {id(event_stream)} disconnected")
+                        logger.info(f"SSE {event_stream.UUID} disconnected")
+                        self.shutting_down_stream = None
+                        event_stream.Close()
                        return None
                elif response.get('status') == 'connected':
                    if not self.connected:
-                        logger.info(f"SSE {id(event_stream)} connected")
+                        logger.info(f"SSE {event_stream.UUID} connected")
                        self.initializing = False
                        self.connected = True
                else:
                    self.event_loop.call_soon_threadsafe(self._queue_response, response)

-        self.event_stream = sseclient.SSEClient('https://myapi.arlo.com/hmsweb/client/subscribe?token='+self.arlo.request.session.headers.get('Authorization'), session=self.arlo.request.session)
+        self.event_stream = scrypted_arlo_go.NewSSEClient(
+            'https://myapi.arlo.com/hmsweb/client/subscribe?token='+self.arlo.request.session.headers.get('Authorization'),
+            scrypted_arlo_go.HeadersMap(self.arlo.request.session.headers)
+        )
+        self.event_stream.Start()
        self.event_stream_thread = threading.Thread(name="EventStream", target=thread_main, args=(self, ))
        self.event_stream_thread.setDaemon(True)
        self.event_stream_thread.start()
@@ -57,12 +69,13 @@ class EventStream(Stream):
        self.reconnecting = True
        self.connected = False
        self.shutting_down_stream = self.event_stream
+        self.shutting_down_stream.Close()
        self.event_stream = None
        await self.start()
-        # give it an extra sleep to ensure any previous connections have disconnected properly
-        # this is so we can mark reconnecting to False properly
-        await asyncio.sleep(1)
-        self.shutting_down_stream = None
+        while self.shutting_down_stream is not None:
+            # ensure any previous connections have disconnected properly
+            # this is so we can mark reconnecting to False properly
+            await asyncio.sleep(1)
        self.reconnecting = False

    def subscribe(self, topics):
--- a/plugins/arlo/src/arlo_plugin/arlo/stream_async.py
+++ b/plugins/arlo/src/arlo_plugin/arlo/stream_async.py
@@ -177,22 +177,25 @@ class Stream:

        now = time.time()
        event = StreamEvent(response, now, now + self.expire)
+        self._queue_impl(key, event)

-        if key not in self.queues:
-            q = self.queues[key] = asyncio.Queue()
-        else:
-            q = self.queues[key]
-        q.put_nowait(event)
+        # specialized setup for error responses
+        if 'error' in response:
+            key = f"{resource}/error"
+            self._queue_impl(key, event)

        # for optimized lookups, notify listeners of individual properties
        properties = response.get('properties', {})
        for property in properties.keys():
            key = f"{resource}/{action}/{property}"
-            if key not in self.queues:
-                q = self.queues[key] = asyncio.Queue()
-            else:
-                q = self.queues[key]
-            q.put_nowait(event)
+            self._queue_impl(key, event)
+
+    def _queue_impl(self, key, event):
+        if key not in self.queues:
+            q = self.queues[key] = asyncio.Queue()
+        else:
+            q = self.queues[key]
+        q.put_nowait(event)

    def requeue(self, event, resource, action, property=None):
        if not property:
--- a/plugins/arlo/src/arlo_plugin/base.py
+++ b/plugins/arlo/src/arlo_plugin/base.py
@@ -18,6 +18,7 @@ class ArloDeviceBase(ScryptedDeviceBase, ScryptedDeviceLoggerMixin, BackgroundTa
    nativeId: str = None
    arlo_device: dict = None
    arlo_basestation: dict = None
+    arlo_capabilities: dict = None
    provider: ArloProvider = None
    stop_subscriptions: bool = False

@@ -32,6 +33,12 @@ class ArloDeviceBase(ScryptedDeviceBase, ScryptedDeviceLoggerMixin, BackgroundTa
        self.provider = provider
        self.logger.setLevel(self.provider.get_current_log_level())

+        try:
+            self.arlo_capabilities = self.provider.arlo.GetDeviceCapabilities(self.arlo_device)
+        except Exception as e:
+            self.logger.warning(f"Could not load device capabilities: {e}")
+            self.arlo_capabilities = {}
+
    def __del__(self) -> None:
        self.stop_subscriptions = True
        self.cancel_pending_tasks()
@@ -50,6 +57,9 @@ class ArloDeviceBase(ScryptedDeviceBase, ScryptedDeviceLoggerMixin, BackgroundTa
        if self.arlo_device.get("parentId") and self.arlo_device["parentId"] != self.arlo_device["deviceId"]:
            parent = self.arlo_device["parentId"]

+        if parent in self.provider.hidden_device_ids:
+            parent = None
+
        return {
            "info": {
                "model": f"{self.arlo_device['modelId']} {self.arlo_device['properties'].get('hwVersion', '')}".strip(),
--- a/plugins/arlo/src/arlo_plugin/basestation.py
+++ b/plugins/arlo/src/arlo_plugin/basestation.py
@@ -3,7 +3,7 @@ from __future__ import annotations
 from typing import List, TYPE_CHECKING

 from scrypted_sdk import ScryptedDeviceBase
-from scrypted_sdk.types import Device, DeviceProvider, ScryptedInterface, ScryptedDeviceType
+from scrypted_sdk.types import Device, DeviceProvider, Setting, SettingValue, Settings, ScryptedInterface, ScryptedDeviceType

 from .base import ArloDeviceBase
 from .vss import ArloSirenVirtualSecuritySystem
@@ -13,7 +13,7 @@ if TYPE_CHECKING:
    from .provider import ArloProvider


-class ArloBasestation(ArloDeviceBase, DeviceProvider):
+class ArloBasestation(ArloDeviceBase, DeviceProvider, Settings):
    MODELS_WITH_SIRENS = [
        "vmb4000",
        "vmb4500"
@@ -29,7 +29,10 @@ class ArloBasestation(ArloDeviceBase, DeviceProvider):
        return any([self.arlo_device["modelId"].lower().startswith(model) for model in ArloBasestation.MODELS_WITH_SIRENS])

    def get_applicable_interfaces(self) -> List[str]:
-        return [ScryptedInterface.DeviceProvider.value]
+        return [
+            ScryptedInterface.DeviceProvider.value,
+            ScryptedInterface.Settings.value,
+        ]

    def get_device_type(self) -> str:
        return ScryptedDeviceType.DeviceProvider.value
@@ -68,4 +71,20 @@ class ArloBasestation(ArloDeviceBase, DeviceProvider):
        vss_id = f'{self.arlo_device["deviceId"]}.vss'
        if not self.vss:
            self.vss = ArloSirenVirtualSecuritySystem(vss_id, self.arlo_device, self.arlo_basestation, self.provider, self)
-        return self.vss
+        return self.vss
+
+    async def getSettings(self) -> List[Setting]:
+        return [
+            {
+                "group": "General",
+                "key": "print_debug",
+                "title": "Debug Info",
+                "description": "Prints information about this device to console.",
+                "type": "button",
+            }
+        ]
+
+    async def putSetting(self, key: str, value: SettingValue) -> None:
+        if key == "print_debug":
+            self.logger.info(f"Device Capabilities: {self.arlo_capabilities}")
+        await self.onDeviceEvent(ScryptedInterface.Settings.value, None)
--- a/plugins/arlo/src/arlo_plugin/camera.py
+++ b/plugins/arlo/src/arlo_plugin/camera.py
--- a/plugins/arlo/src/arlo_plugin/child_process.py
+++ b/plugins/arlo/src/arlo_plugin/child_process.py
@@ -3,42 +3,74 @@ import subprocess
 import time
 import threading

+import scrypted_arlo_go
+
+
 HEARTBEAT_INTERVAL = 5


-def multiprocess_main(name, child_conn, exe, args):
-    print(f"[{name}] Child process starting")
-    sp = subprocess.Popen([exe, *args])
+def multiprocess_main(name, logger_port, child_conn, exe, args):
+    logger = scrypted_arlo_go.NewTCPLogger(logger_port, "HeartbeatChildProcess")
+
+    logger.Send(f"{name} starting\n")
+    sp = subprocess.Popen([exe, *args], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+
+    # pull stdout and stderr from the subprocess and forward it over to
+    # our tcp logger
+    def logging_thread(stdstream):
+        while True:
+            line = stdstream.readline()
+            if not line:
+                break
+            line = str(line, 'utf-8')
+            logger.Send(line)
+    stdout_t = threading.Thread(target=logging_thread, args=(sp.stdout,))
+    stderr_t = threading.Thread(target=logging_thread, args=(sp.stderr,))
+    stdout_t.start()
+    stderr_t.start()

    while True:
        has_data = child_conn.poll(HEARTBEAT_INTERVAL * 3)
        if not has_data:
            break
+
+        # check if the subprocess is still alive, if not then exit
+        if sp.poll() is not None:
+            break
+
        keep_alive = child_conn.recv()
        if not keep_alive:
            break

+    logger.Send(f"{name} exiting\n")
+
    sp.terminate()
    sp.wait()
-    print(f"[{name}] Child process exiting")
+
+    stdout_t.join()
+    stderr_t.join()
+
+    logger.Send(f"{name} exited\n")
+    logger.Close()


 class HeartbeatChildProcess:
    """Class to manage running a child process that gets cleaned up if the parent exits.
-    
+
    When spawining subprocesses in Python, if the parent is forcibly killed (as is the case
    when Scrypted restarts plugins), subprocesses get orphaned. This approach uses parent-child
    heartbeats for the child to ensure that the parent process is still alive, and to cleanly
    exit the child if the parent has terminated.
    """

-    def __init__(self, name, exe, *args):
+    def __init__(self, name, logger_port, exe, *args):
        self.name = name
+        self.logger_port = logger_port
        self.exe = exe
        self.args = args

        self.parent_conn, self.child_conn = multiprocessing.Pipe()
-        self.process = multiprocessing.Process(target=multiprocess_main, args=(name, self.child_conn, exe, args))
+        self.process = multiprocessing.Process(target=multiprocess_main, args=(name, logger_port, self.child_conn, exe, args))
        self.process.daemon = True
        self._stop = False

@@ -55,4 +87,7 @@ class HeartbeatChildProcess:
    def heartbeat(self):
        while not self._stop:
            time.sleep(HEARTBEAT_INTERVAL)
+            if not self.process.is_alive():
+                self.stop()
+                break
            self.parent_conn.send(True)
--- a/plugins/arlo/src/arlo_plugin/debug.py
+++ b/plugins/arlo/src/arlo_plugin/debug.py
@@ -1 +0,0 @@
-EXPERIMENTAL = False
--- a/plugins/arlo/src/arlo_plugin/experimental.py
+++ b/plugins/arlo/src/arlo_plugin/experimental.py
@@ -0,0 +1,3 @@
+import os
+
+EXPERIMENTAL = os.environ.get("SCRYPTED_ARLO_EXPERIMENTAL", "0") not in ["", "0"]
--- a/plugins/arlo/src/arlo_plugin/logging.py
+++ b/plugins/arlo/src/arlo_plugin/logging.py
@@ -23,7 +23,7 @@ def createScryptedLogger(scrypted_device, name):
    sh = ScryptedDeviceLoggingWrapper(scrypted_device)

    # log formatting
-    fmt = logging.Formatter("[Arlo %(name)s] %(message)s")
+    fmt = logging.Formatter("[Arlo %(name)s]: %(message)s")
    sh.setFormatter(fmt)

    # configure handler to logger
--- a/plugins/arlo/src/arlo_plugin/provider.py
+++ b/plugins/arlo/src/arlo_plugin/provider.py
@@ -1,11 +1,12 @@
 import asyncio
+from bs4 import BeautifulSoup
 import email
+import functools
 import imaplib
 import json
 import logging
 import re
 import requests
-import traceback
 from typing import List

 import scrypted_sdk
@@ -26,9 +27,10 @@ from .base import ArloDeviceBase
 class ArloProvider(ScryptedDeviceBase, Settings, DeviceProvider, ScryptedDeviceLoggerMixin, BackgroundTaskMixin):
    arlo_cameras = None
    arlo_basestations = None
+    all_device_ids: set = set()
    _arlo_mfa_code = None
    scrypted_devices = None
-    _arlo = None
+    _arlo: Arlo = None
    _arlo_mfa_complete_auth = None
    device_discovery_lock: asyncio.Lock = None

@@ -43,7 +45,7 @@ class ArloProvider(ScryptedDeviceBase, Settings, DeviceProvider, ScryptedDeviceL

    def __init__(self, nativeId: str = None) -> None:
        super().__init__(nativeId=nativeId)
-        self.logger_name = "provider"
+        self.logger_name = "Provider"

        self.arlo_cameras = {}
        self.arlo_basestations = {}
@@ -87,6 +89,9 @@ class ArloProvider(ScryptedDeviceBase, Settings, DeviceProvider, ScryptedDeviceL

    @property
    def arlo_transport(self) -> str:
+        return "SSE"
+        # This code is here for posterity, however it looks that as of 06/01/2023
+        # Arlo has disabled the MQTT backend
        transport = self.storage.getItem("arlo_transport")
        if transport is None or transport not in ArloProvider.arlo_transport_choices:
            transport = "SSE"
@@ -137,6 +142,14 @@ class ArloProvider(ScryptedDeviceBase, Settings, DeviceProvider, ScryptedDeviceL
    def imap_mfa_password(self) -> str:
        return self.storage.getItem("imap_mfa_password")

+    @property
+    def imap_mfa_sender(self) -> str:
+        sender = self.storage.getItem("imap_mfa_sender")
+        if sender is None or sender == "":
+            sender = "do_not_reply@arlo.com"
+            self.storage.setItem("imap_mfa_sender", sender)
+        return sender
+
    @property
    def imap_mfa_interval(self) -> int:
        interval = self.storage.getItem("imap_mfa_interval")
@@ -145,17 +158,36 @@ class ArloProvider(ScryptedDeviceBase, Settings, DeviceProvider, ScryptedDeviceL
            self.storage.setItem("imap_mfa_interval", interval)
        return int(interval)

+    @property
+    def hidden_devices(self) -> List[str]:
+        hidden = self.storage.getItem("hidden_devices")
+        if hidden is None:
+            hidden = []
+            self.storage.setItem("hidden_devices", hidden)
+        return hidden
+
+    @property
+    def hidden_device_ids(self) -> List[str]:
+        ids = []
+        for id in self.hidden_devices:
+            m = re.match(r".*\((.*)\)$", id)
+            if m is not None:
+                ids.append(m.group(1))
+        return ids
+
    @property
    def arlo(self) -> Arlo:
        if self._arlo is not None:
            if self._arlo_mfa_complete_auth is not None:
-                if self._arlo_mfa_code == "":
+                if not self._arlo_mfa_code:
                    return None

                self.logger.info("Completing Arlo MFA...")
-                self._arlo_mfa_complete_auth(self._arlo_mfa_code)
-                self._arlo_mfa_complete_auth = None
-                self._arlo_mfa_code = None
+                try:
+                    self._arlo_mfa_complete_auth(self._arlo_mfa_code)
+                finally:
+                    self._arlo_mfa_complete_auth = None
+                    self._arlo_mfa_code = None
                self.logger.info("Arlo MFA done")

                self.storage.setItem("arlo_auth_headers", json.dumps(dict(self._arlo.request.session.headers.items())))
@@ -175,18 +207,18 @@ class ArloProvider(ScryptedDeviceBase, Settings, DeviceProvider, ScryptedDeviceL
            if headers:
                self._arlo.UseExistingAuth(self.arlo_user_id, json.loads(headers))
                self.logger.info(f"Initialized Arlo client, reusing stored auth headers")
-
                self.create_task(self.do_arlo_setup())
                return self._arlo
            else:
                self._arlo_mfa_complete_auth = self._arlo.LoginMFA()
                self.logger.info(f"Initialized Arlo client, waiting for MFA code")
                return None
-        except Exception as e:
-            traceback.print_exc()
+        except Exception:
+            self.logger.exception("Error initializing Arlo client")
            self._arlo = None
+            self._arlo_mfa_complete_auth = None
            self._arlo_mfa_code = None
-            return None
+            raise

    async def do_arlo_setup(self) -> None:
        try:
@@ -196,15 +228,15 @@ class ArloProvider(ScryptedDeviceBase, Settings, DeviceProvider, ScryptedDeviceL
            ])

            self.arlo.event_stream.set_refresh_interval(self.refresh_interval)
-        except requests.exceptions.HTTPError as e:
-            traceback.print_exc()
-            self.logger.error(f"Error logging in, will retry with fresh login")
+        except requests.exceptions.HTTPError:
+            self.logger.exception("Error logging in")
+            self.logger.error("Will retry with fresh login")
            self._arlo = None
            self._arlo_mfa_code = None
            self.storage.setItem("arlo_auth_headers", None)
            _ = self.arlo
-        except Exception as e:
-            traceback.print_exc()
+        except Exception:
+            self.logger.exception("Error logging in")

    def invalidate_arlo_client(self) -> None:
        if self._arlo is not None:
@@ -230,7 +262,7 @@ class ArloProvider(ScryptedDeviceBase, Settings, DeviceProvider, ScryptedDeviceL
        self.print(f"Setting plugin transport to {self.arlo_transport}")
        change_stream_class(self.arlo_transport)

-    def initialize_imap(self) -> None:
+    def initialize_imap(self, try_count=1) -> None:
        if not self.imap_mfa_host or not self.imap_mfa_port or \
            not self.imap_mfa_username or not self.imap_mfa_password or \
            not self.imap_mfa_interval:
@@ -238,7 +270,7 @@ class ArloProvider(ScryptedDeviceBase, Settings, DeviceProvider, ScryptedDeviceL

        self.exit_imap()
        try:
-            self.logger.info("Trying connect to IMAP")
+            self.logger.info(f"Trying connect to IMAP (attempt {try_count})")
            self.imap = imaplib.IMAP4_SSL(self.imap_mfa_host, port=self.imap_mfa_port)

            res, _ = self.imap.login(self.imap_mfa_username, self.imap_mfa_password)
@@ -252,9 +284,14 @@ class ArloProvider(ScryptedDeviceBase, Settings, DeviceProvider, ScryptedDeviceL
            res, self.imap_skip_emails = self.imap.search(None, "FROM", "do_not_reply@arlo.com")
            if res.lower() != "ok":
                raise Exception(f"IMAP failed to fetch old Arlo emails: {res}")
-        except Exception as e:
-            traceback.print_exc()
-            self.exit_imap()
+        except Exception:
+            self.logger.exception("IMAP initialization error")
+
+            if try_count >= 10:
+                self.logger.error("Tried to connect to IMAP too many times. Will request a plugin restart.")
+                self.create_task(scrypted_sdk.deviceManager.requestRestart())
+
+            asyncio.get_event_loop().call_later(try_count*try_count, functools.partial(self.initialize_imap, try_count=try_count+1))
        else:
            self.logger.info("Connected to IMAP")
            self.imap_signal = asyncio.Queue()
@@ -286,22 +323,39 @@ class ArloProvider(ScryptedDeviceBase, Settings, DeviceProvider, ScryptedDeviceL
            self.storage.setItem("arlo_user_id", "")

            # initialize login and prompt for MFA
-            _ = self.arlo
+            try:
+                _ = self.arlo
+            except Exception:
+                self.logger.exception("Unrecoverable login error")
+                self.logger.error("Will request a plugin restart")
+                await scrypted_sdk.deviceManager.requestRestart()
+                return

            # do imap lookup
            # adapted from https://github.com/twrecked/pyaarlo/blob/77c202b6f789c7104a024f855a12a3df4fc8df38/pyaarlo/tfa.py
            try:
+                try_count = 0
                while True:
-                    self.logger.info("Checking IMAP for MFA codes")
+                    try_count += 1
+
+                    sleep_duration = 1
+                    if try_count > 5:
+                        sleep_duration = 2
+                    elif try_count > 10:
+                        sleep_duration = 5
+                    elif try_count > 20:
+                        sleep_duration = 10
+
+                    self.logger.info(f"Checking IMAP for MFA codes (attempt {try_count})")

                    self.imap.check()
-                    res, emails = self.imap.search(None, "FROM", "do_not_reply@arlo.com")
+                    res, emails = self.imap.search(None, "FROM", self.imap_mfa_sender)
                    if res.lower() != "ok":
                        raise Exception("IMAP error: {res}")

                    if emails == self.imap_skip_emails:
                        self.logger.info("No new emails found, will sleep and retry")
-                        await asyncio.sleep(1)
+                        await asyncio.sleep(sleep_duration)
                        continue

                    skip_emails = self.imap_skip_emails[0].split()
@@ -318,8 +372,9 @@ class ArloProvider(ScryptedDeviceBase, Settings, DeviceProvider, ScryptedDeviceL
                                if part.get_content_type() != "text/html":
                                    continue
                                try:
-                                    for line in part.get_payload(decode=True).splitlines():
-                                        code = re.match(r"^\W+(\d{6})\W*$", line.decode())
+                                    soup = BeautifulSoup(part.get_payload(decode=True), 'html.parser')
+                                    for line in soup.get_text().splitlines():
+                                        code = re.match(r"^\W*(\d{6})\W*$", line)
                                        if code is not None:
                                            return code.group(1)
                                except:
@@ -340,20 +395,30 @@ class ArloProvider(ScryptedDeviceBase, Settings, DeviceProvider, ScryptedDeviceL
                        break

                    self.logger.info("No MFA code found, will sleep and retry")
-                    await asyncio.sleep(1)
-            except Exception as e:
-                traceback.print_exc()
-                self.logger.error("Will retry on next IMAP interval")
+                    await asyncio.sleep(sleep_duration)
+            except Exception:
+                self.logger.exception("Error while checking for MFA codes")
+
                self._arlo = old_arlo
                self.storage.setItem("arlo_auth_headers", old_headers)
                self.storage.setItem("arlo_user_id", old_user_id)
                self._arlo_mfa_code = None
                self._arlo_mfa_complete_auth = None
+
+                self.logger.error("Will reload IMAP connection")
+                asyncio.get_event_loop().call_soon(self.initialize_imap)
            else:
                # finish login
                if old_arlo:
                    old_arlo.Unsubscribe()
-                _ = self.arlo
+
+                try:
+                    _ = self.arlo
+                except Exception:
+                    self.logger.exception("Unrecoverable login error")
+                    self.logger.error("Will request a plugin restart")
+                    await scrypted_sdk.deviceManager.requestRestart()
+                    return

            # continue by sleeping/waiting for a signal
            interval = self.imap_mfa_interval * 24 * 60 * 60  # convert interval days to seconds
@@ -439,6 +504,13 @@ class ArloProvider(ScryptedDeviceBase, Settings, DeviceProvider, ScryptedDeviceL
                    "type": "password",
                    "value": self.imap_mfa_password,
                },
+                {
+                    "group": "IMAP 2FA",
+                    "key": "imap_mfa_sender",
+                    "title": "IMAP Email Sender",
+                    "value": self.imap_mfa_sender,
+                    "description": "The sender email address to search for when loading 2FA codes. See plugin README for more details.",
+                },
                {
                    "group": "IMAP 2FA",
                    "key": "imap_mfa_interval",
@@ -455,9 +527,9 @@ class ArloProvider(ScryptedDeviceBase, Settings, DeviceProvider, ScryptedDeviceL
                "group": "General",
                "key": "arlo_transport",
                "title": "Underlying Transport Protocol",
-                "description": "Select the underlying transport protocol used to connect to Arlo Cloud.",
+                "description": "Arlo Cloud currently only supports the SSE protocol.",
                "value": self.arlo_transport,
-                "choices": self.arlo_transport_choices,
+                "readonly": True,
            },
            {
                "group": "General",
@@ -476,6 +548,16 @@ class ArloProvider(ScryptedDeviceBase, Settings, DeviceProvider, ScryptedDeviceL
                "value": self.plugin_verbosity == "Verbose",
                "type": "boolean",
            },
+            {
+                "group": "General",
+                "key": "hidden_devices",
+                "title": "Hidden Devices",
+                "description": "Select the Arlo devices to hide in this plugin. Hidden devices will be removed from Scrypted and will "
+                               "not be re-added when the plugin reloads.",
+                "value": self.hidden_devices,
+                "multiple": True,
+                "choices": [id for id in self.all_device_ids],
+            },
        ])

        return results
@@ -519,6 +601,11 @@ class ArloProvider(ScryptedDeviceBase, Settings, DeviceProvider, ScryptedDeviceL
            elif key.startswith("imap_mfa"):
                self.initialize_imap()
                skip_arlo_client = True
+            elif key == "hidden_devices":
+                if self._arlo is not None and self._arlo.logged_in:
+                    self._arlo.Unsubscribe()
+                    await self.do_arlo_setup()
+                skip_arlo_client = True
            else:
                # force arlo client to be invalidated and reloaded
                self.invalidate_arlo_client()
@@ -564,12 +651,13 @@ class ArloProvider(ScryptedDeviceBase, Settings, DeviceProvider, ScryptedDeviceL
            return await self.discover_devices_impl()

    async def discover_devices_impl(self) -> None:
-        if not self.arlo:
+        if not self._arlo or not self._arlo.logged_in:
            raise Exception("Arlo client not connected, cannot discover devices")

        self.logger.info("Discovering devices...")
        self.arlo_cameras = {}
        self.arlo_basestations = {}
+        self.all_device_ids = set()
        self.scrypted_devices = {}

        camera_devices = []
@@ -578,13 +666,20 @@ class ArloProvider(ScryptedDeviceBase, Settings, DeviceProvider, ScryptedDeviceL
        basestations = self.arlo.GetDevices(['basestation', 'siren'])
        for basestation in basestations:
            nativeId = basestation["deviceId"]
+            self.all_device_ids.add(f"{basestation['deviceName']} ({nativeId})")
+
            self.logger.debug(f"Adding {nativeId}")

            if nativeId in self.arlo_basestations:
                self.logger.info(f"Skipping basestation {nativeId} ({basestation['modelId']}) as it has already been added")
                continue
+
            self.arlo_basestations[nativeId] = basestation

+            if nativeId in self.hidden_device_ids:
+                self.logger.info(f"Skipping manifest for basestation {nativeId} ({basestation['modelId']}) as it is hidden")
+                continue
+
            device = await self.getDevice_impl(nativeId)
            scrypted_interfaces = device.get_applicable_interfaces()
            manifest = device.get_device_manifest()
@@ -603,11 +698,13 @@ class ArloProvider(ScryptedDeviceBase, Settings, DeviceProvider, ScryptedDeviceL
                await scrypted_sdk.deviceManager.onDeviceDiscovered(child_manifest)
                provider_to_device_map.setdefault(child_manifest["providerNativeId"], []).append(child_manifest)

-        self.logger.info(f"Discovered {len(basestations)} basestations")
+        self.logger.info(f"Discovered {len(self.arlo_basestations)} basestations")

        cameras = self.arlo.GetDevices(['camera', "arloq", "arloqs", "doorbell"])
        for camera in cameras:
            nativeId = camera["deviceId"]
+            self.all_device_ids.add(f"{camera['deviceName']} ({nativeId})")
+
            self.logger.debug(f"Adding {nativeId}")

            if camera["deviceId"] != camera["parentId"] and camera["parentId"] not in self.arlo_basestations:
@@ -617,6 +714,11 @@ class ArloProvider(ScryptedDeviceBase, Settings, DeviceProvider, ScryptedDeviceL
            if nativeId in self.arlo_cameras:
                self.logger.info(f"Skipping camera {nativeId} ({camera['modelId']}) as it has already been added")
                continue
+
+            if nativeId in self.hidden_device_ids:
+                self.logger.info(f"Skipping camera {camera['deviceId']} ({camera['modelId']}) because it is hidden")
+                continue
+ 
            self.arlo_cameras[nativeId] = camera

            if camera["deviceId"] == camera["parentId"]:
@@ -627,9 +729,9 @@ class ArloProvider(ScryptedDeviceBase, Settings, DeviceProvider, ScryptedDeviceL
            device = await self.getDevice_impl(nativeId)
            scrypted_interfaces = device.get_applicable_interfaces()
            manifest = device.get_device_manifest()
-            self.logger.debug(f"Interfaces for {nativeId} ({camera['modelId']}): {scrypted_interfaces}")
+            self.logger.debug(f"Interfaces for {nativeId} ({camera['modelId']} parent {camera['parentId']}): {scrypted_interfaces}")

-            if camera["deviceId"] == camera["parentId"]:
+            if camera["deviceId"] == camera["parentId"] or camera["parentId"] in self.hidden_device_ids:
                provider_to_device_map.setdefault(None, []).append(manifest)
            else:
                provider_to_device_map.setdefault(camera["parentId"], []).append(manifest)
@@ -647,28 +749,43 @@ class ArloProvider(ScryptedDeviceBase, Settings, DeviceProvider, ScryptedDeviceL

        if len(cameras) != len(camera_devices):
            self.logger.info(f"Discovered {len(cameras)} cameras, but only {len(camera_devices)} are usable")
+            self.logger.info("This could be because some cameras are hidden.")
+            self.logger.info("If a camera is not hidden but is still missing, ensure all cameras shared with "
+                             "admin permissions in the Arlo app.")
        else:
            self.logger.info(f"Discovered {len(cameras)} cameras")

        for provider_id in provider_to_device_map.keys():
            if provider_id is None:
                continue
+
+            if len(provider_to_device_map[provider_id]) > 0:
+                self.logger.debug(f"Sending {provider_id} and children to scrypted server")
+            else:
+                self.logger.debug(f"Sending {provider_id} to scrypted server")
+
            await scrypted_sdk.deviceManager.onDevicesChanged({
                "devices": provider_to_device_map[provider_id],
                "providerNativeId": provider_id,
            })

        # ensure devices at the root match all that was discovered
+        self.logger.debug("Sending top level devices to scrypted server")
        await scrypted_sdk.deviceManager.onDevicesChanged({
            "devices": provider_to_device_map[None]
        })
+        self.logger.debug("Done discovering devices")
+
+        # force a settings refresh so the hidden devices list can be updated
+        await self.onDeviceEvent(ScryptedInterface.Settings.value, None)

    async def getDevice(self, nativeId: str) -> ArloDeviceBase:
+        self.logger.debug(f"Scrypted requested to load device {nativeId}")
        async with self.device_discovery_lock:
            return await self.getDevice_impl(nativeId)

    async def getDevice_impl(self, nativeId: str) -> ArloDeviceBase:
-        ret = self.scrypted_devices.get(nativeId, None)
+        ret = self.scrypted_devices.get(nativeId)
        if ret is None:
            ret = self.create_device(nativeId)
            if ret is not None:
--- a/plugins/arlo/src/arlo_plugin/rtcpeerconnection.py
+++ b/plugins/arlo/src/arlo_plugin/rtcpeerconnection.py
@@ -0,0 +1,107 @@
+from aiortc import RTCPeerConnection
+from aiortc.contrib.media import MediaPlayer
+import asyncio
+import threading
+import queue
+
+
+class BackgroundRTCPeerConnection:
+    """Proxy class to use RTCPeerConnection in a background thread.
+
+    The purpose of this proxy is to ensure that RTCPeerConnection operations
+    do not block the main asyncio thread. From testing, it seems that the
+    close() function blocks until the source RTSP server exits, which we
+    have no control over. Additionally, since asyncio coroutines are tied
+    to the event loop they were constructed from, it is not possible to only
+    run close() in a separate thread. Therefore, each instance of RTCPeerConnection
+    is launched within its own ephemeral thread, which cleans itself up once
+    close() completes.
+    """
+
+    def __init__(self, logger):
+        self.main_loop = asyncio.get_event_loop()
+        self.background_loop = asyncio.new_event_loop()
+        self.logger = logger
+
+        self.thread_started = queue.Queue(1)
+        self.thread = threading.Thread(target=self.__background_main)
+        self.thread.start()
+        self.thread_started.get()
+
+    def __background_main(self):
+        self.logger.info(f"Background RTC loop {self.thread.name} starting")
+        self.pc = RTCPeerConnection()
+
+        asyncio.set_event_loop(self.background_loop)
+        self.thread_started.put(True)
+        self.background_loop.run_forever()
+
+        self.logger.info(f"Background RTC loop {self.thread.name} exiting")
+
+    async def __run_background(self, coroutine, await_result=True, stop_loop=False):
+        fut = self.main_loop.create_future()
+
+        def background_callback():
+            # callback to run on main_loop.
+            def to_main(result, is_error):
+                if is_error:
+                    fut.set_exception(result)
+                else:
+                    fut.set_result(result)
+
+            # callback to run on background_loop., after the coroutine completes
+            def callback(task):
+                is_error = False
+                if task.exception():
+                    result = task.exception()
+                    is_error = True
+                else:
+                    result = task.result()
+
+                # send results to the main loop
+                self.main_loop.call_soon_threadsafe(to_main, result, is_error)
+
+                # stopping the loop here ensures that the coroutine completed
+                # and doesn't raise any "task not awaited" exceptions
+                if stop_loop:
+                    self.background_loop.stop()
+
+            task = self.background_loop.create_task(coroutine)
+            task.add_done_callback(callback)
+
+        # start the callback in the background loop
+        self.background_loop.call_soon_threadsafe(background_callback)
+
+        if not await_result:
+            return None
+        return await fut
+
+    async def createOffer(self):
+        return await self.__run_background(self.pc.createOffer())
+
+    async def setLocalDescription(self, sdp):
+        return await self.__run_background(self.pc.setLocalDescription(sdp))
+
+    async def setRemoteDescription(self, sdp):
+        return await self.__run_background(self.pc.setRemoteDescription(sdp))
+
+    async def addIceCandidate(self, candidate):
+        return await self.__run_background(self.pc.addIceCandidate(candidate))
+
+    async def close(self):
+        await self.__run_background(self.pc.close(), await_result=False, stop_loop=True)
+
+    def add_rtsp_audio(self, rtsp_url):
+        """Adds an audio track to the RTCPeerConnection given a source RTSP url.
+
+        This constructs a MediaPlayer in the background thread's asyncio loop,
+        since MediaPlayer also utilizes coroutines and asyncio.
+
+        Note that this may block the background thread's event loop if the RTSP
+        server is not yet ready.
+        """
+        def add_rtsp_audio_background():
+            media_player = MediaPlayer(rtsp_url, format="rtsp")
+            self.pc.addTrack(media_player.audio)
+
+        self.background_loop.call_soon_threadsafe(add_rtsp_audio_background)
--- a/plugins/arlo/src/arlo_plugin/spotlight.py
+++ b/plugins/arlo/src/arlo_plugin/spotlight.py
@@ -51,4 +51,22 @@ class ArloFloodlight(ArloSpotlight):
    async def turnOff(self) -> None:
        self.logger.info("Turning off")
        self.provider.arlo.FloodlightOff(self.arlo_basestation, self.arlo_device)
+        self.on = False
+
+
+class ArloNightlight(ArloSpotlight):
+
+    def __init__(self, nativeId: str, arlo_device: dict, provider: ArloProvider, camera: ArloCamera) -> None:
+        super().__init__(nativeId=nativeId, arlo_device=arlo_device, arlo_basestation=arlo_device, provider=provider, camera=camera)
+
+    @async_print_exception_guard
+    async def turnOn(self) -> None:
+        self.logger.info("Turning on")
+        self.provider.arlo.NightlightOn(self.arlo_device)
+        self.on = True
+
+    @async_print_exception_guard
+    async def turnOff(self) -> None:
+        self.logger.info("Turning off")
+        self.provider.arlo.NightlightOff(self.arlo_device)
        self.on = False
--- a/plugins/arlo/src/arlo_plugin/util.py
+++ b/plugins/arlo/src/arlo_plugin/util.py
@@ -34,6 +34,11 @@ def async_print_exception_guard(fn):
        try:
            return await fn(*args, **kwargs)
        except Exception:
-            traceback.print_exc()
+            # hack to detect if the applied function is actually a method
+            # on a scrypted object
+            if len(args) > 0 and hasattr(args[0], "logger"):
+                getattr(args[0], "logger").exception(f"{fn.__qualname__} raised an exception")
+            else:
+                traceback.print_exc()
            raise
    return wrapped
--- a/plugins/arlo/src/requirements.txt
+++ b/plugins/arlo/src/requirements.txt
@@ -1,12 +1,14 @@
 paho-mqtt==1.6.1
-sseclient==0.0.22
 aiohttp==3.8.4
 requests==2.28.2
 cachetools==5.3.0
-scrypted-arlo-go==0.0.2
+scrypted-arlo-go==0.5.2
 cloudscraper==1.2.71
-cryptography==38.0.4
+curl-cffi==0.5.7
 async-timeout==4.0.2
--extra-index-url=https://www.piwheels.org/simple/
+beautifulsoup4==4.12.2
+aiortc==1.5.0
+av==9.2.0
+--extra-index-url=https://bjia56.github.io/armv7l-wheels/
 --extra-index-url=https://bjia56.github.io/scrypted-arlo-go/
 --prefer-binary
--- a/plugins/bticino/README.md
+++ b/plugins/bticino/README.md
@@ -2,7 +2,9 @@

 The C300X Plugin for Scrypted allows viewing your C300X intercom with incoming video/audio.

-WARNING: You will need access to the device, see https://github.com/fquinto/bticinoClasse300x
+WARNING: You will need access to the device, see https://github.com/fquinto/bticinoClasse300x.
+
+You also need the **[c300x-controller](https://github.com/slyoldfox/c300x-controller)** and node (v17.9.1) running on your device which will expose an API for the intercom.

 ## Development instructions

@@ -17,12 +19,37 @@ $ num run scrypted-deploy 127.0.0.1

 After flashing a custom firmware you must at least:

+* Install [node](https://nodejs.org/download/release/latest-v17.x/node-v17.9.1-linux-armv7l.tar.gz) on your device and run the c300x-controller on the device
+* Install [/lib/libatomic.so.1](http://ftp.de.debian.org/debian/pool/main/g/gcc-10-cross/libatomic1-armhf-cross_10.2.1-6cross1_all.deb) in **/lib**
 * Allow access to the SIP server on port 5060
 * Allow your IP to authenticated with the SIP server
 * Add a SIP user for scrypted

 To do this use the guide below:

+## Installing node and c300x-controller
+
+```
+$ cd /home/bticino/cfg/extra/
+$ mkdir node
+$ cd node
+$ wget https://nodejs.org/download/release/latest-v17.x/node-v17.9.1-linux-armv7l.tar.gz
+$ tar xvfz node-v17.9.1-linux-armv7l.tar.gz
+```
+
+Node will require libatomic.so.1 which isn't shipped with the device, get the .deb file from http://ftp.de.debian.org/debian/pool/main/g/gcc-10-cross/libatomic1-armhf-cross_10.2.1-6cross1_all.deb 
+
+```
+$ ar x libatomic1-armhf-cross_10.2.1-6cross1_all.deb 
+```
+
+scp the `libatomic.so.1` to `/lib` and check that node works:
+
+```
+$ root@C3X-00-00-00-00-00--2222222:~# /home/bticino/cfg/extra/node/bin/node -v
+v17.9.1
+```
+
 ## Make flexisip listen on a reachable IP and add users to it

 To be able to talk to our own SIP server, we need to make the SIP server on the C300X
@@ -93,7 +120,7 @@ hashed-passwords=true
 reject-wrong-client-certificates=true
 ````

-Now we will add a `user agent` (user) that will be used by `baresip` to register itself with `flexisip`
+Now we will add a `user agent` (user) that will be used by `scrypted` to register itself with `flexisip`

 Edit the `/etc/flexisip/users/users.db.txt` file and create a new line by copy/pasting the c300x user.

@@ -101,7 +128,7 @@ For example:

 ````
 c300x@1234567.bs.iotleg.com md5:ffffffffffffffffffffffffffffffff ;
-baresip@1234567.bs.iotleg.com md5:ffffffffffffffffffffffffffffffff ;
+scrypted@1234567.bs.iotleg.com md5:ffffffffffffffffffffffffffffffff ;
 ````

 Leave the md5 as the same value - I use `fffff....` just for this example.
@@ -110,7 +137,7 @@ Edit the `/etc/flexisip/users/route.conf` file and add a new line to it, it spec
 Change the IP address to the place where you will run `baresip` (same as `trusted-hosts` above)

 ````
-<sip:baresip@1234567.bs.iotleg.com> <sip:192.168.0.XX>
+<sip:scrypted@1234567.bs.iotleg.com> <sip:192.168.0.XX>
 ````

 Edit the `/etc/flexisip/users/route_int.conf` file.
@@ -121,7 +148,7 @@ You can look at it as a group of users that is called when you call `alluser@123

 Add your username at the end (make sure you stay on the same line, NOT a new line!)
 ````
-<sip:alluser@1234567.bs.iotleg.com> ..., <sip:baresip@1234567.bs.iotleg.com>
+<sip:alluser@1234567.bs.iotleg.com> ..., <sip:scrypted@1234567.bs.iotleg.com>
 ````

 Reboot and verify flexisip is listening on the new IP address.
--- a/plugins/bticino/package-lock.json
+++ b/plugins/bticino/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@scrypted/bticino",
-   "version": "0.0.7",
+   "version": "0.0.11",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
      "": {
         "name": "@scrypted/bticino",
-         "version": "0.0.7",
+         "version": "0.0.11",
         "dependencies": {
            "@slyoldfox/sip": "^0.0.6-1",
            "sdp": "^3.0.3",
@@ -40,7 +40,7 @@
      },
      "../../sdk": {
         "name": "@scrypted/sdk",
-         "version": "0.2.85",
+         "version": "0.2.103",
         "dev": true,
         "license": "ISC",
         "dependencies": {
@@ -905,9 +905,9 @@
         "integrity": "sha512-d7wDPgDV3DDiqulJjKiV2865wKsJ34YI+NDREbm+FySq6WuKOikwyNQcm+doLAZ1O6ltdO0SeKle2xMpN3Brgw=="
      },
      "node_modules/semver": {
-         "version": "5.7.1",
-         "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz",
-         "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==",
+         "version": "5.7.2",
+         "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz",
+         "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==",
         "bin": {
            "semver": "bin/semver"
         }
@@ -1832,9 +1832,9 @@
         "integrity": "sha512-d7wDPgDV3DDiqulJjKiV2865wKsJ34YI+NDREbm+FySq6WuKOikwyNQcm+doLAZ1O6ltdO0SeKle2xMpN3Brgw=="
      },
      "semver": {
-         "version": "5.7.1",
-         "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz",
-         "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ=="
+         "version": "5.7.2",
+         "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz",
+         "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g=="
      },
      "shebang-command": {
         "version": "2.0.0",
--- a/plugins/bticino/package.json
+++ b/plugins/bticino/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@scrypted/bticino",
-   "version": "0.0.7",
+   "version": "0.0.11",
   "scripts": {
      "scrypted-setup-project": "scrypted-setup-project",
      "prescrypted-setup-project": "scrypted-package-json",
@@ -28,7 +28,6 @@
      ],
      "pluginDependencies": [
         "@scrypted/prebuffer-mixin",
-         "@scrypted/pam-diff",
         "@scrypted/snapshot"
      ]
   },
--- a/plugins/bticino/src/bticino-camera.ts
+++ b/plugins/bticino/src/bticino-camera.ts
@@ -2,7 +2,7 @@ import { closeQuiet, createBindZero, listenZeroSingleClient } from '@scrypted/co
 import { sleep } from '@scrypted/common/src/sleep';
 import { RtspServer } from '@scrypted/common/src/rtsp-server';
 import { addTrackControls } from '@scrypted/common/src/sdp-utils';
-import sdk, { BinarySensor, Camera, DeviceProvider, FFmpegInput, HttpRequest, HttpRequestHandler, HttpResponse, Intercom, MediaObject, MediaStreamUrl, PictureOptions, ResponseMediaStreamOptions, ScryptedDevice, ScryptedDeviceBase, ScryptedMimeTypes, Setting, Settings, SettingValue, VideoCamera, VideoClip, VideoClipOptions, VideoClips } from '@scrypted/sdk';
+import sdk, { BinarySensor, Camera, DeviceProvider, FFmpegInput, HttpRequest, HttpRequestHandler, HttpResponse, Intercom, MediaObject, MediaStreamUrl, PictureOptions, Reboot, ResponseMediaStreamOptions, ScryptedDevice, ScryptedDeviceBase, ScryptedMimeTypes, Setting, Settings, SettingValue, VideoCamera, VideoClip, VideoClipOptions, VideoClips } from '@scrypted/sdk';
 import { SipCallSession } from '../../sip/src/sip-call-session';
 import { RtpDescription } from '../../sip/src/rtp-utils';
 import { VoicemailHandler } from './bticino-voicemailHandler';
@@ -19,14 +19,15 @@ import { InviteHandler } from './bticino-inviteHandler';
 import { SipRequest } from '../../sip/src/sip-manager';

 import { get } from 'http'
+import { ControllerApi } from './c300x-controller-api';

 const STREAM_TIMEOUT = 65000;
 const { mediaManager } = sdk;

-export class BticinoSipCamera extends ScryptedDeviceBase implements DeviceProvider, Intercom, Camera, VideoCamera, Settings, BinarySensor, HttpRequestHandler, VideoClips {
+export class BticinoSipCamera extends ScryptedDeviceBase implements DeviceProvider, Intercom, Camera, VideoCamera, Settings, BinarySensor, HttpRequestHandler, VideoClips, Reboot {

    private session: SipCallSession
-    private remoteRtpDescription: RtpDescription
+    private remoteRtpDescription: Promise<RtpDescription>
    private audioOutForwarder: dgram.Socket
    private audioOutProcess: ChildProcess
    private currentMedia: FFmpegInput | MediaStreamUrl
@@ -35,8 +36,9 @@ export class BticinoSipCamera extends ScryptedDeviceBase implements DeviceProvid
    public requestHandlers: CompositeSipMessageHandler = new CompositeSipMessageHandler()
    public incomingCallRequest : SipRequest
    private settingsStorage: BticinoStorageSettings = new BticinoStorageSettings( this )
-    public voicemailHandler : VoicemailHandler = new VoicemailHandler(this)
+    private voicemailHandler : VoicemailHandler = new VoicemailHandler(this)
    private inviteHandler : InviteHandler = new InviteHandler(this)
+    private controllerApi : ControllerApi = new ControllerApi(this)
    //TODO: randomize this
    private keyAndSalt : string = "/qE7OPGKp9hVGALG2KcvKWyFEZfSSvm7bYVDjT8X"
    //private decodedSrtpOptions : SrtpOptions = decodeSrtpOptions( this.keyAndSalt )
@@ -55,14 +57,24 @@ export class BticinoSipCamera extends ScryptedDeviceBase implements DeviceProvid
        })();
    }

+    reboot(): Promise<void> {
+        return new Promise<void>( (resolve,reject ) => {
+            let c300x = SipHelper.getIntercomIp(this)
+
+            get(`http://${c300x}:8080/reboot?now`, (res) => {
+                console.log("Reboot API result: " + res.statusCode)
+            });               
+        })
+    }
+
    getVideoClips(options?: VideoClipOptions): Promise<VideoClip[]> {
       return new Promise<VideoClip[]>(  (resolve,reject ) => {
            let c300x = SipHelper.getIntercomIp(this)
            if( !c300x ) return []
            get(`http://${c300x}:8080/videoclips?raw=true&startTime=${options.startTime/1000}&endTime=${options.endTime/1000}`, (res) => {
-            let rawData = '';
-            res.on('data', (chunk) => { rawData += chunk; });
-            res.on('end', () => {
+                let rawData = '';
+                res.on('data', (chunk) => { rawData += chunk; });
+                res.on('end', () => {
                try {
                    const parsedData : [] = JSON.parse(rawData);
                    let videoClips : VideoClip[] = []
@@ -93,7 +105,7 @@ export class BticinoSipCamera extends ScryptedDeviceBase implements DeviceProvid
        return mediaManager.createMediaObjectFromUrl(url);        
    }
    getVideoClipThumbnail(thumbnailId: string): Promise<MediaObject> {
-        let c300x = SipHelper.sipOptions(this)
+        let c300x = SipHelper.getIntercomIp(this)
        const url = `http://${c300x}:8080/voicemail?msg=${thumbnailId}/aswm.jpg&raw=true`;
        return mediaManager.createMediaObjectFromUrl(url);        
    }
@@ -146,9 +158,10 @@ export class BticinoSipCamera extends ScryptedDeviceBase implements DeviceProvid

        const audioOutForwarder = await createBindZero()
        this.audioOutForwarder = audioOutForwarder.server
+        let address = (await this.remoteRtpDescription).address
        audioOutForwarder.server.on('message', message => {
            if( this.session )
-                this.session.audioSplitter.send(message, 40004, this.remoteRtpDescription.address)
+                this.session.audioSplitter.send(message, 40004, address)
            return null
        });

@@ -224,8 +237,6 @@ export class BticinoSipCamera extends ScryptedDeviceBase implements DeviceProvid
        }

        this.stopSession();
-
-
        const { clientPromise: playbackPromise, port: playbackPort, url: clientUrl } = await listenZeroSingleClient()

        const playbackUrl = clientUrl
@@ -234,6 +245,12 @@ export class BticinoSipCamera extends ScryptedDeviceBase implements DeviceProvid
            client.setKeepAlive(true, 10000)
            let sip: SipCallSession
            try {
+                if( !this.incomingCallRequest ) {
+                    // If this is a "view" call, update the stream endpoint to send it only to "us"
+                    // In case of an incoming doorbell event, the C300X is already streaming video to all registered endpoints
+                    await this.controllerApi.updateStreamEndpoint()
+                }
+
                let rtsp: RtspServer;
                const cleanup = () => {
                    client.destroy();
@@ -260,7 +277,7 @@ export class BticinoSipCamera extends ScryptedDeviceBase implements DeviceProvid
                sip.onCallEnded.subscribe(cleanup)

                // Call the C300X
-                this.remoteRtpDescription = await sip.callOrAcceptInvite(
+                this.remoteRtpDescription = sip.callOrAcceptInvite(
                    ( audio ) => {
                    return [
                        //TODO: Payload types are hardcoded
@@ -366,6 +383,9 @@ export class BticinoSipCamera extends ScryptedDeviceBase implements DeviceProvid
    }

    async releaseDevice(id: string, nativeId: string): Promise<void> {
+        this.voicemailHandler.cancelTimer()
+        this.persistentSipManager.cancelTimer()        
+        this.controllerApi.cancelTimer()
    }    

    reset() {
--- a/plugins/bticino/src/bticino-voicemailHandler.ts
+++ b/plugins/bticino/src/bticino-voicemailHandler.ts
@@ -6,7 +6,7 @@ export class VoicemailHandler extends SipRequestHandler {
    
    constructor( private sipCamera : BticinoSipCamera ) {
        super()
-        setTimeout( () => {
+        this.timeout = setTimeout( () => {
            // Delay a bit an run in a different thread in case this fails
            this.checkVoicemail()
        }, 10000 )
@@ -25,7 +25,7 @@ export class VoicemailHandler extends SipRequestHandler {
        this.timeout = setTimeout( () => this.checkVoicemail() , 5 * 60 * 1000 )
    }

-    cancelVoicemailCheck() {
+    cancelTimer() {
        if( this.timeout ) {
            clearTimeout(this.timeout)
        }
--- a/Show More
+++ b/Show More