Skip to content
scryer media docs

Scryer 0.16.0

Acknowledgements

Section titled “Acknowledgements”

A big thanks to everyone who helped test, report issues, and push on the edges of Scryer during the 0.16.0 cycle. This release pulls together a lot of feedback around authentication, request workflows, plugin reliability, imports, subtitles, release selection, and day-to-day library management.

Highlights

Section titled “Highlights”

Stronger account security with TOTP, passkeys, and MFA step-up

Section titled “Stronger account security with TOTP, passkeys, and MFA step-up”

Scryer now has first-class support for stronger account security. Local accounts can enroll TOTP authenticators, generate recovery codes, and use WebAuthn passkeys for passwordless or second-factor sign-in. The login flow now understands MFA enrollment, MFA verification, passkey authentication, recovery-code fallback, and account states where an external provider owns the password.

The security model also gained configurable minimum password length and optional step-up authentication for configuration changes. Admins can see which users have passwords, MFA, passkeys, or external identities, and can reset a user’s MFA when needed.

Plex and Jellyfin account linking

Section titled “Plex and Jellyfin account linking”

0.16.0 adds a proper media-server connection model for Plex and Jellyfin. Admins can create Plex or Jellyfin connections, discover Plex servers, authenticate Jellyfin by API key or admin credentials, control whether login/linking/auto-add is enabled, configure default app permissions, configure default library grants, and add path mappings for server-to-Scryer filesystem differences.

Users can link Plex or Jellyfin accounts from their profile, and admins can issue external account invites from settings. These linked identities are used for login, permissions, media requests, and notification routing, so Scryer can fit more naturally into households where Plex or Jellyfin is already the front door.

A real media-request workflow

Section titled “A real media-request workflow”

Scryer now includes a dedicated request workflow for movies, series, and anime. Users with request permission can submit requests directly from search results, choose the target library, and select request preferences. Admins can review pending requests, approve them into wanted searches, dismiss them, or filter by library, status, facet, and requester.

Requests are viewed in the UI and exposed through notification events. Request approval creates or reuses the title, resolves overlapping pending requests, and queues the wanted search so request handling becomes part of the same acquisition pipeline as everything else.

Plugin SDK 3.0 and a rebuilt plugin runtime

Section titled “Plugin SDK 3.0 and a rebuilt plugin runtime”

0.16.0 resets plugin compatibility around SDK 3.0. The SDK schema, generated bindings, built-in plugins, plugin catalog logic, install progress reporting, runtime feature detection, restore behavior, verification, and availability checks were all updated together. Custom plugins should be rebuilt against SDK 3.0 before production use.

The runtime now supports richer plugin download payloads, external process hosting, notification events for media requests, subtitle-sync adapters, manual installs, clearer blocked/unavailable states, verified community catalog sources, and beta-plugin metadata. The old NZBGeek-specific built-in was removed in favor of the generic Newznab path, while the Newznab and Torznab built-ins were rebuilt for SDK 3.

TRaSH Guides release intelligence

Section titled “TRaSH Guides release intelligence”

Scryer now ships generated TRaSH Guides release-group and parser knowledge. The 0.16.0 data set includes 818 active release-group rules across movies, series, and anime, 118 service aliases, 35 parser token signals, 50 blocked-title rules, and 910 preserved inactive records. That knowledge feeds release parsing, quality scoring, source matching, release-group scoring, and title-blocking decisions.

Release parsing is more strongly typed across release source, audio codec, streaming service, and external identifier fields. Scryer now detects more of the tags people actually put in release names, including proper/repack markers, AI-enhanced labels, hardcoded subtitles, Dubs Only releases, service aliases, TRaSH blocked-title patterns, and more facet-specific release-group behavior.

Safer acquisition, imports, and download identity

Section titled “Safer acquisition, imports, and download identity”

The download and import pipeline now tracks stable Scryer download identities across submissions, queue observations, completed history, plugins, and manual import decisions. That makes it much harder for one client, category, or completed-history item to be confused with another, especially when multiple download clients or plugin clients are active.

0.16.0 also improves import retry behavior, manual import recovery, foreign-category protection, Sonarr/Radarr import matching, queue-path manual imports, automatic subtitle search on import, and the “mark failed and search again” workflow. Import mode is now configurable, including move-based imports that remove the source after the destination commit is verified.

Faster, deeper media analysis

Section titled “Faster, deeper media analysis”

The built-in media-info reader received a large round of performance, correctness, and coverage work. Scryer now has better hot-path scanning, more complete container and codec sniffing, improved AVI/MP4/MKV/MPEG-TS/WebM behavior, better ffprobe parity tests, HDR and codec metadata fixes, and a large fixture matrix that exercises real media edge cases.

Quality labeling also understands video dimensions more precisely, including 360p, 1440p, and 4320p labels, and the library scanner now has a shared filename/folder evidence parser that improves title matching and import warmup behavior.

Library artwork, deletion jobs, and title refreshes

Section titled “Library artwork, deletion jobs, and title refreshes”

The title image cache was rebuilt around source images and generated variants. Poster and fanart handling are now clearer, banner images were removed, and a startup migration refreshes artwork URLs for upgraded installs.

Bulk title deletion now runs as a job with preview data, typed confirmation when a large media set is involved, live job updates, and safer UI state while title rows are pending deletion.

Notifications, subtitles, and settings cleanup

Section titled “Notifications, subtitles, and settings cleanup”

Notifications now target either plugin channels or media-server connections through a unified target model. Existing Jellyfin notification channels are migrated into media-server targets where possible, and media-request submitted/approved/rejected/canceled events are available for notification providers.

Subtitle sync is now plugin-backed through SDK 3, with install-required handling for enhanced subtitle sync, clearer percentage-based scoring settings, and better external subtitle scanning.

Before/After You Upgrade

Section titled “Before/After You Upgrade”

As with any milestone release, make a backup before upgrading. 0.16.0 includes schema migrations, startup migrations, plugin SDK changes, authentication changes, generated parser/scoring data updates, media-server connection data, notification target migrations, and title-image cache migrations.

If you maintain custom plugins, rebuild them against the 3.0 plugin SDK before relying on them in production. The supported SDK range for 0.16.0 is >=3.0.0, <4.0.0, and the built-in plugins were rebuilt for that compatibility window.

If you previously used Jellyfin notification channels, review media-server connections and notification subscriptions after upgrading. Scryer will migrate channels where it can, but encrypted or malformed legacy configuration may require manual review.

If you use subtitle timing correction, review the subtitle settings after upgrade. Enhanced subtitle sync now depends on the built-in Enhanced Subtitle Sync plugin being installed and available.

Why This Release Matters

Section titled “Why This Release Matters”

Scryer 0.16.0 is about making the app more complete as a shared household media system. Authentication is stronger, users can connect external Plex and Jellyfin identities, requests have a real workflow, notifications can target real media-server integrations, plugins have a clearer runtime, and release decisions have more domain knowledge behind them.

It also pays down a lot of internal complexity. Large workflow refactors in this release make the application easier to evolve without losing the operational details that matter for imports, downloads, searches, subtitles, media analysis, image refreshes, settings, notifications, and library scans.

Misc Bugfixes and Improvements

Section titled “Misc Bugfixes and Improvements”
  • Security: Added TOTP enrollment, verification, recovery-code generation, and recovery-code verification.
  • Security: Store TOTP secrets encrypted and enforce enrollment expiry, drift limits, and failed-attempt limits.
  • Security: Added WebAuthn/passkey registration, authentication, friendly naming, and last-used tracking.
  • Security: Added passkey sign-in and passkey management to the frontend.
  • Security: Added MFA enrollment and verification states to the login flow.
  • Security: Added recovery-code fallback during MFA challenges.
  • Security: Added MFA freshness and step-up verification for sensitive configuration changes.
  • Security: Added configurable minimum password length with a safe lower bound.
  • Security: Added masked login-failure timing to reduce account-discovery signals.
  • Security: Added session-version invalidation so sensitive account changes can invalidate existing sessions.
  • Security: Added JWT scope and MFA freshness claims for enrollment, login, and step-up flows.
  • Security: Added support for federated users without local password hashes.
  • Security: Added admin-visible user security state for password, MFA, passkeys, and account kind.
  • Security: Added admin reset of a user’s MFA enrollment.
  • Security: Added profile controls for passkeys, TOTP, recovery codes, and linked external accounts.
  • Security: Added settings to require MFA for password login and configuration step-up.
  • Security: Added a Jellyfin-login TOTP requirement setting for stricter external-login deployments.
  • Security: Improved password validation so empty passwords are rejected without silently trimming meaningful input.
  • External accounts: Added Plex external identity verification.
  • External accounts: Added Jellyfin external identity verification.
  • External accounts: Added Plex server discovery during media-server setup.
  • External accounts: Added Jellyfin API-key setup.
  • External accounts: Added Jellyfin admin-login setup.
  • External accounts: Added media-server connection create, edit, delete, test, and enablement flows.
  • External accounts: Added media-server connection flags for login, account linking, and auto-add behavior.
  • External accounts: Added default app permissions for users created through external account flows.
  • External accounts: Added default library grants for users created through external account flows.
  • External accounts: Added path mappings for Plex and Jellyfin connections.
  • External accounts: Added external account invites for Plex and Jellyfin users.
  • External accounts: Added Jellyfin user search and manual identifier entry for invites.
  • External accounts: Added linked-account claim flows from invite tokens.
  • External accounts: Added safeguards around deleting media-server connections that are still referenced.
  • External accounts: Added provider artwork and UI helpers for Plex and Jellyfin.
  • Requests: Added the Request library permission.
  • Requests: Added request-quality-profile controls at the library level.
  • Requests: Added request submission from global search results.
  • Requests: Added a request dialog for movie, series, and anime results.
  • Requests: Added a dedicated Requests view with admin and personal modes.
  • Requests: Added filtering by request status, library, facet, and requester.
  • Requests: Added request approval that creates or reuses titles and starts wanted search.
  • Requests: Added request cancellation for requesters.
  • Requests: Added request preference updates for pending personal requests.
  • Requests: Added admin dismissal for requests that should not be fulfilled.
  • Requests: Added overlap handling so approving one request can resolve related pending requests.
  • Requests: Added live request updates through subscriptions.
  • Requests: Added navigation badges for pending media requests.
  • Requests: Added media-request domain events for submitted, updated, approved, rejected, and canceled states.
  • Requests: Added notification payloads for media-request events.
  • Requests: Added validation that requested titles are not already present in the target library.
  • Requests: Added SMG identifier and facet validation during request creation.
  • Requests: Added clearer requester/library/status text across request UI states.
  • Notifications: Reworked subscriptions to target a target_kind and target_id.
  • Notifications: Added media-server connections as notification targets.
  • Notifications: Kept plugin channels as first-class notification targets.
  • Notifications: Added target-aware notification subscription UI labels.
  • Notifications: Added provider filtering so media-server providers and plugin providers are shown in the right places.
  • Notifications: Added media-request events to notification settings and dispatch.
  • Notifications: Added a migration from legacy Jellyfin channels to media-server targets.
  • Notifications: Added safer handling for malformed or encrypted legacy Jellyfin notification configuration.
  • Notifications: Added uniqueness protection for notification target subscriptions.
  • Notifications: Improved notification config defaults and target-specific event support.
  • Plugins: Bumped the plugin SDK to 3.0.0.
  • Plugins: Added the SDK 3 schema file.
  • Plugins: Rebuilt built-in Newznab support for SDK 3.
  • Plugins: Rebuilt built-in Torznab support for SDK 3.
  • Plugins: Removed the NZBGeek-specific built-in.
  • Plugins: Added plugin catalog v3 compatibility handling.
  • Plugins: Added central and community catalog source handling.
  • Plugins: Added verified community catalog source metadata.
  • Plugins: Added plugin beta metadata.
  • Plugins: Added clearer plugin availability and blocked-reason states.
  • Plugins: Added install progress tracking and UI subscription hooks.
  • Plugins: Added manual plugin install support.
  • Plugins: Added plugin restore and runtime-registry cleanup.
  • Plugins: Added runtime feature detection.
  • Plugins: Added runtime memory-estimate metadata.
  • Plugins: Added external process-host support.
  • Plugins: Added subtitle-sync alignment exports and adapter payloads.
  • Plugins: Added notification action support for media-request events.
  • Plugins: Added richer download add payloads, including staged NZB bytes and content metadata.
  • Plugins: Added plugin download identity propagation through download_id.
  • Plugins: Added queue, history, and completed-download download_id fields to SDK payloads.
  • Plugins: Added no-redirect HTTP handling for plugin download adapters.
  • Plugins: Added normalized info-hash and download-identity handling in plugin downloads.
  • Plugins: Added clearer plugin download-submit unavailable errors.
  • Plugins: Added plugin category propagation for download submissions.
  • Plugins: Removed banner URL fields from SDK notification title payloads.
  • Plugins: Added media file identifiers and paths to episode notification payloads.
  • Plugins: Added request payload types to notification events.
  • TRaSH Guides: Added generated release-group rules for movies, series, and anime.
  • TRaSH Guides: Added generated parser token signals.
  • TRaSH Guides: Added generated service aliases.
  • TRaSH Guides: Added generated blocked-title rules.
  • TRaSH Guides: Preserved inactive generated records for future diffs and auditing.
  • TRaSH Guides: Added facet-aware release-group lookup.
  • TRaSH Guides: Added source-context-aware release-group scoring.
  • TRaSH Guides: Replaced hand-maintained release-group lists with generated rule data.
  • Release parsing: Added strict release-source enums.
  • Release parsing: Added strict audio-codec enums.
  • Release parsing: Added strict streaming-service enums.
  • Release parsing: Added strict external-identifier source enums.
  • Release parsing: Added canonical serialization for parser enum values.
  • Release parsing: Added service alias matching from generated data.
  • Release parsing: Added parser signals for AI-enhanced releases.
  • Release parsing: Added parser signals for Proper and Repack releases.
  • Release parsing: Added parser signals for hardcoded subtitles.
  • Release parsing: Added parser signals for Dubs Only releases.
  • Release parsing: Added blocked-title detection from generated rules.
  • Release parsing: Added an alias automaton cache for faster repeated parsing.
  • Quality: Typed source allowlist and blocklist settings.
  • Quality: Typed audio codec allowlist and blocklist settings.
  • Quality: Added request quality profile identifiers.
  • Quality: Changed audio codec allowlist behavior so unknown or missing codecs can be blocked when a profile requires explicit matches.
  • Quality: Added clearer rejection reasons for audio-codec allowlist misses.
  • Quality: Added width-aware quality labeling.
  • Quality: Added 360p, 1440p, and 4320p labels.
  • Quality: Improved release labels from video dimensions instead of height alone.
  • Media analysis: Added a fast default analysis profile.
  • Media analysis: Kept richer scans available when deep inspection is needed.
  • Media analysis: Added hot-path scan helpers.
  • Media analysis: Improved container-format sniffing.
  • Media analysis: Improved AVI index scanning.
  • Media analysis: Improved AVI late MP3 sync fallback.
  • Media analysis: Improved WaveFormatExtensible subformat handling.
  • Media analysis: Improved profile-aware skipping of expensive deep scans.
  • Media analysis: Improved VP8, MPEG-4 ASP/AP, MJPEG, PNG, and MOV text codec mapping.
  • Media analysis: Improved H.264 and H.265 RBSP unescaping.
  • Media analysis: Improved HEVC HDR10+ SEI detection.
  • Media analysis: Expanded ffprobe parity coverage.
  • Media analysis: Added a large native fixture matrix for AVI, MKV, MP4, M4V, MOV, MPEG-TS, M2TS, and WebM.
  • Media analysis: Added dense-media SIMD fixture coverage.
  • Library: Added a shared filename and folder evidence parser.
  • Library: Improved title matching from filename, folder, and external import hints.
  • Library: Added external import warmup scan hints from Sonarr and Radarr paths.
  • Library: Added external identifier scan hints from TMDB, TVDB, IMDb, and related import metadata.
  • Library: Avoided malformed numeric-only IMDb hints during external import warmup.
  • Library: Improved NFO and plexmatch rendering paths.
  • Library: Added import mode support for hardlink/copy and move behavior.
  • Library: Added facet-level and library-level import mode settings.
  • Library: Added source cleanup after verified move-import commits.
  • Library: Added automatic subtitle search after import when enabled.
  • Library: Improved library-scan coordination with background image refresh workers.
  • Artwork: Removed banner image storage and banner refresh behavior.
  • Artwork: Rebuilt title image caching around source images and generated variants.
  • Artwork: Added poster and fanart variant handling.
  • Artwork: Added bounded title-image worker concurrency.
  • Artwork: Added image-refresh pausing while library scans are active.
  • Artwork: Added failed-work skip behavior until the next wake cycle.
  • Artwork: Limited title-update emissions to meaningful poster variant changes.
  • Artwork: Added startup refresh of title and episode artwork URLs for upgraded installs.
  • Artwork: Added title-image cache and variant cleanup migrations.
  • Bulk deletion: Added preview queries for deleting one or more titles.
  • Bulk deletion: Added queued title-deletion jobs.
  • Bulk deletion: Added live job-run updates for deletion progress.
  • Bulk deletion: Added pending-title UI state during deletion.
  • Bulk deletion: Added typed confirmation when deletion affects a large media set.
  • Bulk deletion: Added safer refresh fallback timers after deletion jobs.
  • Import: Added stable Scryer download identifiers.
  • Import: Added download identity state storage.
  • Import: Added accepted and observed identity tracking for submissions and queue items.
  • Import: Added client-scoped download identity keys.
  • Import: Removed ambiguous legacy completed-history matching across clients.
  • Import: Added blocking behavior when a queue item has a Scryer download ID but completed history does not match it.
  • Import: Added foreign-category protection for automatic imports.
  • Import: Added category matching against the effective title category.
  • Import: Added origin checks for Scryer-submitted downloads.
  • Import: Added retry handling for unpacking, locked files, temporary source changes, inaccessible paths, and path-still-exists cases.
  • Import: Added retry handling for no-video-files results when the source path still exists.
  • Import: Added stale manual-import recovery.
  • Import: Added manual import previews for queue paths.
  • Import: Added manual import submission for queue paths.
  • Import: Added active-import uniqueness by download identity.
  • Import: Added logic to mark already-imported downloads as imported even when verification data is missing.
  • Import: Improved Sonarr and Radarr import matching.
  • Import: Improved manual import poller behavior.
  • Import: Split import workflow code into focused completed, interstitial, manual, path, poller, result, series, and wanted modules.
  • Acquisition: Added richer pending-release outcomes for grabbed, rejected, and deferred states.
  • Acquisition: Kept releases pending when download submission is unavailable instead of failing them immediately.
  • Acquisition: Added all-clients-failed handling that can defer rather than discard useful candidates.
  • Acquisition: Added checks to avoid reacquiring releases already active or already imported.
  • Acquisition: Added generated download_id values to submitted download requests.
  • Acquisition: Added richer auto-decision JSON payloads for debugging release decisions.
  • Acquisition: Improved wanted-search behavior after media request approval.
  • Activity: Added “Mark Failed and Search Again” for tracked downloads.
  • Activity: Added “Mark Failed Only” for tracked downloads.
  • Activity: Added skip-reacquire handling to mark-failed actions.
  • Activity: Enriched queue and history rows with import state.
  • Activity: Added latest delete-command state to queue projections.
  • Activity: Improved pause, resume, delete, and mark-failed command handling.
  • Download clients: Added download-id propagation through NZBGet, SABnzbd, Weaver, router, and plugin clients.
  • Download clients: Improved category handling during submission and import.
  • Download clients: Added download-submit unavailable errors.
  • Download clients: Improved primary-client configuration logic.
  • Download clients: Improved native and plugin download-client normalization.
  • Indexers: Improved managed indexer synchronization.
  • Indexers: Preserved caps snapshots when a desired managed-indexer plan does not include fresh caps.
  • Indexers: Limited managed-indexer routing scopes to movie, series, and anime.
  • Indexers: Added managed child routing apply and remove behavior.
  • Indexers: Rejected direct updates to managed child indexers.
  • Indexers: Added background managed-indexer sync queueing.
  • Indexers: Published indexer-change events after managed sync updates.
  • External import: Added linked Prowlarr base-URL detection for proxy indexers.
  • External import: Skipped unsupported or already-imported external indexers more reliably.
  • External import: Added Sonarr Torznab import support.
  • External import: Converted Sonarr Newznab presets through the generic Newznab path.
  • External import: Added download-client password override handling.
  • External import: Required NZBGet password overrides when Sonarr or Radarr cannot provide sensitive values.
  • External import: Improved external import scan hint persistence.
  • Subtitles: Moved enhanced subtitle sync behind the built-in plugin runtime.
  • Subtitles: Added install-required UI states for enhanced subtitle sync.
  • Subtitles: Added plugin install progress subscription handling in subtitle settings.
  • Subtitles: Changed series minimum subtitle score defaults to a more realistic percentage threshold.
  • Subtitles: Updated subtitle settings copy to use percent terminology.
  • Subtitles: Cached external subtitle listings by parent directory during scans.
  • Subtitles: Refactored subtitle provider and sync internals.
  • Subtitles: Added SDK payloads for subtitle sync audio selectors, options, responses, and skip reasons.
  • Settings: Split the settings runtime into focused acquisition, media, library, quality, recycle-bin, routing, security, subtitles, and image-cache modules.
  • Settings: Added import.mode.
  • Settings: Added auth.password_min_length.
  • Settings: Added auth.mfa.require_config_step_up.
  • Settings: Added auth.mfa.require_password_login.
  • Settings: Added auth.totp.require_jellyfin_login.
  • Settings: Added request profile controls to library settings.
  • Settings: Added media-server settings for provider connections and path mappings.
  • Settings: Added security settings for MFA and password policy.
  • Settings: Improved form state and save behavior across the reorganized settings pages.
  • UI: Added a dedicated requests route and route commands.
  • UI: Added request-aware global search actions.
  • UI: Added external account linking controls to the profile page.
  • UI: Added media-server settings UI for Plex and Jellyfin.
  • UI: Added external-account invite management UI.
  • UI: Added shared user-permission checkbox controls.
  • UI: Added stable E2E identifiers across request, settings, login, and profile flows.
  • UI: Improved activity actions for failed and blocked downloads.
  • UI: Improved title deletion UI around preview, confirmation, pending state, and job updates.
  • UI: Simplified poster view behavior.
  • UI: Improved table and poster rendering tests.
  • UI: Improved status toast and route-command tests.
  • UI: Improved request and media-server localization strings.
  • UI: Removed unused banner-image surfaces.
  • Jobs: Added title image cache refresh job keys.
  • Jobs: Added title deletion job keys.
  • Jobs: Added actor-scoped job-run listing.
  • Startup migrations: Added a legacy history-retention cleanup for migration-created forever-retention overrides.
  • Startup migrations: Added Enhanced Subtitle Sync plugin enablement for upgraded installs that already use timing-correction settings.
  • Startup migrations: Added title artwork URL refresh state for 0.16 upgrades.
  • Startup migrations: Added shared major/minor upgrade-version helpers.
  • Database: Normalized media-file source and codec metadata.
  • Database: Normalized quality profile source and audio-codec allowlist/blocklist data.
  • Database: Added auth session version storage.
  • Database: Added media-server notification target indexes.
  • Database: Added download identity state tables and indexes.
  • Database: Added active import identity uniqueness.
  • Database: Migrated download identity keys to include client scope.
  • Database: Removed title banner URL and banner local-path columns.
  • Runtime: Added a runtime-info crate for CPU and architecture details.
  • Runtime: Simplified the container launcher to a single runtime payload.
  • Runtime: Removed old portable/architecture lane selection from the launcher path.
  • Runtime: Added Docker runtime image testing helpers.
  • Runtime: Improved middleware and route handling for the new auth flows.
  • Runtime: Improved rate-limit and settings-bootstrap integration.
  • Runtime: Added macOS nice-thread handling.
  • Release tooling: Continued the release script rollup behind cargo xtask.
  • Tests: Added end-to-end coverage for media requests, login, profile security, settings, plugin install progress, and activity actions.
  • Tests: Added generated-data and parser tests for TRaSH Guides knowledge.
  • Tests: Added import, acquisition, media request, notification, and migration coverage.
  • Tests: Added media-info parity and native fixture coverage.
  • Tests: Added more stable frontend testing handles for complex settings and request flows.