Gilbert Plugins

First-party plugins for the Gilbert AI assistant.

This repository is cloned into std-plugins/ inside a Gilbert checkout (as a git submodule) and each subdirectory here is loaded automatically at Gilbert startup. Every plugin is self-contained — it declares its own Python dependencies in its own pyproject.toml, registers its backends or services when loaded, and can be enabled, disabled, and configured entirely from the Gilbert Settings UI without editing any files.

How to use this repository

You don't normally interact with this repo directly. Gilbert's gilbert.sh start runs git submodule update --init --recursive if the std-plugins/ directory is empty, then uv sync — which walks every plugin's pyproject.toml, installs its third-party deps into Gilbert's shared venv, and leaves the plugin ready to load.

To hack on a plugin:

cd std-plugins/<plugin-name>
# edit files, run tests from the gilbert repo root
cd ../..
uv run pytest std-plugins/<plugin-name>/tests/ -v

To add a new plugin, see the Adding a Plugin section below.

Available plugins

The table below is an index — jump to each plugin's detail section for configuration, slash commands, and notes.

Plugin	Provides	Third-party deps	Category
american-standard	`ThermostatBackend "american-standard"`	`nexia`	Climate
andon-fm	`andon_fm` service (AI-hosted internet radio tuner under `/media/andon-fm`)	— (uses `httpx`)	Media
anthropic	`AIBackend "anthropic"`, `VisionBackend "anthropic"`	`anthropic`	Intelligence
apple-health	`HealthBackend "apple-health"`	— (pure stdlib)	Health
arr	`radarr` service, `sonarr` service	— (uses `httpx`)	Media
bedrock	`AIBackend "bedrock"`	`boto3`	Intelligence
browser	`browser` service (headless Chrome tools, credential manager, VNC live login)	`playwright`, `cryptography`	Automation
deepgram	`StreamingTranscriptionBackend "deepgram"`	— (uses `websockets`)	Speech
deepseek	`AIBackend "deepseek"`	— (uses `httpx`)	Intelligence
discord-webhook	`PushNotificationBackend "discord-webhook"`	— (uses `httpx`)	Notifications
elevenlabs	`TTSBackend "elevenlabs"`, `BatchTranscriptionBackend "elevenlabs_scribe"`, `StreamingTranscriptionBackend "elevenlabs_scribe_live"`	— (uses `httpx`, `websockets`)	Media / Speech
frigate	`CameraEventBackend "frigate"`	`aiomqtt`	Monitoring
gemini	`AIBackend "gemini"`	— (uses `httpx`)	Intelligence
google	`AuthBackend "google"`, `UserProviderBackend "google_directory"`, `EmailBackend "gmail"`, `DocumentBackend "google_drive"`, `CalendarBackend "google_calendar"`, `TaskBackend "google_tasks"`	`google-auth`, `google-api-python-client`, `tzdata`	Identity / Communication / Knowledge / Productivity
groq	`AIBackend "groq"`, `BatchTranscriptionBackend "groq_whisper"`	— (uses `httpx`)	Intelligence / Speech
guess-that-song	`guess_game` service	— (pure stdlib)	Games
hk-webhook	`HealthBackend "hk-webhook"`	— (pure stdlib)	Health
jellyfin	`MediaLibraryBackend "jellyfin"`	— (uses `httpx`)	Media
kokoro	`TTSBackend "kokoro"`	`kokoro`, `torch`, `av`, `numpy`	Speech
lutron-radiora	`LightsBackend "lutron-radiora"`, `ShadesBackend "lutron-radiora"`	`pylutron`	Lighting
mentra	`mentra` service (`MentraService` + `mentra_webhook` capability) — Gilbert on Mentra smart glasses (Even Realities G1, Vuzix Z100, Mentra Live)	`websockets>=12`	Wearables
messaging	`messaging` service (`MessagingService` + `send_text_message` AI tool, `/messages` SPA page) — RCS / MMS / SMS, RCS by default	— (pure stdlib)	Communication
mistral	`AIBackend "mistral"`	— (uses `httpx`)	Intelligence
model-manager	`model_manager` service (`/models` SPA page: installed models + a multi-source installer — pick a source (Hugging Face GGUF catalog or curated Ollama registry), then browse with per-source search/sort/filters, per-variant hardware-fit verdicts + a Compatible filter, one-click pull/delete with per-model seeding) — gated on the Ollama backend being enabled	— (uses the `local_model_runtime` + optional `host_resources` + optional `ai_model_config` capabilities + `httpx`)	Intelligence
ngrok	`TunnelBackend "ngrok"`	`pyngrok`	Infrastructure
ntfy	`PushNotificationBackend "ntfy"`	— (uses `httpx`)	Notifications
ollama	`AIBackend "ollama"`, `Service "ollama_runtime"` (`local_model_runtime`)	— (uses `httpx`)	Intelligence
open-meteo	`WeatherBackend "open-meteo"`	— (uses `httpx`)	Intelligence
openai	`AIBackend "openai"`, `BatchTranscriptionBackend "openai_whisper"`	— (uses `httpx`)	Intelligence / Speech
openai-compatible	`AIBackend "openai_compatible"`	— (uses `httpx`)	Intelligence
openrouter	`AIBackend "openrouter"`	— (uses `httpx`)	Intelligence
openwakeword	`WakeWordBackend "openwakeword"`	`openwakeword`	Speech
phone	`phone_calls` service (`PhoneCallService` + `make_phone_call` AI tool, `/calls` SPA page)	— (pure stdlib)	Telephony
plex	`MediaLibraryBackend "plex"`	`plexapi`, `httpx`	Media
porcupine	`WakeWordBackend "porcupine"`	`pvporcupine`	Speech
pushover	`PushNotificationBackend "pushover"`	— (uses `httpx`)	Notifications
qwen	`AIBackend "qwen"`	— (uses `httpx`)	Intelligence
slack	`slack` service (Socket Mode bot)	`slack-bolt`	Communication
sonos	`SpeakerBackend "sonos"`, `MusicBackend "sonos"`	`aiosonos`, `zeroconf`	Media
tavily	`WebSearchBackend "tavily"`	— (uses `httpx`)	Intelligence
telegram	`PushNotificationBackend "telegram"`	— (uses `httpx`)	Notifications
telnyx	`TelephonyBackend "telnyx"` (voice), `MessagingBackend "telnyx"` (RCS / MMS / SMS)	— (uses `httpx`, `websockets`)	Telephony / Communication
tesseract	`OCRBackend "tesseract"`	`pytesseract`	Intelligence
unifi	`PresenceBackend "unifi"`, `DoorbellBackend "unifi"`	— (uses `httpx`/`aiohttp`)	Monitoring
voice-agent	`voice_agent` service (wake-word-activated voice conversation, `/voice` SPA page)	— (pure stdlib)	Speech
web-push	`PushNotificationBackend "web_push"`	`pywebpush`, `cryptography`	Notifications
withings	`HealthBackend "withings"`	`httpx`	Health
xai	`AIBackend "xai"`	— (uses `httpx`)	Intelligence

american-standard

American Standard / Trane / Nexia / Asair thermostat integration via the Nexia cloud. Speaks Nexia's HTTPS API through the nexia async library (the same one Home Assistant uses). Each zone on the account is exposed as a Gilbert thermostat — multi-zone HVAC systems show up as one entity per zone with the gateway name as the area.

Backend registered

ThermostatBackend.backend_name = "american-standard" — supports_cooling = True, supports_heating = True, supports_fan_mode = True, supports_humidity = True. Mode set covers off, heat, cool, auto; fan modes are pulled dynamically from each thermostat's reported labels (typically auto, on, circulate).

Slash commands — provided by the core thermostats service, not by this plugin directly. All thermostat commands live under the /climate namespace. With this backend selected:

/climate list, /climate status <name|area>
/climate mode <name|area> <off|heat|cool|auto>
/climate heat <name|area> <temp>, /climate cool <name|area> <temp>
/climate range <name|area> <heat> <cool> (sets the AUTO-mode comfort band)
/climate fan <name|area> <auto|on|circulate>

Names match either a zone name (e.g. Upstairs) or the gateway / thermostat name (e.g. Main HVAC, which addresses every zone on that gateway).

Configure (Settings → Climate → Thermostats, with the american-standard backend selected)

username — Account email used to log in to the Nexia / American Standard / Trane / Asair app.
password (sensitive) — Account password.
brand — nexia for Nexia / Trane / American Standard accounts; asair for Asair-branded accounts. Default nexia.

The plugin persists Nexia's per-account device UUID under .gilbert/plugin-data/american-standard/nexia-state-<username>.json so reconnecting after a restart doesn't re-register as a new device (which would eventually trip Nexia's account-lockout protection).

Config action — test_connection: logs in with a fresh, short-lived aiohttp.ClientSession and reports the discovered thermostat + zone counts.

Third-party deps — nexia>=2.7.0.

andon-fm

Tune in to the four AI-hosted internet radio stations from Andon Labs: Thinking Frequencies (Claude), OpenAIR (GPT), Backlink Broadcast (Gemini), and Grok and Roll (Grok). Each station is a long-running agent autonomously DJing through the day — picking tracks, writing show blocks, posting on X. The plugin hands the Live365 MP3 stream URLs to Gilbert's existing speaker service, so you can listen on Sonos, the host's speakers, or a browser tab. The tuner is a full page under the Media nav group; pressing Play opens a dialog that lets you pick which speakers (and the volume) for that play, instead of always falling back to the configured defaults.

Service registered

andon_fm — Configurable + ToolProvider + WsHandlerProvider. Resolves speaker_control (required), and optionally scheduler (for the now-playing scraper) and event_bus (for live UI updates).

Slash commands (namespace /radio.*)

/radio.list — list the four stations with current programming block and listener count.
/radio.play <station> [speakers] — tune in. <station> matches name, host (Claude/GPT/Gemini/Grok), substring, or UUID; [speakers] defaults to default_target_speakers (typically the caller's browser tab).
/radio.stop [speakers] — stop Andon FM playback.
/radio.now [station] — show the current programming block for one station or all four.

Tuner page — UIRoute at /media/andon-fm, slotted under the Media nav group as andon_fm.page. Renders one card per station with cover art, AI host chip, current block, listener count, and a Play button that opens a speaker-picker dialog (checkbox list of every discovered speaker + the my browser magic alias + a volume slider). Block changes stream in live via andon_fm.now_playing.changed events — no polling.

WebSocket RPCs

andon_fm.stations.list / andon_fm.now_playing.get — catalog + cache snapshot.
andon_fm.speakers.list — every discovered speaker (with backend + model + group), prefixed by the my browser virtual entry, for the picker dialog.
andon_fm.play / andon_fm.stop — wrap the speaker service's play / stop with the station's stream URL.

The plugin is toggleable — disabled by default. Enable it under Settings → Services → "Andon FM" before the /media/andon-fm nav entry, the slash commands, and the WS RPCs come online.

Configure (Settings → Media → Andon FM, once enabled)

default_target_speakers — speakers pre-selected in the picker dialog. Default ["my browser"] (the caller's tab). Multi-select dropdown sourced from the active speaker list. Slash-command callers (/radio.play <station> with no speaker) also use this list.
default_volume — default volume in the picker dialog and for slash-command callers. 0-100, default 60.
scraper_enabled (restart required) — fetch each station's current programming block + listener count from andonlabs.com/radio. Default true. Disable if you only want playback (no metadata).
scrape_interval_seconds (restart required) — refresh interval. Default 90.

Stations — bundled in stations.py. The four UUIDs / stream URLs are pulled from the public Andon FM web player; edit that file if Andon Labs renumbers them.

Third-party deps — none (uses httpx from Gilbert core).

anthropic

Claude-powered AI chat and vision backends, speaking the Anthropic Messages API directly over httpx (no SDK import for the chat backend; the vision backend lazily imports anthropic for its one helper call).

Backends registered

AIBackend.backend_name = "anthropic" — tool-use capable, streaming, per-call model override.
VisionBackend.backend_name = "anthropic" — image understanding via Claude's vision API.

Configure (Settings → AI and Settings → Vision)

enabled — Initialize this backend at startup (default true). Uncheck to hide its settings and stop it being offered in profile dropdowns.
api_key (sensitive) — Anthropic API key (sk-ant-…).
model — Default Claude model ID used when a request specifies no per-call model (default claude-sonnet-4-20250514 for chat, claude-sonnet-4-5-20250929 for vision).
enabled_models — Subset of advertised models that the chat UI and AI profile editor expose for selection. Defaults to every model the backend knows about.
max_tokens — Per-response cap (default 16384). Sonnet/Opus 4.x comfortably support higher; the AIService recovers from a max_tokens cut-off on a text-only response via bounded continuation, but a tool_use that gets truncated mid-JSON is unrecoverable, so keep this comfortably above the largest tool input you expect.
temperature — Sampling temperature (chat only).

Streaming. The chat backend implements generate_stream over SSE — AIService forwards each text chunk as a chat.stream.text_delta event on the bus, plus chat.stream.round_complete after every AI round and chat.stream.turn_complete at the end. The WS layer delivers them to the conversation's audience (owner for personal chats, members for shared rooms). The frontend's TurnBubble builds a live "thinking card" inside the in-flight turn from those events plus chat.tool.started / chat.tool.completed, and commits to the authoritative round structure when the chat.message.send RPC resolves with the server's rounds field. All Anthropic-specific SSE parsing stays inside anthropic_ai.py; capabilities() reports streaming=True, attachments_user=True.

Config action — test_connection: issues a one-token completion to verify credentials.

apple-health

Push-style ingestion of Apple HealthKit data via an iOS Shortcut. Translates HealthKit identifier names (e.g. HKQuantityTypeIdentifierStepCount) to Gilbert's MetricType enum via a fixed mapping table; identifiers without a match drop with an INFO log (so adding support for a new metric is a one-line table edit).

Backend registered

HealthBackend.backend_name = "apple-health" — supports_push = True, supports_pull = False. Per spec §4.5 the extra whitelist allows exactly two keys: device (HKDevice.name) and source_app (HKSource.name). Every other key in the payload's extra dict is silently stripped before storage.

Slash commands — provided by the core health service, not by this plugin directly. See the /health slash family.

Configure — none. Apple Health is push-only: per-user state lives entirely on the health_links row written by the per-user Generate / rotate webhook URL button in the account panel.

Frontend panel (account.extensions slot)

Failure-mode disclosure (iOS Background App Refresh + lock-state realities) above the install button so users know what they're signing up for.
"Install our Shortcut" link + SHA-256 hash of the bundled iCloud Shortcut for supply-chain verification (paranoid users compare; the placeholder hash is populated on each Shortcut release).
Webhook URL display on rotation — raw token shown ONCE; only its SHA-256 hash is persisted.
Last-delivery indicator so a silently-broken automation is visible.
Manual setup fallback for users who can't / won't use the prebuilt Shortcut.

Third-party deps — none (pure stdlib JSON parsing).

arr

Radarr + Sonarr integration for browsing, searching, and managing your movie and TV library from Gilbert chat. Registered as two services (radarr, sonarr) so you can run either independently.

Slash commands (both services use the same verbs, prefixed /radarr or /sonarr)

list, find, search, details, grab, add, remove
profiles, queue, recent, upcoming
episodes (sonarr only)

Configure (Settings → Media → Radarr / Sonarr)

url — Radarr/Sonarr base URL (e.g., http://radarr.lan:7878).
api_key (sensitive) — instance API key.
default_quality_profile — Quality profile name or ID to use when adding new items.
default_root_folder — Root folder path for new downloads.

Requires: nothing on the Gilbert side beyond httpx, which is already a core dep.

bedrock

AWS Bedrock chat backend — unlike every other AI plugin this one doesn't speak an OpenAI-compatible API. Bedrock's Converse API gives us a unified request shape across Anthropic Claude, Meta Llama, Mistral, and Amazon Nova models, with AWS SigV4 authentication. Useful for installations that already run on AWS and want their model traffic to stay in-VPC / billed through AWS.

Backend registered — AIBackend.backend_name = "bedrock": tool-use capable, streaming via converse_stream, image-input capable on vision-capable models (Claude, Nova), per-call model override.

Configure (Settings → Intelligence → AI, with the bedrock backend selected)

enabled — Initialize this backend at startup (default true).
aws_region — AWS region for the Bedrock runtime endpoint (default us-east-1). Cross-region inference-profile IDs (us. / eu. prefixed) route automatically within the partition.
aws_access_key_id — Optional. Leave blank to use boto3's default credential chain (env vars, ~/.aws/credentials, EC2/ECS/Lambda IAM role).
aws_secret_access_key (sensitive) — Optional. Paired with the access key.
aws_session_token (sensitive) — Optional. For temporary credentials (STS AssumeRole, SSO).
model — Default Bedrock model ID or inference profile ID (default us.anthropic.claude-sonnet-4-5-20250929-v1:0). Free-text because the available catalog varies per account and region — paste any model ID from the Bedrock console.
enabled_models — Suggested subset shown in the chat UI and AI profile editor. Ships with common Claude / Llama / Mistral / Nova IDs.
max_tokens — Per-response cap (default 8192). Sent as inferenceConfig.maxTokens.
temperature — Sampling temperature (default 0.7).

Streaming. The backend drives converse_stream's blocking iterator in a background thread and forwards events onto an asyncio.Queue. The main coroutine consumes the queue and maps contentBlockStart / contentBlockDelta / contentBlockStop / messageStop / metadata events to neutral StreamEvents — TEXT_DELTA, TOOL_CALL_START, TOOL_CALL_DELTA, TOOL_CALL_END, and finally MESSAGE_COMPLETE with the assembled AIResponse.

Attachments. Vision-capable Bedrock models (Claude, Nova) accept image content blocks with raw bytes (not base64 strings — the plugin decodes). Supported formats: png, jpeg, gif, webp. Documents and text attachments become text stubs pointing the model at the workspace tools.

Config action — test_connection: issues a one-word completion to verify credentials and region.

Third-party deps: boto3 (for AWS SigV4 signing, credential resolution, and the Converse / ConverseStream APIs).

browser

Per-user headless Chrome for AI tools — agents can navigate, scrape text/HTML, click, fill forms, take screenshots that render inline in chat, and (optionally) extract structured JSON via an internal AI sampling call. Includes a per-user encrypted credential manager so the agent can log into sites without the password ever touching an AI prompt, plus a VNC live-login flow for sites whose login flow doesn't fit a CSS-selector form fill.

The plugin is toggleable — disabled by default. Enable it under Settings → Services → "Browser plugin" before tools or credentials become active.

Provides: a single browser service with ToolProvider + WsHandlerProvider + Configurable.

Tools (visible to the AI under the active profile):

Read-only: browser_navigate, browser_get_text, browser_get_html, browser_screenshot — browser_screenshot returns a workspace-reference FileAttachment(kind="image") so the PNG renders inline in the agent's reply.
Interaction: browser_click, browser_fill, browser_press, browser_select — all share the same per-user Page, so they serialize automatically.
Login: browser_login(credential_id) — resolves a saved credential server-side and runs the form-fill heuristic. Username/password never appear in tool arguments.
AI-assisted: browser_extract(instruction, json_schema?) — only advertised when the ai_chat capability is wired in.

Architecture:

Browser engine runs in a Microsoft-maintained mcr.microsoft.com/playwright:v<X.Y.Z>-jammy Docker container by default — all OS shared libs are baked in, the host stays clean. One shared container hosts every user's BrowserContext. Falls back to host-native Playwright when Docker isn't available. Mode is configurable: auto (default) / docker / host. Resource budget: ~150 MB baseline + ~50-100 MB per active user; default cap of 8 concurrent users → ~750 MB worst-case.
Credential store is keyed strictly by user id — there are no global credentials. WS handlers enforce ownership server-side, so each user only sees and manages their own. Passwords are sealed with a Fernet key auto-generated at .gilbert/plugin-data/browser/fernet.key (mode 0600); the list endpoint never returns passwords (only the per-id resolution path inside browser_login decrypts).
Credentials UI mounts via the generic plugin UI extension framework (see "Plugin UI extensions" in CLAUDE.md) into the per-user Account page at /account → "Browser logins". The plugin declares a UIPanel(panel_id="browser.credentials", slot="account.extensions", required_role="user"); the SPA renders it without any core-side knowledge of the plugin.
VNC live login: per-row "Log in interactively" button opens a modal hosting a noVNC iframe pointed at a server-side headed Chromium (under host-native Xvfb + x11vnc + websockify). On close, the headed storage_state is merged into the user's persistent headless state.

Configure (Settings → Browser):

Key	Default	Notes
`mode`	`auto`	`auto` (prefer Docker), `docker` (require), or `host` (force host-native).
`docker_image`	(auto)	Override the Docker image. Blank → `mcr.microsoft.com/playwright:v<installed-playwright-version>-jammy`.
`idle_timeout_seconds`	600	Close per-user contexts after this many idle seconds.
`max_concurrent_users`	8	Server-wide cap on simultaneous BrowserContexts.
`vnc_idle_timeout_seconds`	900	Close idle VNC sessions.
`vnc_max_concurrent_per_user`	2	Per-user VNC cap.
`vnc_max_concurrent_total`	5	Server-wide VNC cap.
`extraction_prompt`	(built-in)	System prompt for `browser_extract`. AI-prompt field.
`login_heuristics_prompt`	(built-in)	System prompt for AI-assisted login form detection. AI-prompt field.

Third-party deps: playwright>=1.45, cryptography>=42 (both pulled in automatically by uv sync).

Provisioning:

./gilbert.sh doctor --plugin browser            # see what's missing
./gilbert.sh doctor --plugin browser --install  # auto-install where possible

The doctor reads Plugin.runtime_dependencies() (see CLAUDE.md). With Docker available the only check is docker info. Without Docker, it falls back to actually launching a headless Chromium on the host and points at playwright install chromium chromium-headless-shell plus the OS-libs hint at https://playwright.dev/python/docs/browsers#install-system-dependencies. VNC live login additionally needs xvfb x11vnc websockify on PATH (apt-get installs).

RBAC: All browser_* tools default to user level. WS RPCs (browser.credentials.*, browser.vnc.*) are user-level with per-user ownership enforced inside the handlers. The /api/browser/vnc/{session_id}/ws proxy validates session ownership against the calling UserContext before bridging to localhost websockify.

deepgram

Real-time streaming speech-to-text via the Deepgram Nova API. Uses raw websockets rather than the deepgram-sdk package — fewer deps and the WebSocket protocol is straightforward. Audio is sent as binary frames (PCM16LE, 16 kHz mono by default); an empty binary frame signals end-of-stream.

Backend registered — StreamingTranscriptionBackend.backend_name = "deepgram".

Account setup — Create an account at https://console.deepgram.com and generate an API key. Free tier includes generous transcription minutes.

Configure (Settings → Transcription → Streaming, with the deepgram backend selected)

api_key (sensitive) — Deepgram API key.
model — Deepgram model ID (default nova-3). Choices: nova-3, nova-2, enhanced, base.
ws_url — WebSocket URL (default wss://api.deepgram.com/v1/listen).

No third-party Python dependencies — uses websockets, which is already a core Gilbert dep.

deepseek

DeepSeek chat backend, speaking the OpenAI-compatible DeepSeek API directly over httpx. Runs alongside the other AI backends — pick per-profile in the AI profile editor.

Backend registered — AIBackend.backend_name = "deepseek": tool-use capable, streaming, per-call model override.

Configure (Settings → Intelligence → AI, with the deepseek backend selected)

enabled — Initialize this backend at startup (default true).
api_key (sensitive) — DeepSeek API key (sk-…).
base_url — API base URL (default https://api.deepseek.com/v1).
model — Default model ID (default deepseek-chat). Choices: deepseek-chat (DeepSeek V3), deepseek-reasoner (DeepSeek R1).
enabled_models — Subset of advertised models that the chat UI and AI profile editor expose for selection.
max_tokens — Per-response cap (default 8192).
temperature — Sampling temperature (default 0.7).

Streaming. OpenAI-compatible SSE — delta.content → TEXT_DELTA, streamed tool_calls[i].function.arguments deltas reassembled into complete ToolCalls. capabilities() reports streaming=True, attachments_user=True.

Attachments. DeepSeek's current chat models don't accept native image attachments, so every attachment becomes a text stub pointing the model at the workspace tools (read_workspace_file, run_workspace_script). Text attachments are inlined as ## <name>\n\n<body>.

Config action — test_connection: issues a one-word completion to verify credentials.

discord-webhook

Discord channel-webhook delivery for the push-notification fan-out service. No shared admin secret is required — the secret is each user's per-route webhook URL (created from the channel's Edit channel → Integrations → Create webhook menu).

Backend registered — PushNotificationBackend.backend_name = "discord-webhook".

Per-user destination fields (set on /account/notifications)

webhook_url (sensitive) — full Discord webhook URL. Validated on send and on the test_connection action against the official discord.com / discordapp.com prefixes — anything else is rejected before any HTTP call to prevent SSRF probes.
mention — optional mention prefix (e.g. @here, <@USER_ID>) prepended on URGENT messages only.

Admin config (Settings → Notifications → Backend: discord-webhook)

timeout — HTTP timeout in seconds (default 10).
username_override — webhook display name (default "Gilbert").

Config action — test_connection: pings an arbitrary webhook_url from the action payload with flags=4096 (SUPPRESS_NOTIFICATIONS) so members aren't pinged. The same flag is applied to per-route "Send test" deliveries triggered from the SPA.

Rate-limit handling — 429s parse X-RateLimit-Reset-After into PushDeliveryResult.retry_after_s; the service uses that value (capped at 60s) instead of the configured backoff for the next attempt.

No third-party Python dependencies — uses core's httpx.

elevenlabs

High-quality text-to-speech via the ElevenLabs API, plus batch and streaming speech-to-text via the ElevenLabs Scribe API. Used by the core speaker.announce flow, doorbell greetings, and anything else that calls TTSBackend.synthesize().

Backends registered

TTSBackend.backend_name = "elevenlabs" — synthesizes speech from text. Also implements StreamingTTSCapability (chunked output via the HTTP /stream endpoint) and BidirectionalTTSCapability (push-text / read-audio sessions via the stream-input WebSocket).
BatchTranscriptionBackend.backend_name = "elevenlabs_scribe" — one-shot transcription via POST /v1/speech-to-text. Supports diarization.
StreamingTranscriptionBackend.backend_name = "elevenlabs_scribe_live" — real-time transcription via the Scribe WebSocket endpoint.

Configure (Settings → TTS, when the elevenlabs backend is selected)

api_key (sensitive) — ElevenLabs API key.
voice_id — Voice ID to synthesize with (copy from the ElevenLabs voice library).
model_id — ElevenLabs model ID (default eleven_turbo_v2_5).
cache_max_entries — LRU cache capacity for recently synthesized phrases (default 256).
cache_ttl_seconds — How long a cached clip lives before re-synthesis (default 1800).

Configure (Settings → Transcription → Batch, with the elevenlabs_scribe backend selected)

The elevenlabs_scribe key is separate from the TTS backend's key — each backend has its own config block under transcription.<role>.backends.elevenlabs_scribe.settings.*.

api_key (sensitive) — ElevenLabs API key.
model — Scribe model ID (default scribe_v1).
base_url — API base URL (default https://api.elevenlabs.io).

Configure (Settings → Transcription → Streaming, with the elevenlabs_scribe_live backend selected)

The elevenlabs_scribe_live key is also separate from both the TTS and batch backends.

api_key (sensitive) — ElevenLabs API key.
model — Scribe model ID (default scribe_v1).
ws_url — WebSocket URL for the Scribe live endpoint (default wss://api.elevenlabs.io/v1/speech-to-text/stream).

Config action — test_connection: requests the available voices list to verify the API key.

No third-party Python dependencies — talks directly to the REST API and WebSocket via httpx and websockets (both already core Gilbert deps).

frigate

Frigate NVR object-detection events via MQTT (push), plus snapshot/clip retrieval over HTTP. Subscribes to Frigate's <prefix>/events and <prefix>/available topics; the camera service consumes the stream, persists rows into the camera_events collection (configurable retention), and republishes onto the bus as camera.event.detected / camera.event.ended / camera.<label>.detected.<camera> (glob-friendly, ACTIVE only).

Backend registered — CameraEventBackend.backend_name = "frigate". Streaming-style backend (connect / disconnect / stream_events on top of the standard initialize / close); the camera service owns the reconnect supervisor and re-invokes connect() on transport error.

Slash commands — provided by the core cameras service:

/cameras list, /cameras clips, /cameras seen, /cameras count
/cameras mute (on the greeting service — UIBlock confirm before persisting)

Configure (Settings → Monitoring → Cameras, with the frigate backend selected)

mqtt_host, mqtt_port (restart) — Broker hostname / port. Frigate's bundled Mosquitto on 1883 is the most common deploy.
mqtt_topic_prefix (restart) — Frigate's mqtt.topic_prefix (default frigate).
mqtt_username, mqtt_password (sensitive) — Optional broker credentials.
mqtt_client_id — MQTT client id (default gilbert-cameras).
mqtt_tls — Enable TLS for the broker connection.
mqtt_tls_ca_cert, mqtt_tls_client_cert (sensitive), mqtt_tls_client_key (sensitive) — PEM material for self-signed brokers and mTLS.
mqtt_tls_insecure — Skip TLS hostname / cert verification (DISABLES MITM PROTECTION — only for self-signed brokers where you don't want to ship the CA).
mqtt_tls_server_hostname — SNI / cert-CN override.
http_base_url (restart) — Frigate web base URL (e.g. http://frigate.local:5000). Used for snapshot / clip / camera-config probes.
http_auth_mode — none (LAN deploy) or bearer (Frigate API keys / proxy).
http_token (sensitive) — Bearer token; ignored when http_auth_mode=none.
verify_ssl — Verify Frigate's TLS cert (default true).
cameras_filter — Restrict to a subset of cameras the broker reports.

MQTT broker onboarding hint. If you don't already have a broker, point this at Frigate's bundled Mosquitto — it's the same broker Frigate publishes its own events to. Frigate's config.yml mqtt: block configures both ports and credentials; copy them into Gilbert's settings.

Config action — test_connection: probes Frigate's /api/version, attempts a 5-second MQTT connect+subscribe to <prefix>/+/events, and warns when the broker reports a Frigate version older than the supported 0.13.0 minimum.

Single-layer reconnect — the plugin opens one aiomqtt.Client per connect() call. Any MqttError exits the inner client and raises CameraBackendError; the camera service catches it, sleeps with exponential backoff (capped at reconnect_max_seconds), and calls connect() again. The plugin doesn't loop internally so there's only one place backoff semantics live.

Frigate LWT translation. When <prefix>/available flips to offline (Frigate-the-detector down even though the broker is healthy), the plugin signals the consumer which raises CameraBackendError("frigate offline"); the service publishes camera.backend.disconnected and re-attempts. When the LWT flips back to online, the next reconnect succeeds and camera.backend.connected fires.

Defensive payload parsing — every field read uses .get() with a default; sub_label accepts string / [name, score] list / null / missing forms; missing required fields drop the event with a debug-level log; false_positive=true drops the event entirely; invalid JSON payloads are logged at WARNING and dropped (the consumer never crashes on a malformed payload).

Audio events flow through transparently — Frigate 0.13+ emits bark, glass_break, speech, etc. on cameras with audio.enabled=true. They have has_snapshot=false so vision annotation short-circuits naturally; the greeting service announces them when their label is added to announce_camera_labels.

Third-party deps — aiomqtt>=2.3.0,<3.0.0 (asyncio-native; v2-only because v1→v2 was a breaking API change and v3 hasn't shipped). HTTP via httpx (already a Gilbert core dep).

SPA contributions — the plugin owns its UI under frigate/frontend/:

frigate.cameras_page — full /cameras SPA route declared via Plugin.ui_routes(). Per-camera grid, recent-events feed, mute editor.
frigate.recent_events — dashboard card mounted into the dashboard.bottom slot via Plugin.ui_panels(). Subscribes to camera.event.detected for live updates.

Core never imports from frigate/frontend/; the <PluginPanelSlot> / <PluginRoutes> extension points + the per-plugin panels.ts side-effect file wire the components in via panel_id.

frigate

Frigate NVR object-detection events via MQTT (push), plus snapshot/clip retrieval over HTTP. Subscribes to Frigate's <prefix>/events and <prefix>/available topics; the camera service consumes the stream, persists rows into the camera_events collection (configurable retention), and republishes onto the bus as camera.event.detected / camera.event.ended / camera.<label>.detected.<camera> (glob-friendly, ACTIVE only).

Backend registered — CameraEventBackend.backend_name = "frigate". Streaming-style backend (connect / disconnect / stream_events on top of the standard initialize / close); the camera service owns the reconnect supervisor and re-invokes connect() on transport error.

Slash commands — provided by the core cameras service:

/cameras list, /cameras clips, /cameras seen, /cameras count
/cameras mute (on the greeting service — UIBlock confirm before persisting)

Configure (Settings → Monitoring → Cameras, with the frigate backend selected)

mqtt_host, mqtt_port (restart) — Broker hostname / port. Frigate's bundled Mosquitto on 1883 is the most common deploy.
mqtt_topic_prefix (restart) — Frigate's mqtt.topic_prefix (default frigate).
mqtt_username, mqtt_password (sensitive) — Optional broker credentials.
mqtt_client_id — MQTT client id (default gilbert-cameras).
mqtt_tls — Enable TLS for the broker connection.
mqtt_tls_ca_cert, mqtt_tls_client_cert (sensitive), mqtt_tls_client_key (sensitive) — PEM material for self-signed brokers and mTLS.
mqtt_tls_insecure — Skip TLS hostname / cert verification (DISABLES MITM PROTECTION — only for self-signed brokers where you don't want to ship the CA).
mqtt_tls_server_hostname — SNI / cert-CN override.
http_base_url (restart) — Frigate web base URL (e.g. http://frigate.local:5000). Used for snapshot / clip / camera-config probes.
http_auth_mode — none (LAN deploy) or bearer (Frigate API keys / proxy).
http_token (sensitive) — Bearer token; ignored when http_auth_mode=none.
verify_ssl — Verify Frigate's TLS cert (default true).
cameras_filter — Restrict to a subset of cameras the broker reports.