Merge pull request #165 from kerberos-io/fix/iceconnection-state-event

Correct peerconnection states + proper cleanup peerconnection
correct peerconnection states
2026-03-03 14:50:18 +00:00 · 2025-02-09 11:50:35 +01:00 · 2025-02-09 11:01:54 +01:00 · 2025-02-06 10:38:40 +01:00 · 2025-02-06 10:35:36 +01:00 · 2025-02-06 10:15:47 +01:00
101 changed files with 10469 additions and 3479 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -5,7 +5,7 @@ version: 2
 jobs:
  machinery:
    docker:
-      - image: kerberos/base:91ab4d4
+      - image: kerberos/base:0a50dc9
    working_directory: /go/src/github.com/{{ORG_NAME}}/{{REPO_NAME}}
    steps:
      - checkout
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -1,2 +1,2 @@
-FROM kerberos/devcontainer:b2bc659
+FROM kerberos/devcontainer:5da0fe7
 LABEL AUTHOR=Kerberos.io
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,33 +1,21 @@
-// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at:
-// https://github.com/microsoft/vscode-dev-containers/tree/v0.245.2/containers/docker-existing-dockerfile
 {
 	"name": "A Dockerfile containing FFmpeg, OpenCV, Go and Yarn",
-	// Sets the run context to one level up instead of the .devcontainer folder.
 	"context": "..",
-	// Update the 'dockerFile' property if you aren't using the standard 'Dockerfile' filename.
 	"dockerFile": "./Dockerfile",
-	// Use 'forwardPorts' to make a list of ports inside the container available locally.
 	"forwardPorts": [
 		3000,
 		80
 	],
-	// Uncomment the next line to run commands after the container is created - for example installing curl.
 	"postCreateCommand": "cd ui && yarn install && yarn build && cd ../machinery && go mod download",
-	"features": {
-		"ghcr.io/devcontainers-contrib/features/ansible:1": {}
-	},
 	"customizations": {
 		"vscode": {
 			"extensions": [
 				"ms-kubernetes-tools.vscode-kubernetes-tools",
-				"GitHub.copilot"
+				"ms-azuretools.vscode-docker",
+				"GitHub.copilot",
+				"golang.go",
+				"ms-vscode.vscode-typescript-next"
 			]
 		}
-	},
-	// Uncomment when using a ptrace-based debugger like C++, Go, and Rust
-	// "runArgs": [ "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" ],
-	// Uncomment to use the Docker CLI from inside the container. See https://aka.ms/vscode-remote/samples/docker-from-docker.
-	// "mounts": [ "source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind" ],
-	// Uncomment to connect as a non-root user if you've added one. See https://aka.ms/vscode-remote/containers/non-root.
-	// "remoteUser": "vscode"
+	}
 }
--- a/.github/workflows/docker-dev.yml
+++ b/.github/workflows/docker-dev.yml
@@ -2,7 +2,7 @@ name: Docker development build

 on:
  push:
-    branches: [ develop ]
+    branches: [develop]

 jobs:
  build-amd64:
@@ -11,25 +11,25 @@ jobs:
      matrix:
        architecture: [amd64]
    steps:
-    - name: Login to DockerHub
-      uses: docker/login-action@v2
-      with:
-        username: ${{ secrets.DOCKERHUB_USERNAME }}
-        password: ${{ secrets.DOCKERHUB_TOKEN }}
-    - name: Checkout
-      uses: actions/checkout@v3
-    - name: Set up QEMU
-      uses: docker/setup-qemu-action@v2
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v2
-    - name: Available platforms
-      run: echo ${{ steps.buildx.outputs.platforms }}
-    - name: Run Buildx
-      run: docker buildx build --platform linux/${{matrix.architecture}} -t kerberos/agent-dev:arch-$(echo ${{matrix.architecture}} | tr / -)-$(echo $GITHUB_SHA | cut -c1-7) --push . 
-    - name: Create new and append to manifest
-      run: docker buildx imagetools create -t kerberos/agent-dev:$(echo $GITHUB_SHA | cut -c1-7) kerberos/agent-dev:arch-$(echo ${{matrix.architecture}} | tr / -)-$(echo $GITHUB_SHA | cut -c1-7)
-    - name: Create new and append to latest manifest
-      run: docker buildx imagetools create -t kerberos/agent-dev:latest kerberos/agent-dev:arch-$(echo ${{matrix.architecture}} | tr / -)-$(echo $GITHUB_SHA | cut -c1-7)
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Available platforms
+        run: echo ${{ steps.buildx.outputs.platforms }}
+      - name: Run Buildx
+        run: docker buildx build --platform linux/${{matrix.architecture}} -t kerberos/agent-dev:arch-$(echo ${{matrix.architecture}} | tr / -)-$(echo $GITHUB_SHA | cut -c1-7) --push .
+      - name: Create new and append to manifest
+        run: docker buildx imagetools create -t kerberos/agent-dev:$(echo $GITHUB_SHA | cut -c1-7) kerberos/agent-dev:arch-$(echo ${{matrix.architecture}} | tr / -)-$(echo $GITHUB_SHA | cut -c1-7)
+      - name: Create new and append to latest manifest
+        run: docker buildx imagetools create -t kerberos/agent-dev:latest kerberos/agent-dev:arch-$(echo ${{matrix.architecture}} | tr / -)-$(echo $GITHUB_SHA | cut -c1-7)
  build-other:
    runs-on: ubuntu-latest
    strategy:
@@ -37,22 +37,22 @@ jobs:
        #architecture: [arm64, arm/v7, arm/v6]
        architecture: [arm64, arm/v7]
    steps:
-    - name: Login to DockerHub
-      uses: docker/login-action@v2
-      with:
-        username: ${{ secrets.DOCKERHUB_USERNAME }}
-        password: ${{ secrets.DOCKERHUB_TOKEN }}
-    - name: Checkout
-      uses: actions/checkout@v3
-    - name: Set up QEMU
-      uses: docker/setup-qemu-action@v2
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v2
-    - name: Available platforms
-      run: echo ${{ steps.buildx.outputs.platforms }}
-    - name: Run Buildx
-      run: docker buildx build --platform linux/${{matrix.architecture}} -t kerberos/agent-dev:arch-$(echo ${{matrix.architecture}} | tr / -)-$(echo $GITHUB_SHA | cut -c1-7) --push . 
-    - name: Create new and append to manifest
-      run: docker buildx imagetools create --append -t kerberos/agent-dev:$(echo $GITHUB_SHA | cut -c1-7) kerberos/agent-dev:arch-$(echo ${{matrix.architecture}} | tr / -)-$(echo $GITHUB_SHA | cut -c1-7)
-    - name: Create new and append to manifest latest
-      run: docker buildx imagetools create --append -t kerberos/agent-dev:latest kerberos/agent-dev:arch-$(echo ${{matrix.architecture}} | tr / -)-$(echo $GITHUB_SHA | cut -c1-7)
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Available platforms
+        run: echo ${{ steps.buildx.outputs.platforms }}
+      - name: Run Buildx
+        run: docker buildx build --platform linux/${{matrix.architecture}} -t kerberos/agent-dev:arch-$(echo ${{matrix.architecture}} | tr / -)-$(echo $GITHUB_SHA | cut -c1-7) --push .
+      - name: Create new and append to manifest
+        run: docker buildx imagetools create --append -t kerberos/agent-dev:$(echo $GITHUB_SHA | cut -c1-7) kerberos/agent-dev:arch-$(echo ${{matrix.architecture}} | tr / -)-$(echo $GITHUB_SHA | cut -c1-7)
+      - name: Create new and append to manifest latest
+        run: docker buildx imagetools create --append -t kerberos/agent-dev:latest kerberos/agent-dev:arch-$(echo ${{matrix.architecture}} | tr / -)-$(echo $GITHUB_SHA | cut -c1-7)
--- a/.github/workflows/docker-nightly.yml
+++ b/.github/workflows/docker-nightly.yml
@@ -7,18 +7,18 @@ on:

 jobs:
  build-amd64:
-      runs-on: ubuntu-latest
-      strategy:
-        matrix:
-          architecture: [amd64]
-      steps:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        architecture: [amd64]
+    steps:
      - name: Login to DockerHub
        uses: docker/login-action@v2
        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Checkout
-        uses: actions/checkout@v3
+        run: git clone https://github.com/kerberos-io/agent && cd agent
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
@@ -26,29 +26,29 @@ jobs:
      - name: Available platforms
        run: echo ${{ steps.buildx.outputs.platforms }}
      - name: Run Buildx
-        run: docker buildx build --platform linux/${{matrix.architecture}} -t kerberos/agent-nightly:arch-$(echo ${{matrix.architecture}} | tr / -)-$(echo $GITHUB_SHA | cut -c1-7) --push . 
+        run: cd agent && docker buildx build --platform linux/${{matrix.architecture}} -t kerberos/agent-nightly:arch-$(echo ${{matrix.architecture}} | tr / -)-$(echo $GITHUB_SHA | cut -c1-7) --push .
      - name: Create new and append to manifest
-        run: docker buildx imagetools create -t kerberos/agent-nightly:$(echo $GITHUB_SHA | cut -c1-7) kerberos/agent-nightly:arch-$(echo ${{matrix.architecture}} | tr / -)-$(echo $GITHUB_SHA | cut -c1-7)
+        run: cd agent && docker buildx imagetools create -t kerberos/agent-nightly:$(echo $GITHUB_SHA | cut -c1-7) kerberos/agent-nightly:arch-$(echo ${{matrix.architecture}} | tr / -)-$(echo $GITHUB_SHA | cut -c1-7)
  build-other:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        architecture: [arm64, arm/v7, arm/v6]
    steps:
-    - name: Login to DockerHub
-      uses: docker/login-action@v2
-      with:
-        username: ${{ secrets.DOCKERHUB_USERNAME }}
-        password: ${{ secrets.DOCKERHUB_TOKEN }}
-    - name: Checkout
-      uses: actions/checkout@v3
-    - name: Set up QEMU
-      uses: docker/setup-qemu-action@v2
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v2
-    - name: Available platforms
-      run: echo ${{ steps.buildx.outputs.platforms }}
-    - name: Run Buildx
-      run: docker buildx build --platform linux/${{matrix.architecture}} -t kerberos/agent-nightly:arch-$(echo ${{matrix.architecture}} | tr / -)-$(echo $GITHUB_SHA | cut -c1-7) --push . 
-    - name: Create new and append to manifest
-      run: docker buildx imagetools create --append -t kerberos/agent-nightly:$(echo $GITHUB_SHA | cut -c1-7) kerberos/agent-nightly:arch-$(echo ${{matrix.architecture}} | tr / -)-$(echo $GITHUB_SHA | cut -c1-7)
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Checkout
+        run: git clone https://github.com/kerberos-io/agent && cd agent
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Available platforms
+        run: echo ${{ steps.buildx.outputs.platforms }}
+      - name: Run Buildx
+        run: cd agent && docker buildx build --platform linux/${{matrix.architecture}} -t kerberos/agent-nightly:arch-$(echo ${{matrix.architecture}} | tr / -)-$(echo $GITHUB_SHA | cut -c1-7) --push .
+      - name: Create new and append to manifest
+        run: cd agent && docker buildx imagetools create --append -t kerberos/agent-nightly:$(echo $GITHUB_SHA | cut -c1-7) kerberos/agent-nightly:arch-$(echo ${{matrix.architecture}} | tr / -)-$(echo $GITHUB_SHA | cut -c1-7)
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -1,12 +1,12 @@
-name: Docker master build
+name: Docker release build

 on:
-  push:
-    branches: [ master ]
+  release:
+    types: [created]

 env:
  REPO: kerberos/agent
-  
+
 jobs:
  build-amd64:
    runs-on: ubuntu-latest
@@ -19,8 +19,8 @@ jobs:
      - name: Login to DockerHub
        uses: docker/login-action@v2
        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Checkout
        uses: actions/checkout@v3
      - uses: benjlevesque/short-sha@v2.1
@@ -34,26 +34,24 @@ jobs:
      - name: Available platforms
        run: echo ${{ steps.buildx.outputs.platforms }}
      - name: Run Buildx
-        run: docker buildx build --platform linux/$(echo ${{matrix.architecture}} | tr - /) -t $REPO-arch:arch-${{matrix.architecture}}-${{steps.short-sha.outputs.sha}} --push . 
+        run: docker buildx build --platform linux/$(echo ${{matrix.architecture}} | tr - /) -t $REPO-arch:arch-${{matrix.architecture}}-${{github.ref_name}} --push .
      - name: Create new and append to manifest
-        run: docker buildx imagetools create -t $REPO:${{ steps.short-sha.outputs.sha }} $REPO-arch:arch-${{matrix.architecture}}-${{steps.short-sha.outputs.sha}}
+        run: docker buildx imagetools create -t $REPO:${{ github.ref_name }} $REPO-arch:arch-${{matrix.architecture}}-${{github.ref_name}}
      - name: Create new and append to manifest latest
-        run: docker buildx imagetools create -t $REPO:latest $REPO-arch:arch-${{matrix.architecture}}-${{steps.short-sha.outputs.sha}}
+        run: docker buildx imagetools create -t $REPO:latest $REPO-arch:arch-${{matrix.architecture}}-${{github.ref_name}}
      - name: Run Buildx with output
-        run: docker buildx build --platform linux/$(echo ${{matrix.architecture}} | tr - /) -t $REPO-arch:arch-$(echo ${{matrix.architecture}} | tr / -)-${{steps.short-sha.outputs.sha}} --output type=tar,dest=output-${{matrix.architecture}}.tar . 
+        run: docker buildx build --platform linux/$(echo ${{matrix.architecture}} | tr - /) -t $REPO-arch:arch-$(echo ${{matrix.architecture}} | tr / -)-${{github.ref_name}} --output type=tar,dest=output-${{matrix.architecture}}.tar .
      - name: Strip binary
        run: mkdir -p output/ && tar -xf output-${{matrix.architecture}}.tar -C output && rm output-${{matrix.architecture}}.tar && cd output/ && tar -cf ../agent-${{matrix.architecture}}.tar -C home/agent . && rm -rf output
-      # We'll make a GitHub release and push the build (tar) as an artifact
-      - uses: rickstaa/action-create-tag@v1
-        with:
-          tag: ${{ steps.short-sha.outputs.sha }}
-          message: "Release ${{ steps.short-sha.outputs.sha }}"
-      - name: Create a release  
+      - name: Create a release
        uses: ncipollo/release-action@v1
        with:
          latest: true
-          name: ${{ steps.short-sha.outputs.sha }}
-          tag: ${{ steps.short-sha.outputs.sha }}
+          allowUpdates: true
+          name: ${{ github.ref_name }}
+          tag: ${{ github.ref_name }}
+          generateReleaseNotes: false
+          omitBodyDuringUpdate: true
          artifacts: "agent-${{matrix.architecture}}.tar"
      # Taken from GoReleaser's own release workflow.
      # The available Snapcraft Action has some bugs described in the issue below.
@@ -65,7 +63,7 @@ jobs:
      #    mkdir -p $HOME/.cache/snapcraft/download
      #    mkdir -p $HOME/.cache/snapcraft/stage-packages
      #- name: Use Snapcraft
-      #  run: tar -xf agent-${{matrix.architecture}}.tar && snapcraft 
+      #  run: tar -xf agent-${{matrix.architecture}}.tar && snapcraft
  build-other:
    runs-on: ubuntu-latest
    permissions:
@@ -76,39 +74,40 @@ jobs:
        architecture: [arm64, arm-v7, arm-v6]
        #architecture: [arm64, arm-v7]
    steps:
-    - name: Login to DockerHub
-      uses: docker/login-action@v2
-      with:
-        username: ${{ secrets.DOCKERHUB_USERNAME }}
-        password: ${{ secrets.DOCKERHUB_TOKEN }}
-    - name: Checkout
-      uses: actions/checkout@v3
-    - uses: benjlevesque/short-sha@v2.1
-      id: short-sha
-      with:
-        length: 7
-    - name: Set up QEMU
-      uses: docker/setup-qemu-action@v2
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v2
-    - name: Available platforms
-      run: echo ${{ steps.buildx.outputs.platforms }}
-    - name: Run Buildx
-      run: docker buildx build --platform linux/$(echo ${{matrix.architecture}} | tr - /) -t $REPO-arch:arch-${{matrix.architecture}}-${{steps.short-sha.outputs.sha}} --push . 
-    - name: Create new and append to manifest
-      run: docker buildx imagetools create --append -t $REPO:${{ steps.short-sha.outputs.sha }} $REPO-arch:arch-${{matrix.architecture}}-${{steps.short-sha.outputs.sha}}
-    - name: Create new and append to manifest latest
-      run: docker buildx imagetools create --append -t $REPO:latest $REPO-arch:arch-${{matrix.architecture}}-${{steps.short-sha.outputs.sha}}
-    - name: Run Buildx with output
-      run: docker buildx build --platform linux/$(echo ${{matrix.architecture}} | tr - /) -t $REPO-arch:arch-$(echo ${{matrix.architecture}} | tr / -)-${{steps.short-sha.outputs.sha}} --output type=tar,dest=output-${{matrix.architecture}}.tar . 
-    - name: Strip binary
-      run: mkdir -p output/ && tar -xf output-${{matrix.architecture}}.tar -C output && rm output-${{matrix.architecture}}.tar && cd output/ && tar -cf ../agent-${{matrix.architecture}}.tar -C home/agent . && rm -rf output
-    - name: Create a release  
-      uses: ncipollo/release-action@v1
-      with:
-        latest: true
-        allowUpdates: true
-        name: ${{ steps.short-sha.outputs.sha }}
-        tag: ${{ steps.short-sha.outputs.sha }}
-        artifacts: "agent-${{matrix.architecture}}.tar"
-  
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Checkout
+        uses: actions/checkout@v3
+      - uses: benjlevesque/short-sha@v2.1
+        id: short-sha
+        with:
+          length: 7
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Available platforms
+        run: echo ${{ steps.buildx.outputs.platforms }}
+      - name: Run Buildx
+        run: docker buildx build --platform linux/$(echo ${{matrix.architecture}} | tr - /) -t $REPO-arch:arch-${{matrix.architecture}}-${{github.ref_name}} --push .
+      - name: Create new and append to manifest
+        run: docker buildx imagetools create --append -t $REPO:${{ github.ref_name }} $REPO-arch:arch-${{matrix.architecture}}-${{github.ref_name}}
+      - name: Create new and append to manifest latest
+        run: docker buildx imagetools create --append -t $REPO:latest $REPO-arch:arch-${{matrix.architecture}}-${{github.ref_name}}
+      - name: Run Buildx with output
+        run: docker buildx build --platform linux/$(echo ${{matrix.architecture}} | tr - /) -t $REPO-arch:arch-$(echo ${{matrix.architecture}} | tr / -)-${{github.ref_name}} --output type=tar,dest=output-${{matrix.architecture}}.tar .
+      - name: Strip binary
+        run: mkdir -p output/ && tar -xf output-${{matrix.architecture}}.tar -C output && rm output-${{matrix.architecture}}.tar && cd output/ && tar -cf ../agent-${{matrix.architecture}}.tar -C home/agent . && rm -rf output
+      - name: Create a release
+        uses: ncipollo/release-action@v1
+        with:
+          latest: true
+          allowUpdates: true
+          name: ${{ github.ref_name }}
+          tag: ${{ github.ref_name }}
+          generateReleaseNotes: false
+          omitBodyDuringUpdate: true
+          artifacts: "agent-${{matrix.architecture}}.tar"
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -2,35 +2,37 @@ name: Go

 on:
  push:
-    branches: [ develop, master ]
+    branches: [develop, master]
  pull_request:
-    branches: [ develop, master ]
+    branches: [develop, master]

 jobs:
-
  build:
    name: Build
    runs-on: ubuntu-latest
    container:
-      image: kerberos/base:70d69dc
-
+      image: kerberos/base:eb6b088

    strategy:
      matrix:
-        go-version: [1.17, 1.18, 1.19]
+        #No longer supported Go versions.
+        #go-version: ['1.17', '1.18', '1.19', '1.20', '1.21']
+        go-version: ["1.22"]

    steps:
-    - name: Set up Go ${{ matrix.go-version }}
-      uses: actions/setup-go@v2
-      with:
-        go-version: ${{ matrix.go-version }}
-    - name: Check out code into the Go module directory
-      uses: actions/checkout@v3
-    - name: Get dependencies
-      run: cd machinery && go mod download
-    - name: Build
-      run: cd machinery && go build -v ./...
-    - name: Vet
-      run: cd machinery && go vet -v ./...
-    - name: Test
-      run: cd machinery && go test -v ./...
+      - name: Set up Go ${{ matrix.go-version }}
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.go-version }}
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v4
+      - name: Set up git ownershi
+        run: git config --system --add safe.directory /__w/agent/agent
+      - name: Get dependencies
+        run: cd machinery && go mod download
+      - name: Build
+        run: cd machinery && go build -v ./...
+      - name: Vet
+        run: cd machinery && go vet -v ./...
+      - name: Test
+        run: cd machinery && go test -v ./...
--- a/.github/workflows/pr-description.yaml
+++ b/.github/workflows/pr-description.yaml
@@ -0,0 +1,19 @@
+name: Autofill PR description
+
+on: pull_request
+
+jobs:
+  openai-pr-description:
+    runs-on: ubuntu-22.04
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Autofill PR description if empty using OpenAI
+        uses: cedricve/azureopenai-pr-description@master
+        with:
+          github_token: ${{ secrets.TOKEN }}
+          openai_api_key: ${{ secrets.OPENAI_API_KEY }}
+          azure_openai_api_key: ${{ secrets.AZURE_OPENAI_API_KEY }}
+          azure_openai_endpoint: ${{ secrets.AZURE_OPENAI_ENDPOINT }}
+          azure_openai_version: ${{ secrets.AZURE_OPENAI_VERSION }}
+          overwrite_description: true
--- a/.gitignore
+++ b/.gitignore
@@ -11,4 +11,5 @@ machinery/data/snapshots
 machinery/test*
 machinery/init-dev.sh
 machinery/.env
+machinery/vendor
 deployments/docker/private-docker-compose.yaml
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -0,0 +1,31 @@
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "Launch Golang",
+            "type": "go",
+            "request": "launch",
+            "mode": "auto",
+            "program": "${workspaceFolder}/machinery/main.go",
+            "args": [
+                "-action",
+                "run"
+            ],
+            "envFile": "${workspaceFolder}/machinery/.env",
+            "buildFlags": "--tags dynamic",
+        },
+        {
+            "name": "Launch React",
+            "type": "node",
+            "request": "launch",
+            "cwd": "${workspaceFolder}/ui",
+            "runtimeExecutable": "yarn",
+            "runtimeArgs": [
+                "start"
+            ],
+        }
+    ]
+}
--- a/3
+++ b/3
@@ -1,5 +1,5 @@

-FROM kerberos/base:dc12d68 AS build-machinery
+FROM kerberos/base:5d5e86b AS build-machinery
 LABEL AUTHOR=Kerberos.io

 ENV GOROOT=/usr/local/go
@@ -20,6 +20,7 @@ RUN apt-get upgrade -y && apt-get update && apt-get install -y --fix-missing --n

 RUN mkdir -p /go/src/github.com/kerberos-io/agent
 COPY machinery /go/src/github.com/kerberos-io/agent/machinery
+RUN rm -rf /go/src/github.com/kerberos-io/agent/machinery/.env

 ##################################################################
 # Get the latest commit hash, so we know which version we're running
--- a/README.md
+++ b/README.md
@@ -17,20 +17,23 @@
 <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License: MIT"></a>
 [![donate](https://brianmacdonald.github.io/Ethonate/svg/eth-donate-blue.svg)](https://brianmacdonald.github.io/Ethonate/address#0xf4a759C9436E2280Ea9cdd23d3144D95538fF4bE)
 <a target="_blank" href="https://twitter.com/kerberosio?ref_src=twsrc%5Etfw"><img src="https://img.shields.io/twitter/url.svg?label=Follow%20%40kerberosio&style=social&url=https%3A%2F%2Ftwitter.com%2Fkerberosio" alt="Twitter Widget"></a>
-[![Discord Shield](https://discordapp.com/api/guilds/1039619181731135499/widget.png?style=shield)](https://discord.gg/Bj77Vqfp2G)
 [![kerberosio](https://snapcraft.io/kerberosio/badge.svg)](https://snapcraft.io/kerberosio)

+[![Slack invite](https://img.shields.io/badge/join%20kerberos.io%20on%20slack-grey?style=for-the-badge&logo=slack)](https://joinslack.kerberos.io/)
+
 [**Docker Hub**](https://hub.docker.com/r/kerberos/agent) | [**Documentation**](https://doc.kerberos.io) | [**Website**](https://kerberos.io) | [**View Demo**](https://demo.kerberos.io)

+> Before you continue, this repository discusses one of the components of the Kerberos.io stack, the Kerberos Agent, in depth. If you are [looking for an end-to-end deployment guide have a look here](https://github.com/kerberos-io/deployment).
+
 Kerberos Agent is an isolated and scalable video (surveillance) management agent made available as Open Source under the MIT License. This means that all the source code is available for you or your company, and you can use, transform and distribute the source code; as long you keep a reference of the original license. Kerberos Agent can be used for commercial usage (which was not the case for v2). Read more [about the license here](LICENSE).

 ![Kerberos Agent go through UI](./assets/img/kerberos-agent-overview.gif)

 ## :thinking: Prerequisites

- An IP camera which supports a RTSP H264 encoded stream,
-  - (or) a USB camera, Raspberry Pi camera or other camera, that [you can transform to a valid RTSP H264 stream](https://github.com/kerberos-io/camera-to-rtsp).
- Any hardware (ARMv6, ARMv7, ARM64, AMD) that can run a binary or container, for example: a Raspberry Pi, NVidia Jetson, Intel NUC, a VM, Bare metal machine or a full blown Kubernetes cluster.
+- An IP camera which supports a RTSP H264 or H265 encoded stream,
+  - (or) a USB camera, Raspberry Pi camera or other camera, that [you can transform to a valid RTSP H264 or H265 stream](https://github.com/kerberos-io/camera-to-rtsp).
+- Any hardware (ARMv6, ARMv7, ARM64, AMD64) that can run a binary or container, for example: a Raspberry Pi, NVidia Jetson, Intel NUC, a VM, Bare metal machine or a full blown Kubernetes cluster.

 ## :video_camera: Is my camera working?

@@ -46,41 +49,46 @@ There are a myriad of cameras out there (USB, IP and other cameras), and it migh

 ### Introduction

-3. [A world of Kerberos Agents](#a-world-of-kerberos-agents)
+1. [A world of Kerberos Agents](#a-world-of-kerberos-agents)

 ### Running and automation

-4. [How to run and deploy a Kerberos Agent](#how-to-run-and-deploy-a-kerberos-agent)
-5. [Access the Kerberos Agent](#access-the-kerberos-agent)
-6. [Configure and persist with volume mounts](#configure-and-persist-with-volume-mounts)
-7. [Configure with environment variables](#configure-with-environment-variables)
+1. [How to run and deploy a Kerberos Agent](#how-to-run-and-deploy-a-kerberos-agent)
+2. [Access the Kerberos Agent](#access-the-kerberos-agent)
+3. [Configure and persist with volume mounts](#configure-and-persist-with-volume-mounts)
+4. [Configure with environment variables](#configure-with-environment-variables)
+
+### Insights
+
+1. [Encryption](#encryption)
+2. [H264 vs H265](#h264-vs-h265)

 ### Contributing

-8. [Contribute with Codespaces](#contribute-with-codespaces)
-9. [Develop and build](#develop-and-build)
-10. [Building from source](#building-from-source)
-11. [Building for Docker](#building-for-docker)
+1. [Contribute with Codespaces](#contribute-with-codespaces)
+2. [Develop and build](#develop-and-build)
+3. [Building from source](#building-from-source)
+4. [Building for Docker](#building-for-docker)

 ### Varia

-12. [Support our project](#support-our-project)
-13. [What is new?](#what-is-new)
-14. [Contributors](#contributors)
+1. [Support our project](#support-our-project)
+1. [What is new?](#what-is-new)
+1. [Contributors](#contributors)

 ## Quickstart - Docker

-The easiest to get your Kerberos Agent up and running is to use our public image on [Docker hub](https://hub.docker.com/r/kerberos/agent). Once you have selected a specific tag, run below `docker` command, which will open the web interface of your Kerberos agent on port `80`, and off you go. For a more configurable and persistent deployment have a look at [Running and automating a Kerberos Agent](#running-and-automating-a-kerberos-agent).
+The easiest way to get your Kerberos Agent up and running is to use our public image on [Docker hub](https://hub.docker.com/r/kerberos/agent). Once you have selected a specific tag, run `docker` command below, which will open the web interface of your Kerberos agent on port `80`, and off you go. For a more configurable and persistent deployment have a look at [Running and automating a Kerberos Agent](#running-and-automating-a-kerberos-agent).

    docker run -p 80:80 --name mycamera -d --restart=always kerberos/agent:latest

-If you want to connect to an USB or Raspberry Pi camera, [you'll need to run our side car container](https://github.com/kerberos-io/camera-to-rtsp) which proxy the camera to an RTSP stream. In that case you'll want to configure the Kerberos Agent container to run in the host network, so it can connect directly to the RTSP sidecar.
+If you want to connect to a USB or Raspberry Pi camera, [you'll need to run our side car container](https://github.com/kerberos-io/camera-to-rtsp) which proxies the camera to an RTSP stream. In that case you'll want to configure the Kerberos Agent container to run in the host network, so it can connect directly to the RTSP sidecar.

    docker run --network=host --name mycamera -d --restart=always kerberos/agent:latest

 ## Quickstart - Balena

-Run Kerberos Agent with [Balena Cloud](https://www.balena.io/) super powers. Monitor your Kerberos Agent with seamless remote access, over the air updates, an encrypted public `https` endpoint and many more. Checkout our application `video-surveillance` on [Balena Hub](https://hub.balena.io/apps/2064752/video-surveillance), and create your first or fleet of Kerberos Agent(s).
+Run Kerberos Agent with [Balena Cloud](https://www.balena.io/) super powers. Monitor your Kerberos Agent with seamless remote access, over the air updates, an encrypted public `https` endpoint and much more. Checkout our application `video-surveillance` on [Balena Hub](https://hub.balena.io/apps/2064752/video-surveillance), and create your first or fleet of Kerberos Agent(s).

 [![deploy with balena](https://balena.io/deploy.svg)](https://dashboard.balena-cloud.com/deploy?repoUrl=https://github.com/kerberos-io/balena-agent)

@@ -96,33 +104,37 @@ Once installed you can find your Kerberos Agent configration at `/var/snap/kerbe

 ## A world of Kerberos Agents

-The Kerberos Agent is an isolated and scalable video (surveillance) management agent with a strong focus on user experience, scalability, resilience, extension and integration. Next to the Kerberos Agent, Kerberos.io provides many other tools such as [Kerberos Factory](https://github.com/kerberos-io/factory), [Kerberos Vault](https://github.com/kerberos-io/vault) and [Kerberos Hub](https://github.com/kerberos-io/hub) to provide additional capabilities: bring your own cloud, bring your own storage, central overview, live streaming, machine learning etc.
+The Kerberos Agent is an isolated and scalable video (surveillance) management agent with a strong focus on user experience, scalability, resilience, extension and integration. Next to the Kerberos Agent, Kerberos.io provides many other tools such as [Kerberos Factory](https://github.com/kerberos-io/factory), [Kerberos Vault](https://github.com/kerberos-io/vault), and [Kerberos Hub](https://github.com/kerberos-io/hub) to provide additional capabilities: bring your own cloud, bring your own storage, central overview, live streaming, machine learning, etc.

-As mentioned above Kerberos.io applies the concept of agents. An agent is running next to (or on) your camera, and is processing a single camera feed. It applies motion based or continuous recording and make those recordings available through a user friendly web interface. A Kerberos Agent allows you to connect to other cloud services or integrates with custom applications. Kerberos Agent is used for personal usage and scales to enterprise production level deployments.
+[![Deployment Agent](./assets/img/edge-deployment-agent.svg)](https://github.com/kerberos-io/deployment)
+
+As mentioned above Kerberos.io applies the concept of agents. An agent is running next to (or on) your camera, and is processing a single camera feed. It applies motion based or continuous recording and makes those recordings available through a user friendly web interface. A Kerberos Agent allows you to connect to other cloud services or integrate with custom applications. Kerberos Agent is used for personal applications and scales to enterprise production level deployments. Learn more about the [deployment strategies here](<(https://github.com/kerberos-io/deployment)>).

 This repository contains everything you'll need to know about our core product, Kerberos Agent. Below you'll find a brief list of features and functions.

 - Low memory and CPU usage.
 - Simplified and modern user interface.
- Multi architecture (ARMv7, ARMv8, amd64, etc).
- Multi camera support: IP Cameras (H264), USB cameras and Raspberry Pi Cameras [through a RTSP proxy](https://github.com/kerberos-io/camera-to-rtsp).
+- Multi architecture (ARMv6, ARMv7, ARM64, AMD64)
+- Multi stream, for example recording in H265, live streaming and motion detection in H264.
+- Multi camera support: IP Cameras (H264 and H265), USB cameras and Raspberry Pi Cameras [through a RTSP proxy](https://github.com/kerberos-io/camera-to-rtsp).
 - Single camera per instance (e.g. one container per camera).
- Primary and secondary stream setup (record full-res, stream low-res).
- Low resolution streaming through MQTT and full resolution streaming through WebRTC.
- End-to-end encryption through MQTT using RSA and AES.
- Ability to specifiy conditions: offline mode, motion region, time table, continuous recording, etc.
- Post- and pre-recording on motion detection.
+- Low resolution streaming through MQTT and high resolution streaming through WebRTC (only supports H264/PCM).
+- Backchannel audio from Kerberos Hub to IP camera (requires PCM ULAW codec)
+- Audio (AAC) and video (H264/H265) recording in MP4 container.
+- End-to-end encryption through MQTT using RSA and AES (livestreaming, ONVIF, remote configuration, etc)
+- Conditional recording: offline mode, motion region, time table, continuous recording, webhook condition etc.
+- Post- and pre-recording for motion detection.
 - Encryption at rest using AES-256-CBC.
- Ability to create fragmented recordings, and streaming though HLS fMP4.
+- Ability to create fragmented recordings, and streaming through HLS fMP4.
 - [Deploy where you want](#how-to-run-and-deploy-a-kerberos-agent) with the tools you use: `docker`, `docker compose`, `ansible`, `terraform`, `kubernetes`, etc.
 - Cloud storage/persistance: Kerberos Hub, Kerberos Vault and Dropbox. [(WIP: Minio, Storj, Google Drive, FTP etc.)](https://github.com/kerberos-io/agent/issues/95)
- WIP: Integrations (Webhooks, MQTT, Script, etc).
+- Outputs: trigger an integration (Webhooks, MQTT, Script, etc) when a specific event (motion detection or start recording ) occurs
 - REST API access and documentation through Swagger (trigger recording, update configuration, etc).
 - MIT License

 ## How to run and deploy a Kerberos Agent

-As described before a Kerberos Agent is a container, which can be deployed through various ways and automation tools such as `docker`, `docker compose`, `kubernetes` and the list goes on. To simplify your life we have come with concrete and working examples of deployments to help you speed up your Kerberos.io journey.
+A Kerberos Agent, as previously mentioned, is a container. You can deploy it using various methods and automation tools, including `docker`, `docker compose`, `kubernetes` and more. To streamline your Kerberos.io experience, we provide concrete deployment examples to speed up your Kerberos.io journey”

 We have documented the different deployment models [in the `deployments` directory](https://github.com/kerberos-io/agent/tree/master/deployments) of this repository. There you'll learn and find how to deploy using:

@@ -136,7 +148,7 @@ We have documented the different deployment models [in the `deployments` directo
 - [Balena](https://github.com/kerberos-io/agent/tree/master/deployments#8-balena)
 - [Snap](https://github.com/kerberos-io/agent/tree/master/deployments#9-snap)

-By default your Kerberos Agents will store all its configuration and recordings inside the container. To help you automate and have a more consistent data governance, you can attach volumes to configure and persist data of your Kerberos Agents, and/or configure each Kerberos Agent through environment variables.
+By default, your Kerberos Agents store all configuration and recordings within the container. To help you automate and have a more consistent data governance, you can attach volumes to configure and persist data of your Kerberos Agents and/or configure each Kerberos Agent through environment variables.

 ## Access the Kerberos Agent

@@ -149,39 +161,25 @@ The default username and password for the Kerberos Agent is:

 **_Please note that you change the username and password for a final installation, see [Configure with environment variables](#configure-with-environment-variables) below._**

-## Encryption
-
-You can encrypt your recordings and outgoing MQTT messages with your own AES and RSA keys by enabling the encryption settings. Once enabled all your recordings will be encrypted using AES-256-CBC and your symmetric key. You can either use the default `openssl` toolchain to decrypt the recordings with your AES key, as following:
-
-    openssl aes-256-cbc -d -md md5 -in encrypted.mp4 -out decrypted.mp4 -k your-key-96ab185xxxxxxxcxxxxxxxx6a59c62e8
-
-, and additionally you can decrypt a folder of recordings, using the Kerberos Agent binary as following:
-
-    go run main.go -action decrypt ./data/recordings your-key-96ab185xxxxxxxcxxxxxxxx6a59c62e8
-
-or for a single file:
-
-    go run main.go -action decrypt ./data/recordings/video.mp4 your-key-96ab185xxxxxxxcxxxxxxxx6a59c62e8
-
 ## Configure and persist with volume mounts

-An example of how to mount a host directory is shown below using `docker`, but is applicable for [all the deployment models and tools described above](#running-and-automating-a-kerberos-agent).
+An example of how to mount a host directory is shown below using `docker`, but is applicable for [all of the deployment models and tools described above](#running-and-automating-a-kerberos-agent).

-You attach a volume to your container by leveraging the `-v` option. To mount your own configuration file and recordings folder, execute as following:
+You attach a volume to your container by leveraging the `-v` option. To mount your own configuration file and recordings folder, run the following commands:

    docker run -p 80:80 --name mycamera \
    -v $(pwd)/agent/config:/home/agent/data/config \
    -v $(pwd)/agent/recordings:/home/agent/data/recordings \
    -d --restart=always kerberos/agent:latest

-More example [can be found in the deployment section](https://github.com/kerberos-io/agent/tree/master/deployments) for each deployment and automation tool. Please note to verify the permissions of the directory/volume you are attaching. More information in [this issue](https://github.com/kerberos-io/agent/issues/80).
+More examples for each deployment and automation tool [can be found in the deployment section](https://github.com/kerberos-io/agent/tree/master/deployments). Be sure to verify the permissions of the directory/volume you are attaching. More information in [this issue](https://github.com/kerberos-io/agent/issues/80).

    chmod -R 755 kerberos-agent/
    chown 100:101 kerberos-agent/ -R

 ## Configure with environment variables

-Next to attaching the configuration file, it is also possible to override the configuration with environment variables. This makes deployments easier when leveraging `docker compose` or `kubernetes` deployments much easier and scalable. Using this approach we simplify automation through `ansible` and `terraform`.
+Next to attaching the configuration file, it is also possible to override the configuration with environment variables. This makes deploying with `docker compose` or `kubernetes` much easier and more scalable. Using this approach, we simplify automation through `ansible` and `terraform`.

    docker run -p 80:80 --name mycamera \
    -e AGENT_NAME=mycamera \
@@ -192,6 +190,8 @@ Next to attaching the configuration file, it is also possible to override the co

 | Name                                    | Description                                                                                     | Default Value                  |
 | --------------------------------------- | ----------------------------------------------------------------------------------------------- | ------------------------------ |
+| `LOG_LEVEL`                             | Level for logging, could be "info", "warning", "debug", "error" or "fatal".                     | "info"                         |
+| `LOG_OUTPUT`                            | Logging output format "json" or "text".                                                         | "text"                         |
 | `AGENT_MODE`                            | You can choose to run this in 'release' for production, and or 'demo' for showcasing.           | "release"                      |
 | `AGENT_TLS_INSECURE`                    | Specify if you want to use `InsecureSkipVerify` for the internal HTTP client.                   | "false"                        |
 | `AGENT_USERNAME`                        | The username used to authenticate against the Kerberos Agent login page.                        | "root"                         |
@@ -202,7 +202,7 @@ Next to attaching the configuration file, it is also possible to override the co
 | `AGENT_REMOVE_AFTER_UPLOAD`             | When enabled, recordings uploaded successfully to a storage will be removed from disk.          | "true"                         |
 | `AGENT_OFFLINE`                         | Makes sure no external connection is made.                                                      | "false"                        |
 | `AGENT_AUTO_CLEAN`                      | Cleans up the recordings directory.                                                             | "true"                         |
-| `AGENT_AUTO_CLEAN_MAX_SIZE`             | If `AUTO_CLEAN` enabled, set the max size of the recordings directory in (MB).                  | "100"                          |
+| `AGENT_AUTO_CLEAN_MAX_SIZE`             | If `AUTO_CLEAN` enabled, set the max size of the recordings directory (in MB).                  | "100"                          |
 | `AGENT_TIME`                            | Enable the timetable for Kerberos Agent                                                         | "false"                        |
 | `AGENT_TIMETABLE`                       | A (weekly) time table to specify when to make recordings "start1,end1,start2,end2;start1..      | ""                             |
 | `AGENT_REGION_POLYGON`                  | A single polygon set for motion detection: "x1,y1;x2,y2;x3,y3;...                               | ""                             |
@@ -217,20 +217,24 @@ Next to attaching the configuration file, it is also possible to override the co
 | `AGENT_CAPTURE_SNAPSHOTS`               | Toggle for enabling or disabling snapshot generation.                                           | "true"                         |
 | `AGENT_CAPTURE_RECORDING`               | Toggle for enabling making recordings.                                                          | "true"                         |
 | `AGENT_CAPTURE_CONTINUOUS`              | Toggle for enabling continuous "true" or motion "false".                                        | "false"                        |
-| `AGENT_CAPTURE_PRERECORDING`            | If `CONTINUOUS` set to `false`, specify the recording time (seconds) before after motion event. | "10"                           |
+| `AGENT_CAPTURE_PRERECORDING`            | If `CONTINUOUS` set to `false`, specify the recording time (seconds) before/after motion event. | "10"                           |
 | `AGENT_CAPTURE_POSTRECORDING`           | If `CONTINUOUS` set to `false`, specify the recording time (seconds) after motion event.        | "20"                           |
 | `AGENT_CAPTURE_MAXLENGTH`               | The maximum length of a single recording (seconds).                                             | "30"                           |
 | `AGENT_CAPTURE_PIXEL_CHANGE`            | If `CONTINUOUS` set to `false`, the number of pixel require to change before motion triggers.   | "150"                          |
 | `AGENT_CAPTURE_FRAGMENTED`              | Set the format of the recorded MP4 to fragmented (suitable for HLS).                            | "false"                        |
 | `AGENT_CAPTURE_FRAGMENTED_DURATION`     | If `AGENT_CAPTURE_FRAGMENTED` set to `true`, define the duration (seconds) of a fragment.       | "8"                            |
-| `AGENT_MQTT_URI`                        | A MQTT broker endpoint that is used for bi-directional communication (live view, onvif, etc)    | "tcp://mqtt.kerberos.io:1883"  |
+| `AGENT_MQTT_URI`                        | An MQTT broker endpoint that is used for bi-directional communication (live view, onvif, etc)   | "tcp://mqtt.kerberos.io:1883"  |
 | `AGENT_MQTT_USERNAME`                   | Username of the MQTT broker.                                                                    | ""                             |
 | `AGENT_MQTT_PASSWORD`                   | Password of the MQTT broker.                                                                    | ""                             |
+| `AGENT_REALTIME_PROCESSING`             | If `AGENT_REALTIME_PROCESSING` set to `true`, the agent will send key frames to the topic       | ""                             |
+| `AGENT_REALTIME_PROCESSING_TOPIC`       | The topic to which keyframes will be sent in base64 encoded format.                             | ""                             |
 | `AGENT_STUN_URI`                        | When using WebRTC, you'll need to provide a STUN server.                                        | "stun:turn.kerberos.io:8443"   |
+| `AGENT_FORCE_TURN`                      | Force using a TURN server, by generating relay candidates only.                                 | "false"                        |
 | `AGENT_TURN_URI`                        | When using WebRTC, you'll need to provide a TURN server.                                        | "turn:turn.kerberos.io:8443"   |
 | `AGENT_TURN_USERNAME`                   | TURN username used for WebRTC.                                                                  | "username1"                    |
 | `AGENT_TURN_PASSWORD`                   | TURN password used for WebRTC.                                                                  | "password1"                    |
-| `AGENT_CLOUD`                           | Store recordings in Kerberos Hub (s3), Kerberos Vault (kstorage) or Dropbox (dropbox).          | "s3"                           |
+| `AGENT_CLOUD`                           | Store recordings in Kerberos Hub (s3), Kerberos Vault (kstorage), or Dropbox (dropbox).         | "s3"                           |
+| `AGENT_HUB_ENCRYPTION`                  | Turning on/off encryption of traffic from your Kerberos Agent to Kerberos Hub.                  | "true"                         |
 | `AGENT_HUB_URI`                         | The Kerberos Hub API, defaults to our Kerberos Hub SAAS.                                        | "https://api.hub.domain.com"   |
 | `AGENT_HUB_KEY`                         | The access key linked to your account in Kerberos Hub.                                          | ""                             |
 | `AGENT_HUB_PRIVATE_KEY`                 | The secret access key linked to your account in Kerberos Hub.                                   | ""                             |
@@ -240,20 +244,58 @@ Next to attaching the configuration file, it is also possible to override the co
 | `AGENT_KERBEROSVAULT_ACCESS_KEY`        | The access key of a Kerberos Vault account.                                                     | ""                             |
 | `AGENT_KERBEROSVAULT_SECRET_KEY`        | The secret key of a Kerberos Vault account.                                                     | ""                             |
 | `AGENT_KERBEROSVAULT_PROVIDER`          | A Kerberos Vault provider you have created (optional).                                          | ""                             |
-| `AGENT_KERBEROSVAULT_DIRECTORY`         | The directory, in the provider, where the recordings will be stored in.                         | ""                             |
+| `AGENT_KERBEROSVAULT_DIRECTORY`         | The directory, in the Kerberos vault, where the recordings will be stored.                      | ""                             |
 | `AGENT_DROPBOX_ACCESS_TOKEN`            | The Access Token from your Dropbox app, that is used to leverage the Dropbox SDK.               | ""                             |
-| `AGENT_DROPBOX_DIRECTORY`               | The directory, in the provider, where the recordings will be stored in.                         | ""                             |
+| `AGENT_DROPBOX_DIRECTORY`               | The directory, in Dropbox, where the recordings will be stored.                                 | ""                             |
 | `AGENT_ENCRYPTION`                      | Enable 'true' or disable 'false' end-to-end encryption for MQTT messages.                       | "false"                        |
 | `AGENT_ENCRYPTION_RECORDINGS`           | Enable 'true' or disable 'false' end-to-end encryption for recordings.                          | "false"                        |
 | `AGENT_ENCRYPTION_FINGERPRINT`          | The fingerprint of the keypair (public/private keys), so you know which one to use.             | ""                             |
-| `AGENT_ENCRYPTION_PRIVATE_KEY`          | The private key (assymetric/RSA) to decryptand sign requests send over MQTT.                    | ""                             |
-| `AGENT_ENCRYPTION_SYMMETRIC_KEY`        | The symmetric key (AES) to encrypt and decrypt request send over MQTT.                          | ""                             |
+| `AGENT_ENCRYPTION_PRIVATE_KEY`          | The private key (assymetric/RSA) to decrypt and sign requests send over MQTT.                   | ""                             |
+| `AGENT_ENCRYPTION_SYMMETRIC_KEY`        | The symmetric key (AES) to encrypt and decrypt requests sent over MQTT.                         | ""                             |
+
+## Encryption
+
+You can encrypt your recordings and outgoing MQTT messages with your own AES and RSA keys by enabling the encryption settings. Once enabled, all your recordings will be encrypted using AES-256-CBC and your symmetric key. You can use the default `openssl` toolchain to decrypt the recordings with your AES key, as following:
+
+    openssl aes-256-cbc -d -md md5 -in encrypted.mp4 -out decrypted.mp4 -k your-key-96ab185xxxxxxxcxxxxxxxx6a59c62e8
+
+Or you can decrypt a folder of recordings, using the Kerberos Agent binary as following:
+
+    go run main.go -action decrypt ./data/recordings your-key-96ab185xxxxxxxcxxxxxxxx6a59c62e8
+
+Or for a single file:
+
+    go run main.go -action decrypt ./data/recordings/video.mp4 your-key-96ab185xxxxxxxcxxxxxxxx6a59c62e8
+
+## H264 vs H265
+
+If we talk about video encoders and decoders (codecs) there are 2 major video codecs on the market: H264 and H265. Taking into account your use case, you might use one over the other. We will provide an (not complete) overview of the advantages and disadvantages of each codec in the field of video surveillance and video analytics. If you would like to know more, you should look for additional resources on the internet (or if you like to read physical items, books still exists nowadays).
+
+- H264 (also known as AVC or MPEG-4 Part 10)
+
+  - Is the most common one and most widely supported for IP cameras.
+  - Supported in the majority of browsers, operating system, and third-party applications.
+  - Can be embedded in commercial and 3rd party applications.
+  - Different levels of compression (high, medium, low, ..)
+  - Better quality / compression ratio, shows less artifacts at medium compression ratios.
+  - Does support technologies such as WebRTC
+
+- H265 (also known as HEVC)
+  - Is not supported on legacy cameras, though becoming rapidly available on "newer" IP cameras.
+  - Might not always be supported due to licensing. For example not supported in browers on a Linux distro.
+  - Requires licensing when embedding in a commercial product (be careful).
+  - Higher levels of compression (50% more than H264).
+  - H265 shows artifacts in motion based environments (which is less with H264).
+  - Recording the same video (resolution, duration and FPS) in H264 and H265 will result in approx 50% the file size.
+  - Not supported in technologies such as WebRTC
+
+Conclusion: depending on the use case you might choose one over the other, and you can use both at the same time. For example you can use H264 (main stream) for livestreaming, and H265 (sub stream) for recording. If you wish to play recordings in a cross-platform and cross-browser environment, you might opt for H264 for better support.

 ## Contribute with Codespaces

-One of the major blockers for letting you contribute to an Open Source project is to setup your local development machine. Why? Because you might have already some tools and libraries installed that are used for other projects, and the libraries you would need for Kerberos Agent, for example FFmpeg, might require a different version. Welcome to the dependency hell..
+One of the major blockers for letting you contribute to an Open Source project is to set up your local development machine. Why? Because you might already have some tools and libraries installed that are used for other projects, and the libraries you would need for Kerberos Agent, for example FFmpeg, might require a different version. Welcome to dependency hell...

-By leveraging codespaces, which the Kerberos Agent repo supports, you will be able to setup the required development environment in a few minutes. By opening the `<> Code` tab on the top of the page, you will be able to create a codespace, [using the Kerberos Devcontainer](https://github.com/kerberos-io/devcontainer) base image. This image requires all the relevant dependencies: FFmpeg, OpenCV, Golang, Node, Yarn, etc.
+By leveraging codespaces, which the Kerberos Agent repo supports, you will be able to set up the required development environment in a few minutes. By opening the `<> Code` tab on the top of the page, you will be able to create a codespace, [using the Kerberos Devcontainer](https://github.com/kerberos-io/devcontainer) base image. This image requires all the relevant dependencies: FFmpeg, OpenCV, Golang, Node, Yarn, etc.

 ![Kerberos Agent codespace](assets/img/codespace.png)

@@ -280,7 +322,7 @@ On opening of the GitHub Codespace, some dependencies will be installed. Once th
      WS_URL: `${websocketprotocol}//${externalHost}/ws`,
    };

-Go and open two terminals one for the `ui` project and one for the `machinery` project.
+Go and open two terminals: one for the `ui` project and one for the `machinery` project.

 1.  Terminal A:

@@ -296,11 +338,11 @@ Once executed, a popup will show up mentioning `portforwarding`. You should see

 ![Codespace make public](./assets/img/codespace-make-public.png)

-As mentioned above, copy the hostname of the `machinery` DNS name, and past it in the `ui/src/config.json` file. Once done reload, the `ui` page in your browser, and you should be able to access the login page with the default credentials `root` and `root`.
+As mentioned above, copy the hostname of the `machinery` DNS name, and paste it in the `ui/src/config.json` file. Once done, reload the `ui` page in your browser, and you should be able to access the login page with the default credentials `root` and `root`.

 ## Develop and build

-Kerberos Agent is divided in two parts a `machinery` and `web`. Both parts live in this repository in their relative folders. For development or running the application on your local machine, you have to run both the `machinery` and the `web` as described below. When running in production everything is shipped as only one artifact, read more about this at [Building for production](#building-for-production).
+The Kerberos Agent is divided in two parts: a `machinery` and `web` part. Both parts live in this repository in their relative folders. For development or running the application on your local machine, you have to run both the `machinery` and the `web` as described below. When running in production everything is shipped as only one artifact, read more about this at [Building for production](#building-for-production).

 ### UI

@@ -314,13 +356,13 @@ This will start a webserver and launches the web app on port `3000`.

 ![login-agent](./assets/img/agent-login.gif)

-Once signed in you'll see the dashboard page showing up. After successfull configuration of your agent, you'll should see a live view and possible events recorded to disk.
+Once signed in you'll see the dashboard page. After successfull configuration of your agent, you'll should see a live view and possible events recorded to disk.

 ![dashboard-agent](./assets/img/agent-dashboard.png)

 ### Machinery

-The `machinery` is a **Golang** project which delivers two functions: it acts as the Kerberos Agent which is doing all the heavy lifting with camera processing and other kinds of logic, on the other hand it acts as a webserver (Rest API) that allows communication from the web (React) or any other custom application. The API is documented using `swagger`.
+The `machinery` is a **Golang** project which delivers two functions: it acts as the Kerberos Agent which is doing all the heavy lifting with camera processing and other kinds of logic and on the other hand it acts as a webserver (Rest API) that allows communication from the web (React) or any other custom application. The API is documented using `swagger`.

 You can simply run the `machinery` using following commands.

@@ -328,13 +370,13 @@ You can simply run the `machinery` using following commands.
    cd machinery
    go run main.go -action run -port 80

-This will launch the Kerberos Agent and run a webserver on port `80`. You can change the port by your own preference. We strongly support the usage of [Goland](https://www.jetbrains.com/go/) or [Visual Studio Code](https://code.visualstudio.com/), as it comes with all the debugging and linting features builtin.
+This will launch the Kerberos Agent and run a webserver on port `80`. You can change the port by your own preference. We strongly support the usage of [Goland](https://www.jetbrains.com/go/) or [Visual Studio Code](https://code.visualstudio.com/), as it comes with all the debugging and linting features built in.

 ![VSCode desktop](./assets/img/vscode-desktop.png)

 ## Building from source

-Running Kerberos Agent in production only require a single binary to run. Nevertheless, we have two parts, the `machinery` and the `web`, we merge them during build time. So this is what happens.
+Running Kerberos Agent in production only requires a single binary to run. Nevertheless, we have two parts: the `machinery` and the `web`, we merge them during build time. So this is what happens.

 ### UI

@@ -345,7 +387,7 @@ To build the Kerberos Agent web app, you simply have to run the `build` command

 ### Machinery

-Building the `machinery` is also super easy 🚀, by using `go build` you can create a single binary which ships it all; thank you Golang. After building you will endup with a binary called `main`, this is what contains everything you need to run Kerberos Agent.
+Building the `machinery` is also super easy 🚀, by using `go build` you can create a single binary which ships it all; thank you Golang. After building you will end up with a binary called `main`, this is what contains everything you need to run Kerberos Agent.

 Remember the build step of the `web` part, during build time we move the build directory to the `machinery` directory. Inside the `machinery` web server [we reference the](https://github.com/kerberos-io/agent/blob/master/machinery/src/routers/http/Server.go#L44) `build` directory. This makes it possible to just a have single web server that runs it all.

@@ -354,8 +396,8 @@ Remember the build step of the `web` part, during build time we move the build d

 ## Building for Docker

-Inside the root of this `agent` repository, you will find a `Dockerfile`. This file contains the instructions for building and shipping **Kerberos Agent**. Important to note is that start from a prebuild base image, `kerberos/base:xxx`.
-This base image contains already a couple of tools, such as Golang, FFmpeg and OpenCV. We do this for faster compilation times.
+Inside the root of this `agent` repository, you will find a `Dockerfile`. This file contains the instructions for building and shipping a **Kerberos Agent**. Important to note is that you start from a prebuilt base image, `kerberos/base:xxx`.
+This base image already contains a couple of tools, such as Golang, FFmpeg and OpenCV. We do this for faster compilation times.

 By running the `docker build` command, you will create the Kerberos Agent Docker image. After building you can simply run the image as a Docker container.

@@ -371,7 +413,7 @@ Read more about this [at the FAQ](#faq) below.

 ## Contributors

-This project exists thanks to all the people who contribute.
+This project exists thanks to all the people who contribute. Bravo!

 <a href="https://github.com/kerberos-io/agent/graphs/contributors">
  <img src="https://contrib.rocks/image?repo=kerberos-io/agent" />
--- a/assets/img/edge-deployment-agent.svg
+++ b/assets/img/edge-deployment-agent.svg
--- a/deployments/binary/README.md
+++ b/deployments/binary/README.md
@@ -9,7 +9,7 @@ Kerberos Agents are now also shipped as static binaries. Within the Docker image

 You can run the binary as following on port `8080`:

-    main run cameraname 8080
+    main -action=run -port=80

 ## Systemd

@@ -18,7 +18,7 @@ When running on a Linux OS you might consider to auto-start the Kerberos Agent u
    [Unit]
    Wants=network.target
    [Service]
-    ExecStart=/home/pi/agent/main run camera 80
+    ExecStart=/home/pi/agent/main -action=run -port=80
    WorkingDirectory=/home/pi/agent/
    [Install]
    WantedBy=multi-user.target
--- a/deployments/docker/README.md
+++ b/deployments/docker/README.md
@@ -36,8 +36,8 @@ You attach a volume to your container by leveraging the `-v` option. To mount yo

        docker run -p 80:80 --name mycamera \
        -v $(pwd)/agent/config:/home/agent/data/config \
-        -v $(pwd)/agent/recordings:/home/agent/data/recordings\
-        -d --restart=alwayskerberos/agent:latest
+        -v $(pwd)/agent/recordings:/home/agent/data/recordings \
+        -d --restart=always kerberos/agent:latest

 ### Override with environment variables

--- a/deployments/docker/docker-compose.yaml
+++ b/deployments/docker/docker-compose.yaml
@@ -1,35 +1,38 @@
 version: "3.9"
+x-common-variables: &common-variables
+  # Add variables here to add them to all agents
+  AGENT_HUB_KEY: "xxxxx" # The access key linked to your account in Kerberos Hub.
+  AGENT_HUB_PRIVATE_KEY: "xxxxx" # The secret access key linked to your account in Kerberos Hub.
+  # find full list of environment variables here: https://github.com/kerberos-io/agent#override-with-environment-variables
 services:
  kerberos-agent1:
    image: "kerberos/agent:latest"
    ports:
      - "8081:80"
    environment:
-      - AGENT_NAME=agent1
-      - AGENT_CAPTURE_IPCAMERA_RTSP=rtsp://x.x.x.x:554/Streaming/Channels/101
-      - AGENT_HUB_KEY=xxx
-      - AGENT_HUB_PRIVATE_KEY=xxx
-      - AGENT_CAPTURE_CONTINUOUS=true
-      - AGENT_CAPTURE_PRERECORDING=10
-      - AGENT_CAPTURE_POSTRECORDING=10
-      - AGENT_CAPTURE_MAXLENGTH=60
-      - AGENT_CAPTURE_PIXEL_CHANGE=150
-      # find full list of environment variables here: https://github.com/kerberos-io/agent#override-with-environment-variables
+      <<: *common-variables
+      AGENT_NAME: agent1
+      AGENT_CAPTURE_IPCAMERA_RTSP: rtsp://username:password@x.x.x.x/Streaming/Channels/101 # Hikvision camera RTSP url example
+      AGENT_KEY: "1"
  kerberos-agent2:
    image: "kerberos/agent:latest"
    ports:
      - "8082:80"
    environment:
-      - AGENT_NAME=agent2
-      - AGENT_CAPTURE_IPCAMERA_RTSP=rtsp://x.x.x.x:554/Streaming/Channels/101
-      - AGENT_HUB_KEY=yyy
-      - AGENT_HUB_PRIVATE_KEY=yyy
+      <<: *common-variables
+      AGENT_NAME: agent2
+      AGENT_CAPTURE_IPCAMERA_RTSP: rtsp://username:password@x.x.x.x/channel1 # Linksys camera RTSP url example
+      AGENT_KEY: "2"
  kerberos-agent3:
    image: "kerberos/agent:latest"
    ports:
      - "8083:80"
    environment:
-      - AGENT_NAME=agent3
-      - AGENT_CAPTURE_IPCAMERA_RTSP=rtsp://x.x.x.x:554/Streaming/Channels/101
-      - AGENT_HUB_KEY=zzz
-      - AGENT_HUB_PRIVATE_KEY=zzz
+      <<: *common-variables
+      AGENT_NAME: agent3
+      AGENT_CAPTURE_IPCAMERA_RTSP: rtsp://username:password@x.x.x.x/cam/realmonitor?channel=1&subtype=1 # Dahua camera RTSP url example
+      AGENT_KEY: "3"
+networks:
+  default:
+    name: cluster-net
+    external: true
--- a/deployments/kubernetes/deployment-agent.yml
+++ b/deployments/kubernetes/deployment-agent.yml
@@ -16,7 +16,7 @@ spec:
    spec:
      containers:
        - name: agent
-          image: kerberos/agent:latest
+          image: kerberos/agent:3.2.3
          ports:
            - containerPort: 80
              protocol: TCP
@@ -50,4 +50,4 @@ spec:
    - port: 80
      targetPort: 80
  selector:
-    app: agent
+    app: agent
--- a/machinery/.vscode/launch.json
+++ b/machinery/.vscode/launch.json
@@ -1,18 +0,0 @@
-{
-    // Use IntelliSense to learn about possible attributes.
-    // Hover to view descriptions of existing attributes.
-    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
-    "version": "0.2.0",
-    "configurations": [
-        {
-            "name": "Launch Package",
-            "type": "go",
-            "request": "launch",
-            "mode": "auto",
-            "program": "main.go",
-            "args": ["-action", "run"],
-            "envFile": "${workspaceFolder}/.env",
-            "buildFlags": "--tags dynamic",
-        },
-    ]
-}
--- a/machinery/data/config/config.json
+++ b/machinery/data/config/config.json
@@ -103,14 +103,18 @@
 	"mqtt_username": "",
 	"mqtt_password": "",
 	"stunuri": "stun:turn.kerberos.io:8443",
+	"turn_force": "false",
 	"turnuri": "turn:turn.kerberos.io:8443",
 	"turn_username": "username1",
 	"turn_password": "password1",
 	"heartbeaturi": "",
+	"hub_encryption": "true",
 	"hub_uri": "https://api.cloud.kerberos.io",
 	"hub_key": "",
 	"hub_private_key": "",
 	"hub_site": "",
 	"condition_uri": "",
-	"encryption": {}
+	"encryption": {},
+	"realtimeprocessing": "false",
+	"realtimeprocessing_topic": ""
 }
--- a/machinery/docs/docs.go
+++ b/machinery/docs/docs.go
@@ -1,5 +1,4 @@
-// Package docs GENERATED BY SWAG; DO NOT EDIT
-// This file was generated by swaggo/swag
+// Package docs Code generated by swaggo/swag. DO NOT EDIT
 package docs

 import "github.com/swaggo/swag"
@@ -29,7 +28,7 @@ const docTemplate = `{
            "post": {
                "description": "Will return the ONVIF capabilities for the specific camera.",
                "tags": [
-                    "camera"
+                    "onvif"
                ],
                "summary": "Will return the ONVIF capabilities for the specific camera.",
                "operationId": "camera-onvif-capabilities",
@@ -58,7 +57,7 @@ const docTemplate = `{
            "post": {
                "description": "Will activate the desired ONVIF preset.",
                "tags": [
-                    "camera"
+                    "onvif"
                ],
                "summary": "Will activate the desired ONVIF preset.",
                "operationId": "camera-onvif-gotopreset",
@@ -83,11 +82,45 @@ const docTemplate = `{
                }
            }
        },
+        "/api/camera/onvif/inputs": {
+            "post": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "description": "Will get the digital inputs from the ONVIF device.",
+                "tags": [
+                    "onvif"
+                ],
+                "summary": "Will get the digital inputs from the ONVIF device.",
+                "operationId": "get-digital-inputs",
+                "parameters": [
+                    {
+                        "description": "OnvifCredentials",
+                        "name": "config",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/models.OnvifCredentials"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/models.APIResponse"
+                        }
+                    }
+                }
+            }
+        },
        "/api/camera/onvif/login": {
            "post": {
                "description": "Try to login into ONVIF supported camera.",
                "tags": [
-                    "camera"
+                    "onvif"
                ],
                "summary": "Try to login into ONVIF supported camera.",
                "operationId": "camera-onvif-login",
@@ -112,11 +145,86 @@ const docTemplate = `{
                }
            }
        },
+        "/api/camera/onvif/outputs": {
+            "post": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "description": "Will get the relay outputs from the ONVIF device.",
+                "tags": [
+                    "onvif"
+                ],
+                "summary": "Will get the relay outputs from the ONVIF device.",
+                "operationId": "get-relay-outputs",
+                "parameters": [
+                    {
+                        "description": "OnvifCredentials",
+                        "name": "config",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/models.OnvifCredentials"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/models.APIResponse"
+                        }
+                    }
+                }
+            }
+        },
+        "/api/camera/onvif/outputs/{output}": {
+            "post": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "description": "Will trigger the relay output from the ONVIF device.",
+                "tags": [
+                    "onvif"
+                ],
+                "summary": "Will trigger the relay output from the ONVIF device.",
+                "operationId": "trigger-relay-output",
+                "parameters": [
+                    {
+                        "description": "OnvifCredentials",
+                        "name": "config",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/models.OnvifCredentials"
+                        }
+                    },
+                    {
+                        "type": "string",
+                        "description": "Output",
+                        "name": "output",
+                        "in": "path",
+                        "required": true
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/models.APIResponse"
+                        }
+                    }
+                }
+            }
+        },
        "/api/camera/onvif/pantilt": {
            "post": {
                "description": "Panning or/and tilting the camera using a direction (x,y).",
                "tags": [
-                    "camera"
+                    "onvif"
                ],
                "summary": "Panning or/and tilting the camera.",
                "operationId": "camera-onvif-pantilt",
@@ -145,7 +253,7 @@ const docTemplate = `{
            "post": {
                "description": "Will return the ONVIF presets for the specific camera.",
                "tags": [
-                    "camera"
+                    "onvif"
                ],
                "summary": "Will return the ONVIF presets for the specific camera.",
                "operationId": "camera-onvif-presets",
@@ -170,11 +278,45 @@ const docTemplate = `{
                }
            }
        },
+        "/api/camera/onvif/verify": {
+            "post": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "description": "Will verify the ONVIF connectivity.",
+                "tags": [
+                    "onvif"
+                ],
+                "summary": "Will verify the ONVIF connectivity.",
+                "operationId": "verify-onvif",
+                "parameters": [
+                    {
+                        "description": "OnvifCredentials",
+                        "name": "config",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/models.OnvifCredentials"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/models.APIResponse"
+                        }
+                    }
+                }
+            }
+        },
        "/api/camera/onvif/zoom": {
            "post": {
                "description": "Zooming in or out the camera.",
                "tags": [
-                    "camera"
+                    "onvif"
                ],
                "summary": "Zooming in or out the camera.",
                "operationId": "camera-onvif-zoom",
@@ -199,6 +341,90 @@ const docTemplate = `{
                }
            }
        },
+        "/api/camera/record": {
+            "post": {
+                "description": "Make a recording.",
+                "tags": [
+                    "camera"
+                ],
+                "summary": "Make a recording.",
+                "operationId": "camera-record",
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/models.APIResponse"
+                        }
+                    }
+                }
+            }
+        },
+        "/api/camera/restart": {
+            "post": {
+                "description": "Restart the agent.",
+                "tags": [
+                    "camera"
+                ],
+                "summary": "Restart the agent.",
+                "operationId": "camera-restart",
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/models.APIResponse"
+                        }
+                    }
+                }
+            }
+        },
+        "/api/camera/snapshot/base64": {
+            "get": {
+                "description": "Get a snapshot from the camera in base64.",
+                "tags": [
+                    "camera"
+                ],
+                "summary": "Get a snapshot from the camera in base64.",
+                "operationId": "snapshot-base64",
+                "responses": {
+                    "200": {
+                        "description": "OK"
+                    }
+                }
+            }
+        },
+        "/api/camera/snapshot/jpeg": {
+            "get": {
+                "description": "Get a snapshot from the camera in jpeg format.",
+                "tags": [
+                    "camera"
+                ],
+                "summary": "Get a snapshot from the camera in jpeg format.",
+                "operationId": "snapshot-jpeg",
+                "responses": {
+                    "200": {
+                        "description": "OK"
+                    }
+                }
+            }
+        },
+        "/api/camera/stop": {
+            "post": {
+                "description": "Stop the agent.",
+                "tags": [
+                    "camera"
+                ],
+                "summary": "Stop the agent.",
+                "operationId": "camera-stop",
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/models.APIResponse"
+                        }
+                    }
+                }
+            }
+        },
        "/api/camera/verify/{streamType}": {
            "post": {
                "description": "This method will validate a specific profile connection from an RTSP camera, and try to get the codec.",
@@ -239,6 +465,75 @@ const docTemplate = `{
                }
            }
        },
+        "/api/config": {
+            "get": {
+                "description": "Get the current configuration.",
+                "tags": [
+                    "config"
+                ],
+                "summary": "Get the current configuration.",
+                "operationId": "config",
+                "responses": {
+                    "200": {
+                        "description": "OK"
+                    }
+                }
+            },
+            "post": {
+                "description": "Update the current configuration.",
+                "tags": [
+                    "config"
+                ],
+                "summary": "Update the current configuration.",
+                "operationId": "config",
+                "parameters": [
+                    {
+                        "description": "Configuration",
+                        "name": "config",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/models.Config"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK"
+                    }
+                }
+            }
+        },
+        "/api/dashboard": {
+            "get": {
+                "description": "Get all information showed on the dashboard.",
+                "tags": [
+                    "general"
+                ],
+                "summary": "Get all information showed on the dashboard.",
+                "operationId": "dashboard",
+                "responses": {
+                    "200": {
+                        "description": "OK"
+                    }
+                }
+            }
+        },
+        "/api/days": {
+            "get": {
+                "description": "Get all days stored in the recordings directory.",
+                "tags": [
+                    "general"
+                ],
+                "summary": "Get all days stored in the recordings directory.",
+                "operationId": "days",
+                "responses": {
+                    "200": {
+                        "description": "OK"
+                    }
+                }
+            }
+        },
        "/api/hub/verify": {
            "post": {
                "security": [
@@ -248,7 +543,7 @@ const docTemplate = `{
                ],
                "description": "Will verify the hub connectivity.",
                "tags": [
-                    "config"
+                    "persistence"
                ],
                "summary": "Will verify the hub connectivity.",
                "operationId": "verify-hub",
@@ -273,6 +568,32 @@ const docTemplate = `{
                }
            }
        },
+        "/api/latest-events": {
+            "post": {
+                "description": "Get the latest recordings (events) from the recordings directory.",
+                "tags": [
+                    "general"
+                ],
+                "summary": "Get the latest recordings (events) from the recordings directory.",
+                "operationId": "latest-events",
+                "parameters": [
+                    {
+                        "description": "Event filter",
+                        "name": "eventFilter",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/models.EventFilter"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK"
+                    }
+                }
+            }
+        },
        "/api/login": {
            "post": {
                "description": "Get Authorization token.",
@@ -302,40 +623,6 @@ const docTemplate = `{
                }
            }
        },
-        "/api/onvif/verify": {
-            "post": {
-                "security": [
-                    {
-                        "Bearer": []
-                    }
-                ],
-                "description": "Will verify the ONVIF connectivity.",
-                "tags": [
-                    "config"
-                ],
-                "summary": "Will verify the ONVIF connectivity.",
-                "operationId": "verify-onvif",
-                "parameters": [
-                    {
-                        "description": "Camera Config",
-                        "name": "cameraConfig",
-                        "in": "body",
-                        "required": true,
-                        "schema": {
-                            "$ref": "#/definitions/models.IPCamera"
-                        }
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "OK",
-                        "schema": {
-                            "$ref": "#/definitions/models.APIResponse"
-                        }
-                    }
-                }
-            }
-        },
        "/api/persistence/verify": {
            "post": {
                "security": [
@@ -345,7 +632,7 @@ const docTemplate = `{
                ],
                "description": "Will verify the persistence.",
                "tags": [
-                    "config"
+                    "persistence"
                ],
                "summary": "Will verify the persistence.",
                "operationId": "verify-persistence",
@@ -505,6 +792,9 @@ const docTemplate = `{
                "dropbox": {
                    "$ref": "#/definitions/models.Dropbox"
                },
+                "encryption": {
+                    "$ref": "#/definitions/models.Encryption"
+                },
                "friendly_name": {
                    "type": "string"
                },
@@ -512,6 +802,9 @@ const docTemplate = `{
                    "description": "obsolete",
                    "type": "string"
                },
+                "hub_encryption": {
+                    "type": "string"
+                },
                "hub_key": {
                    "type": "string"
                },
@@ -548,6 +841,12 @@ const docTemplate = `{
                "offline": {
                    "type": "string"
                },
+                "realtimeprocessing": {
+                    "type": "string"
+                },
+                "realtimeprocessing_topic": {
+                    "type": "string"
+                },
                "region": {
                    "$ref": "#/definitions/models.Region"
                },
@@ -572,6 +871,9 @@ const docTemplate = `{
                "timezone": {
                    "type": "string"
                },
+                "turn_force": {
+                    "type": "string"
+                },
                "turn_password": {
                    "type": "string"
                },
@@ -608,12 +910,49 @@ const docTemplate = `{
                }
            }
        },
+        "models.Encryption": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "string"
+                },
+                "fingerprint": {
+                    "type": "string"
+                },
+                "private_key": {
+                    "type": "string"
+                },
+                "recordings": {
+                    "type": "string"
+                },
+                "symmetric_key": {
+                    "type": "string"
+                }
+            }
+        },
+        "models.EventFilter": {
+            "type": "object",
+            "properties": {
+                "number_of_elements": {
+                    "type": "integer"
+                },
+                "timestamp_offset_end": {
+                    "type": "integer"
+                },
+                "timestamp_offset_start": {
+                    "type": "integer"
+                }
+            }
+        },
        "models.IPCamera": {
            "type": "object",
            "properties": {
                "fps": {
                    "type": "string"
                },
+                "height": {
+                    "type": "integer"
+                },
                "onvif": {
                    "type": "string"
                },
@@ -629,8 +968,20 @@ const docTemplate = `{
                "rtsp": {
                    "type": "string"
                },
+                "sub_fps": {
+                    "type": "string"
+                },
+                "sub_height": {
+                    "type": "integer"
+                },
                "sub_rtsp": {
                    "type": "string"
+                },
+                "sub_width": {
+                    "type": "integer"
+                },
+                "width": {
+                    "type": "integer"
                }
            }
        },
@@ -835,6 +1186,8 @@ var SwaggerInfo = &swag.Spec{
 	Description:      "This is the API for using and configure Kerberos Agent.",
 	InfoInstanceName: "swagger",
 	SwaggerTemplate:  docTemplate,
+	LeftDelim:        "{{",
+	RightDelim:       "}}",
 }

 func init() {
--- a/machinery/docs/swagger.json
+++ b/machinery/docs/swagger.json
@@ -21,7 +21,7 @@
            "post": {
                "description": "Will return the ONVIF capabilities for the specific camera.",
                "tags": [
-                    "camera"
+                    "onvif"
                ],
                "summary": "Will return the ONVIF capabilities for the specific camera.",
                "operationId": "camera-onvif-capabilities",
@@ -50,7 +50,7 @@
            "post": {
                "description": "Will activate the desired ONVIF preset.",
                "tags": [
-                    "camera"
+                    "onvif"
                ],
                "summary": "Will activate the desired ONVIF preset.",
                "operationId": "camera-onvif-gotopreset",
@@ -75,11 +75,45 @@
                }
            }
        },
+        "/api/camera/onvif/inputs": {
+            "post": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "description": "Will get the digital inputs from the ONVIF device.",
+                "tags": [
+                    "onvif"
+                ],
+                "summary": "Will get the digital inputs from the ONVIF device.",
+                "operationId": "get-digital-inputs",
+                "parameters": [
+                    {
+                        "description": "OnvifCredentials",
+                        "name": "config",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/models.OnvifCredentials"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/models.APIResponse"
+                        }
+                    }
+                }
+            }
+        },
        "/api/camera/onvif/login": {
            "post": {
                "description": "Try to login into ONVIF supported camera.",
                "tags": [
-                    "camera"
+                    "onvif"
                ],
                "summary": "Try to login into ONVIF supported camera.",
                "operationId": "camera-onvif-login",
@@ -104,11 +138,86 @@
                }
            }
        },
+        "/api/camera/onvif/outputs": {
+            "post": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "description": "Will get the relay outputs from the ONVIF device.",
+                "tags": [
+                    "onvif"
+                ],
+                "summary": "Will get the relay outputs from the ONVIF device.",
+                "operationId": "get-relay-outputs",
+                "parameters": [
+                    {
+                        "description": "OnvifCredentials",
+                        "name": "config",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/models.OnvifCredentials"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/models.APIResponse"
+                        }
+                    }
+                }
+            }
+        },
+        "/api/camera/onvif/outputs/{output}": {
+            "post": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "description": "Will trigger the relay output from the ONVIF device.",
+                "tags": [
+                    "onvif"
+                ],
+                "summary": "Will trigger the relay output from the ONVIF device.",
+                "operationId": "trigger-relay-output",
+                "parameters": [
+                    {
+                        "description": "OnvifCredentials",
+                        "name": "config",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/models.OnvifCredentials"
+                        }
+                    },
+                    {
+                        "type": "string",
+                        "description": "Output",
+                        "name": "output",
+                        "in": "path",
+                        "required": true
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/models.APIResponse"
+                        }
+                    }
+                }
+            }
+        },
        "/api/camera/onvif/pantilt": {
            "post": {
                "description": "Panning or/and tilting the camera using a direction (x,y).",
                "tags": [
-                    "camera"
+                    "onvif"
                ],
                "summary": "Panning or/and tilting the camera.",
                "operationId": "camera-onvif-pantilt",
@@ -137,7 +246,7 @@
            "post": {
                "description": "Will return the ONVIF presets for the specific camera.",
                "tags": [
-                    "camera"
+                    "onvif"
                ],
                "summary": "Will return the ONVIF presets for the specific camera.",
                "operationId": "camera-onvif-presets",
@@ -162,11 +271,45 @@
                }
            }
        },
+        "/api/camera/onvif/verify": {
+            "post": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "description": "Will verify the ONVIF connectivity.",
+                "tags": [
+                    "onvif"
+                ],
+                "summary": "Will verify the ONVIF connectivity.",
+                "operationId": "verify-onvif",
+                "parameters": [
+                    {
+                        "description": "OnvifCredentials",
+                        "name": "config",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/models.OnvifCredentials"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/models.APIResponse"
+                        }
+                    }
+                }
+            }
+        },
        "/api/camera/onvif/zoom": {
            "post": {
                "description": "Zooming in or out the camera.",
                "tags": [
-                    "camera"
+                    "onvif"
                ],
                "summary": "Zooming in or out the camera.",
                "operationId": "camera-onvif-zoom",
@@ -191,6 +334,90 @@
                }
            }
        },
+        "/api/camera/record": {
+            "post": {
+                "description": "Make a recording.",
+                "tags": [
+                    "camera"
+                ],
+                "summary": "Make a recording.",
+                "operationId": "camera-record",
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/models.APIResponse"
+                        }
+                    }
+                }
+            }
+        },
+        "/api/camera/restart": {
+            "post": {
+                "description": "Restart the agent.",
+                "tags": [
+                    "camera"
+                ],
+                "summary": "Restart the agent.",
+                "operationId": "camera-restart",
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/models.APIResponse"
+                        }
+                    }
+                }
+            }
+        },
+        "/api/camera/snapshot/base64": {
+            "get": {
+                "description": "Get a snapshot from the camera in base64.",
+                "tags": [
+                    "camera"
+                ],
+                "summary": "Get a snapshot from the camera in base64.",
+                "operationId": "snapshot-base64",
+                "responses": {
+                    "200": {
+                        "description": "OK"
+                    }
+                }
+            }
+        },
+        "/api/camera/snapshot/jpeg": {
+            "get": {
+                "description": "Get a snapshot from the camera in jpeg format.",
+                "tags": [
+                    "camera"
+                ],
+                "summary": "Get a snapshot from the camera in jpeg format.",
+                "operationId": "snapshot-jpeg",
+                "responses": {
+                    "200": {
+                        "description": "OK"
+                    }
+                }
+            }
+        },
+        "/api/camera/stop": {
+            "post": {
+                "description": "Stop the agent.",
+                "tags": [
+                    "camera"
+                ],
+                "summary": "Stop the agent.",
+                "operationId": "camera-stop",
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/models.APIResponse"
+                        }
+                    }
+                }
+            }
+        },
        "/api/camera/verify/{streamType}": {
            "post": {
                "description": "This method will validate a specific profile connection from an RTSP camera, and try to get the codec.",
@@ -231,6 +458,75 @@
                }
            }
        },
+        "/api/config": {
+            "get": {
+                "description": "Get the current configuration.",
+                "tags": [
+                    "config"
+                ],
+                "summary": "Get the current configuration.",
+                "operationId": "config",
+                "responses": {
+                    "200": {
+                        "description": "OK"
+                    }
+                }
+            },
+            "post": {
+                "description": "Update the current configuration.",
+                "tags": [
+                    "config"
+                ],
+                "summary": "Update the current configuration.",
+                "operationId": "config",
+                "parameters": [
+                    {
+                        "description": "Configuration",
+                        "name": "config",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/models.Config"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK"
+                    }
+                }
+            }
+        },
+        "/api/dashboard": {
+            "get": {
+                "description": "Get all information showed on the dashboard.",
+                "tags": [
+                    "general"
+                ],
+                "summary": "Get all information showed on the dashboard.",
+                "operationId": "dashboard",
+                "responses": {
+                    "200": {
+                        "description": "OK"
+                    }
+                }
+            }
+        },
+        "/api/days": {
+            "get": {
+                "description": "Get all days stored in the recordings directory.",
+                "tags": [
+                    "general"
+                ],
+                "summary": "Get all days stored in the recordings directory.",
+                "operationId": "days",
+                "responses": {
+                    "200": {
+                        "description": "OK"
+                    }
+                }
+            }
+        },
        "/api/hub/verify": {
            "post": {
                "security": [
@@ -240,7 +536,7 @@
                ],
                "description": "Will verify the hub connectivity.",
                "tags": [
-                    "config"
+                    "persistence"
                ],
                "summary": "Will verify the hub connectivity.",
                "operationId": "verify-hub",
@@ -265,6 +561,32 @@
                }
            }
        },
+        "/api/latest-events": {
+            "post": {
+                "description": "Get the latest recordings (events) from the recordings directory.",
+                "tags": [
+                    "general"
+                ],
+                "summary": "Get the latest recordings (events) from the recordings directory.",
+                "operationId": "latest-events",
+                "parameters": [
+                    {
+                        "description": "Event filter",
+                        "name": "eventFilter",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/models.EventFilter"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK"
+                    }
+                }
+            }
+        },
        "/api/login": {
            "post": {
                "description": "Get Authorization token.",
@@ -294,40 +616,6 @@
                }
            }
        },
-        "/api/onvif/verify": {
-            "post": {
-                "security": [
-                    {
-                        "Bearer": []
-                    }
-                ],
-                "description": "Will verify the ONVIF connectivity.",
-                "tags": [
-                    "config"
-                ],
-                "summary": "Will verify the ONVIF connectivity.",
-                "operationId": "verify-onvif",
-                "parameters": [
-                    {
-                        "description": "Camera Config",
-                        "name": "cameraConfig",
-                        "in": "body",
-                        "required": true,
-                        "schema": {
-                            "$ref": "#/definitions/models.IPCamera"
-                        }
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "OK",
-                        "schema": {
-                            "$ref": "#/definitions/models.APIResponse"
-                        }
-                    }
-                }
-            }
-        },
        "/api/persistence/verify": {
            "post": {
                "security": [
@@ -337,7 +625,7 @@
                ],
                "description": "Will verify the persistence.",
                "tags": [
-                    "config"
+                    "persistence"
                ],
                "summary": "Will verify the persistence.",
                "operationId": "verify-persistence",
@@ -497,6 +785,9 @@
                "dropbox": {
                    "$ref": "#/definitions/models.Dropbox"
                },
+                "encryption": {
+                    "$ref": "#/definitions/models.Encryption"
+                },
                "friendly_name": {
                    "type": "string"
                },
@@ -504,6 +795,9 @@
                    "description": "obsolete",
                    "type": "string"
                },
+                "hub_encryption": {
+                    "type": "string"
+                },
                "hub_key": {
                    "type": "string"
                },
@@ -540,6 +834,12 @@
                "offline": {
                    "type": "string"
                },
+                "realtimeprocessing": {
+                    "type": "string"
+                },
+                "realtimeprocessing_topic": {
+                    "type": "string"
+                },
                "region": {
                    "$ref": "#/definitions/models.Region"
                },
@@ -564,6 +864,9 @@
                "timezone": {
                    "type": "string"
                },
+                "turn_force": {
+                    "type": "string"
+                },
                "turn_password": {
                    "type": "string"
                },
@@ -600,12 +903,49 @@
                }
            }
        },
+        "models.Encryption": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "string"
+                },
+                "fingerprint": {
+                    "type": "string"
+                },
+                "private_key": {
+                    "type": "string"
+                },
+                "recordings": {
+                    "type": "string"
+                },
+                "symmetric_key": {
+                    "type": "string"
+                }
+            }
+        },
+        "models.EventFilter": {
+            "type": "object",
+            "properties": {
+                "number_of_elements": {
+                    "type": "integer"
+                },
+                "timestamp_offset_end": {
+                    "type": "integer"
+                },
+                "timestamp_offset_start": {
+                    "type": "integer"
+                }
+            }
+        },
        "models.IPCamera": {
            "type": "object",
            "properties": {
                "fps": {
                    "type": "string"
                },
+                "height": {
+                    "type": "integer"
+                },
                "onvif": {
                    "type": "string"
                },
@@ -621,8 +961,20 @@
                "rtsp": {
                    "type": "string"
                },
+                "sub_fps": {
+                    "type": "string"
+                },
+                "sub_height": {
+                    "type": "integer"
+                },
                "sub_rtsp": {
                    "type": "string"
+                },
+                "sub_width": {
+                    "type": "integer"
+                },
+                "width": {
+                    "type": "integer"
                }
            }
        },
--- a/machinery/docs/swagger.yaml
+++ b/machinery/docs/swagger.yaml
@@ -88,11 +88,15 @@ definitions:
        type: string
      dropbox:
        $ref: '#/definitions/models.Dropbox'
+      encryption:
+        $ref: '#/definitions/models.Encryption'
      friendly_name:
        type: string
      heartbeaturi:
        description: obsolete
        type: string
+      hub_encryption:
+        type: string
      hub_key:
        type: string
      hub_private_key:
@@ -117,6 +121,10 @@ definitions:
        type: string
      offline:
        type: string
+      realtimeprocessing:
+        type: string
+      realtimeprocessing_topic:
+        type: string
      region:
        $ref: '#/definitions/models.Region'
      remove_after_upload:
@@ -133,6 +141,8 @@ definitions:
        type: array
      timezone:
        type: string
+      turn_force:
+        type: string
      turn_password:
        type: string
      turn_username:
@@ -156,10 +166,34 @@ definitions:
      directory:
        type: string
    type: object
+  models.Encryption:
+    properties:
+      enabled:
+        type: string
+      fingerprint:
+        type: string
+      private_key:
+        type: string
+      recordings:
+        type: string
+      symmetric_key:
+        type: string
+    type: object
+  models.EventFilter:
+    properties:
+      number_of_elements:
+        type: integer
+      timestamp_offset_end:
+        type: integer
+      timestamp_offset_start:
+        type: integer
+    type: object
  models.IPCamera:
    properties:
      fps:
        type: string
+      height:
+        type: integer
      onvif:
        type: string
      onvif_password:
@@ -170,8 +204,16 @@ definitions:
        type: string
      rtsp:
        type: string
+      sub_fps:
+        type: string
+      sub_height:
+        type: integer
      sub_rtsp:
        type: string
+      sub_width:
+        type: integer
+      width:
+        type: integer
    type: object
  models.KStorage:
    properties:
@@ -321,7 +363,7 @@ paths:
            $ref: '#/definitions/models.APIResponse'
      summary: Will return the ONVIF capabilities for the specific camera.
      tags:
-      - camera
+      - onvif
  /api/camera/onvif/gotopreset:
    post:
      description: Will activate the desired ONVIF preset.
@@ -340,7 +382,28 @@ paths:
            $ref: '#/definitions/models.APIResponse'
      summary: Will activate the desired ONVIF preset.
      tags:
-      - camera
+      - onvif
+  /api/camera/onvif/inputs:
+    post:
+      description: Will get the digital inputs from the ONVIF device.
+      operationId: get-digital-inputs
+      parameters:
+      - description: OnvifCredentials
+        in: body
+        name: config
+        required: true
+        schema:
+          $ref: '#/definitions/models.OnvifCredentials'
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/models.APIResponse'
+      security:
+      - Bearer: []
+      summary: Will get the digital inputs from the ONVIF device.
+      tags:
+      - onvif
  /api/camera/onvif/login:
    post:
      description: Try to login into ONVIF supported camera.
@@ -359,7 +422,54 @@ paths:
            $ref: '#/definitions/models.APIResponse'
      summary: Try to login into ONVIF supported camera.
      tags:
-      - camera
+      - onvif
+  /api/camera/onvif/outputs:
+    post:
+      description: Will get the relay outputs from the ONVIF device.
+      operationId: get-relay-outputs
+      parameters:
+      - description: OnvifCredentials
+        in: body
+        name: config
+        required: true
+        schema:
+          $ref: '#/definitions/models.OnvifCredentials'
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/models.APIResponse'
+      security:
+      - Bearer: []
+      summary: Will get the relay outputs from the ONVIF device.
+      tags:
+      - onvif
+  /api/camera/onvif/outputs/{output}:
+    post:
+      description: Will trigger the relay output from the ONVIF device.
+      operationId: trigger-relay-output
+      parameters:
+      - description: OnvifCredentials
+        in: body
+        name: config
+        required: true
+        schema:
+          $ref: '#/definitions/models.OnvifCredentials'
+      - description: Output
+        in: path
+        name: output
+        required: true
+        type: string
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/models.APIResponse'
+      security:
+      - Bearer: []
+      summary: Will trigger the relay output from the ONVIF device.
+      tags:
+      - onvif
  /api/camera/onvif/pantilt:
    post:
      description: Panning or/and tilting the camera using a direction (x,y).
@@ -378,7 +488,7 @@ paths:
            $ref: '#/definitions/models.APIResponse'
      summary: Panning or/and tilting the camera.
      tags:
-      - camera
+      - onvif
  /api/camera/onvif/presets:
    post:
      description: Will return the ONVIF presets for the specific camera.
@@ -397,7 +507,28 @@ paths:
            $ref: '#/definitions/models.APIResponse'
      summary: Will return the ONVIF presets for the specific camera.
      tags:
-      - camera
+      - onvif
+  /api/camera/onvif/verify:
+    post:
+      description: Will verify the ONVIF connectivity.
+      operationId: verify-onvif
+      parameters:
+      - description: OnvifCredentials
+        in: body
+        name: config
+        required: true
+        schema:
+          $ref: '#/definitions/models.OnvifCredentials'
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/models.APIResponse'
+      security:
+      - Bearer: []
+      summary: Will verify the ONVIF connectivity.
+      tags:
+      - onvif
  /api/camera/onvif/zoom:
    post:
      description: Zooming in or out the camera.
@@ -416,6 +547,62 @@ paths:
            $ref: '#/definitions/models.APIResponse'
      summary: Zooming in or out the camera.
      tags:
+      - onvif
+  /api/camera/record:
+    post:
+      description: Make a recording.
+      operationId: camera-record
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/models.APIResponse'
+      summary: Make a recording.
+      tags:
+      - camera
+  /api/camera/restart:
+    post:
+      description: Restart the agent.
+      operationId: camera-restart
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/models.APIResponse'
+      summary: Restart the agent.
+      tags:
+      - camera
+  /api/camera/snapshot/base64:
+    get:
+      description: Get a snapshot from the camera in base64.
+      operationId: snapshot-base64
+      responses:
+        "200":
+          description: OK
+      summary: Get a snapshot from the camera in base64.
+      tags:
+      - camera
+  /api/camera/snapshot/jpeg:
+    get:
+      description: Get a snapshot from the camera in jpeg format.
+      operationId: snapshot-jpeg
+      responses:
+        "200":
+          description: OK
+      summary: Get a snapshot from the camera in jpeg format.
+      tags:
+      - camera
+  /api/camera/stop:
+    post:
+      description: Stop the agent.
+      operationId: camera-stop
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/models.APIResponse'
+      summary: Stop the agent.
+      tags:
      - camera
  /api/camera/verify/{streamType}:
    post:
@@ -445,6 +632,52 @@ paths:
      summary: Validate a specific RTSP profile camera connection.
      tags:
      - camera
+  /api/config:
+    get:
+      description: Get the current configuration.
+      operationId: config
+      responses:
+        "200":
+          description: OK
+      summary: Get the current configuration.
+      tags:
+      - config
+    post:
+      description: Update the current configuration.
+      operationId: config
+      parameters:
+      - description: Configuration
+        in: body
+        name: config
+        required: true
+        schema:
+          $ref: '#/definitions/models.Config'
+      responses:
+        "200":
+          description: OK
+      summary: Update the current configuration.
+      tags:
+      - config
+  /api/dashboard:
+    get:
+      description: Get all information showed on the dashboard.
+      operationId: dashboard
+      responses:
+        "200":
+          description: OK
+      summary: Get all information showed on the dashboard.
+      tags:
+      - general
+  /api/days:
+    get:
+      description: Get all days stored in the recordings directory.
+      operationId: days
+      responses:
+        "200":
+          description: OK
+      summary: Get all days stored in the recordings directory.
+      tags:
+      - general
  /api/hub/verify:
    post:
      description: Will verify the hub connectivity.
@@ -465,7 +698,24 @@ paths:
      - Bearer: []
      summary: Will verify the hub connectivity.
      tags:
-      - config
+      - persistence
+  /api/latest-events:
+    post:
+      description: Get the latest recordings (events) from the recordings directory.
+      operationId: latest-events
+      parameters:
+      - description: Event filter
+        in: body
+        name: eventFilter
+        required: true
+        schema:
+          $ref: '#/definitions/models.EventFilter'
+      responses:
+        "200":
+          description: OK
+      summary: Get the latest recordings (events) from the recordings directory.
+      tags:
+      - general
  /api/login:
    post:
      description: Get Authorization token.
@@ -485,27 +735,6 @@ paths:
      summary: Get Authorization token.
      tags:
      - authentication
-  /api/onvif/verify:
-    post:
-      description: Will verify the ONVIF connectivity.
-      operationId: verify-onvif
-      parameters:
-      - description: Camera Config
-        in: body
-        name: cameraConfig
-        required: true
-        schema:
-          $ref: '#/definitions/models.IPCamera'
-      responses:
-        "200":
-          description: OK
-          schema:
-            $ref: '#/definitions/models.APIResponse'
-      security:
-      - Bearer: []
-      summary: Will verify the ONVIF connectivity.
-      tags:
-      - config
  /api/persistence/verify:
    post:
      description: Will verify the persistence.
@@ -526,7 +755,7 @@ paths:
      - Bearer: []
      summary: Will verify the persistence.
      tags:
-      - config
+      - persistence
 securityDefinitions:
  Bearer:
    in: header
--- a/machinery/go.mod
+++ b/machinery/go.mod
@@ -1,147 +1,183 @@
 module github.com/kerberos-io/agent/machinery

-go 1.19
-
-//replace github.com/kerberos-io/joy4 v1.0.60 => ../../../../github.com/kerberos-io/joy4
-
-// replace github.com/kerberos-io/onvif v0.0.6 => ../../../../github.com/kerberos-io/onvif
+go 1.23.1

 require (
 	github.com/InVisionApp/conjungo v1.1.0
-	github.com/appleboy/gin-jwt/v2 v2.9.1
-	github.com/asticode/go-astits v1.11.0
-	github.com/bluenviron/gortsplib/v3 v3.6.1
-	github.com/bluenviron/mediacommon v0.5.0
+	github.com/appleboy/gin-jwt/v2 v2.10.1
+	github.com/bluenviron/gortsplib/v4 v4.12.1
+	github.com/bluenviron/mediacommon v1.13.3
 	github.com/cedricve/go-onvif v0.0.0-20200222191200-567e8ce298f6
-	github.com/deepch/vdk v0.0.19
+	github.com/dromara/carbon/v2 v2.5.2
 	github.com/dropbox/dropbox-sdk-go-unofficial/v6 v6.0.5
-	github.com/eclipse/paho.mqtt.golang v1.4.2
-	github.com/elastic/go-sysinfo v1.9.0
-	github.com/gin-contrib/cors v1.4.0
-	github.com/gin-contrib/pprof v1.4.0
-	github.com/gin-gonic/contrib v0.0.0-20221130124618-7e01895a63f2
-	github.com/gin-gonic/gin v1.8.2
-	github.com/gofrs/uuid v3.2.0+incompatible
-	github.com/golang-jwt/jwt/v4 v4.4.3
-	github.com/golang-module/carbon/v2 v2.2.3
-	github.com/gorilla/websocket v1.5.0
+	github.com/eclipse/paho.mqtt.golang v1.5.0
+	github.com/elastic/go-sysinfo v1.15.0
+	github.com/gin-contrib/cors v1.7.3
+	github.com/gin-contrib/pprof v1.5.2
+	github.com/gin-gonic/contrib v0.0.0-20241229022435-d12709533de6
+	github.com/gin-gonic/gin v1.10.0
+	github.com/gofrs/uuid v4.4.0+incompatible
+	github.com/golang-jwt/jwt/v4 v4.5.1
+	github.com/gorilla/websocket v1.5.3
 	github.com/kellydunn/golang-geo v0.7.0
-	github.com/kerberos-io/joy4 v1.0.63
-	github.com/kerberos-io/onvif v0.0.7
+	github.com/kerberos-io/joy4 v1.0.64
+	github.com/kerberos-io/onvif v1.0.0
 	github.com/minio/minio-go/v6 v6.0.57
-	github.com/nsmith5/mjpeg v0.0.0-20200913181537-54b8ada0e53e
 	github.com/op/go-logging v0.0.0-20160315200505-970db520ece7
-	github.com/pion/rtp v1.7.13
-	github.com/pion/webrtc/v3 v3.1.50
-	github.com/sirupsen/logrus v1.9.0
-	github.com/swaggo/files v1.0.0
-	github.com/swaggo/gin-swagger v1.5.3
-	github.com/swaggo/swag v1.8.9
+	github.com/pion/rtp v1.8.10
+	github.com/pion/webrtc/v4 v4.0.7
+	github.com/sirupsen/logrus v1.9.3
+	github.com/swaggo/files v1.0.1
+	github.com/swaggo/gin-swagger v1.6.0
+	github.com/swaggo/swag v1.16.4
 	github.com/tevino/abool v1.2.0
-	github.com/zaf/g711 v0.0.0-20220109202201-cf0017bf0359
-	go.mongodb.org/mongo-driver v1.7.5
-	gopkg.in/DataDog/dd-trace-go.v1 v1.46.0
-	gopkg.in/natefinch/lumberjack.v2 v2.0.0
+	github.com/yapingcat/gomedia v0.0.0-20240906162731-17feea57090c
+	github.com/zaf/g711 v1.4.0
+	go.mongodb.org/mongo-driver v1.17.1
+	gopkg.in/DataDog/dd-trace-go.v1 v1.70.1
+	gopkg.in/natefinch/lumberjack.v2 v2.2.1
 )

 require (
-	github.com/DataDog/datadog-agent/pkg/obfuscate v0.0.0-20211129110424-6491aa3bf583 // indirect
-	github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.42.0-rc.1 // indirect
-	github.com/DataDog/datadog-go v4.8.2+incompatible // indirect
-	github.com/DataDog/datadog-go/v5 v5.0.2 // indirect
-	github.com/DataDog/go-tuf v0.3.0--fix-localmeta-fork // indirect
-	github.com/DataDog/gostackparse v0.5.0 // indirect
-	github.com/DataDog/sketches-go v1.2.1 // indirect
+	github.com/DataDog/appsec-internal-go v1.9.0 // indirect
+	github.com/DataDog/datadog-agent/pkg/obfuscate v0.58.0 // indirect
+	github.com/DataDog/datadog-agent/pkg/proto v0.58.0 // indirect
+	github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.58.0 // indirect
+	github.com/DataDog/datadog-agent/pkg/trace v0.58.0 // indirect
+	github.com/DataDog/datadog-agent/pkg/util/log v0.58.0 // indirect
+	github.com/DataDog/datadog-agent/pkg/util/scrubber v0.58.0 // indirect
+	github.com/DataDog/datadog-go/v5 v5.5.0 // indirect
+	github.com/DataDog/go-libddwaf/v3 v3.5.1 // indirect
+	github.com/DataDog/go-runtime-metrics-internal v0.0.0-20241106155157-194426bbbd59 // indirect
+	github.com/DataDog/go-sqllexer v0.0.14 // indirect
+	github.com/DataDog/go-tuf v1.1.0-0.5.2 // indirect
+	github.com/DataDog/gostackparse v0.7.0 // indirect
+	github.com/DataDog/opentelemetry-mapping-go/pkg/otlp/attributes v0.20.0 // indirect
+	github.com/DataDog/sketches-go v1.4.5 // indirect
 	github.com/KyleBanks/depth v1.2.1 // indirect
-	github.com/Microsoft/go-winio v0.5.1 // indirect
+	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/PuerkitoBio/purell v1.1.1 // indirect
 	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
-	github.com/asticode/go-astikit v0.30.0 // indirect
-	github.com/beevik/etree v1.1.0 // indirect
-	github.com/cespare/xxhash/v2 v2.1.2 // indirect
+	github.com/beevik/etree v1.2.0 // indirect
+	github.com/bytedance/sonic v1.12.6 // indirect
+	github.com/bytedance/sonic/loader v0.2.1 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/cihub/seelog v0.0.0-20170130134532-f561c5e57575 // indirect
 	github.com/clbanning/mxj v1.8.4 // indirect
-	github.com/dgraph-io/ristretto v0.1.0 // indirect
-	github.com/dustin/go-humanize v1.0.0 // indirect
+	github.com/clbanning/mxj/v2 v2.7.0 // indirect
+	github.com/cloudwego/base64x v0.1.4 // indirect
+	github.com/cloudwego/iasm v0.2.0 // indirect
+	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/eapache/queue/v2 v2.0.0-20230407133247-75960ed334e4 // indirect
+	github.com/ebitengine/purego v0.6.0-alpha.5 // indirect
 	github.com/elastic/go-windows v1.0.0 // indirect
 	github.com/elgs/gostrgen v0.0.0-20161222160715-9d61ae07eeae // indirect
 	github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.7 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
+	github.com/go-ole/go-ole v1.2.6 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
 	github.com/go-openapi/jsonreference v0.19.6 // indirect
 	github.com/go-openapi/spec v0.20.4 // indirect
 	github.com/go-openapi/swag v0.19.15 // indirect
-	github.com/go-playground/locales v0.14.0 // indirect
-	github.com/go-playground/universal-translator v0.18.0 // indirect
-	github.com/go-playground/validator/v10 v10.11.1 // indirect
-	github.com/go-stack/stack v1.8.0 // indirect
-	github.com/goccy/go-json v0.10.0 // indirect
-	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-playground/validator/v10 v10.23.0 // indirect
+	github.com/goccy/go-json v0.10.4 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
-	github.com/google/pprof v0.0.0-20210423192551-a2663126120b // indirect
-	github.com/google/uuid v1.3.0 // indirect
-	github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901 // indirect
+	github.com/google/pprof v0.0.0-20230817174616-7a8ec2ada47b // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 // indirect
+	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
+	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
+	github.com/icholy/digest v0.1.23 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.15.0 // indirect
+	github.com/juju/errors v1.0.0 // indirect
+	github.com/klauspost/compress v1.17.1 // indirect
 	github.com/klauspost/cpuid v1.2.3 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.9 // indirect
 	github.com/kylelemons/go-gypsy v1.0.0 // indirect
-	github.com/leodido/go-urn v1.2.1 // indirect
-	github.com/lib/pq v1.10.7 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
+	github.com/lib/pq v1.10.2 // indirect
+	github.com/lufia/plan9stats v0.0.0-20220913051719-115f729f3c8c // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/mattn/go-isatty v0.0.16 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/minio/md5-simd v1.1.0 // indirect
 	github.com/minio/sha256-simd v0.1.1 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
+	github.com/mitchellh/mapstructure v1.5.1-0.20231216201459-8508981c8b6c // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/onsi/gomega v1.27.4 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
-	github.com/philhofer/fwd v1.1.1 // indirect
-	github.com/pion/datachannel v1.5.5 // indirect
-	github.com/pion/dtls/v2 v2.1.5 // indirect
-	github.com/pion/ice/v2 v2.2.12 // indirect
-	github.com/pion/interceptor v0.1.11 // indirect
+	github.com/montanaflynn/stats v0.7.1 // indirect
+	github.com/nxadm/tail v1.4.11 // indirect
+	github.com/outcaste-io/ristretto v0.2.3 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
+	github.com/philhofer/fwd v1.1.3-0.20240612014219-fbbf4953d986 // indirect
+	github.com/pion/datachannel v1.5.10 // indirect
+	github.com/pion/dtls/v3 v3.0.4 // indirect
+	github.com/pion/ice/v4 v4.0.3 // indirect
+	github.com/pion/interceptor v0.1.37 // indirect
 	github.com/pion/logging v0.2.2 // indirect
-	github.com/pion/mdns v0.0.5 // indirect
+	github.com/pion/mdns/v2 v2.0.7 // indirect
 	github.com/pion/randutil v0.1.0 // indirect
-	github.com/pion/rtcp v1.2.10 // indirect
-	github.com/pion/sctp v1.8.5 // indirect
-	github.com/pion/sdp/v3 v3.0.6 // indirect
-	github.com/pion/srtp/v2 v2.0.10 // indirect
-	github.com/pion/stun v0.3.5 // indirect
-	github.com/pion/transport v0.14.1 // indirect
-	github.com/pion/turn/v2 v2.0.8 // indirect
-	github.com/pion/udp v0.1.1 // indirect
+	github.com/pion/rtcp v1.2.15 // indirect
+	github.com/pion/sctp v1.8.35 // indirect
+	github.com/pion/sdp/v3 v3.0.9 // indirect
+	github.com/pion/srtp/v3 v3.0.4 // indirect
+	github.com/pion/stun/v3 v3.0.0 // indirect
+	github.com/pion/transport/v3 v3.0.7 // indirect
+	github.com/pion/turn/v4 v4.0.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/prometheus/procfs v0.8.0 // indirect
-	github.com/richardartoul/molecule v1.0.1-0.20221107223329-32cfee06a052 // indirect
-	github.com/secure-systems-lab/go-securesystemslib v0.4.0 // indirect
+	github.com/power-devops/perfstat v0.0.0-20220216144756-c35f1ee13d7c // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
+	github.com/richardartoul/molecule v1.0.1-0.20240531184615-7ca0df43c0b3 // indirect
+	github.com/ryanuber/go-glob v1.0.0 // indirect
+	github.com/secure-systems-lab/go-securesystemslib v0.7.0 // indirect
+	github.com/shirou/gopsutil/v3 v3.24.4 // indirect
+	github.com/shoenig/go-m1cpu v0.1.6 // indirect
 	github.com/spaolacci/murmur3 v1.1.0 // indirect
-	github.com/tinylib/msgp v1.1.6 // indirect
-	github.com/ugorji/go/codec v1.2.7 // indirect
+	github.com/tinylib/msgp v1.2.1 // indirect
+	github.com/tklauser/go-sysconf v0.3.12 // indirect
+	github.com/tklauser/numcpus v0.6.1 // indirect
+	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
+	github.com/ugorji/go/codec v1.2.12 // indirect
+	github.com/wlynxg/anet v0.0.5 // indirect
 	github.com/xdg-go/pbkdf2 v1.0.0 // indirect
-	github.com/xdg-go/scram v1.0.2 // indirect
-	github.com/xdg-go/stringprep v1.0.2 // indirect
-	github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d // indirect
+	github.com/xdg-go/scram v1.1.2 // indirect
+	github.com/xdg-go/stringprep v1.0.4 // indirect
+	github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 // indirect
+	github.com/yusufpapurcu/wmi v1.2.4 // indirect
 	github.com/ziutek/mymysql v1.5.4 // indirect
-	go4.org/intern v0.0.0-20211027215823-ae77deb06f29 // indirect
-	go4.org/unsafe/assume-no-moving-gc v0.0.0-20220617031537-928513b29760 // indirect
-	golang.org/x/crypto v0.4.0 // indirect
-	golang.org/x/net v0.9.0 // indirect
-	golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5 // indirect
-	golang.org/x/sync v0.1.0 // indirect
-	golang.org/x/sys v0.7.0 // indirect
-	golang.org/x/text v0.9.0 // indirect
-	golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 // indirect
-	golang.org/x/tools v0.7.0 // indirect
-	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
-	google.golang.org/appengine v1.6.6 // indirect
-	google.golang.org/grpc v1.32.0 // indirect
-	google.golang.org/protobuf v1.28.1 // indirect
-	gopkg.in/ini.v1 v1.42.0 // indirect
+	go.opentelemetry.io/collector/component v0.104.0 // indirect
+	go.opentelemetry.io/collector/config/configtelemetry v0.104.0 // indirect
+	go.opentelemetry.io/collector/pdata v1.11.0 // indirect
+	go.opentelemetry.io/collector/semconv v0.104.0 // indirect
+	go.opentelemetry.io/otel v1.27.0 // indirect
+	go.opentelemetry.io/otel/metric v1.27.0 // indirect
+	go.opentelemetry.io/otel/trace v1.27.0 // indirect
+	go.uber.org/atomic v1.11.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	go.uber.org/zap v1.27.0 // indirect
+	golang.org/x/arch v0.12.0 // indirect
+	golang.org/x/crypto v0.31.0 // indirect
+	golang.org/x/mod v0.20.0 // indirect
+	golang.org/x/net v0.33.0 // indirect
+	golang.org/x/oauth2 v0.18.0 // indirect
+	golang.org/x/sync v0.10.0 // indirect
+	golang.org/x/sys v0.28.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
+	golang.org/x/time v0.6.0 // indirect
+	golang.org/x/tools v0.24.0 // indirect
+	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240520151616-dc85e6b867a5 // indirect
+	google.golang.org/grpc v1.64.0 // indirect
+	google.golang.org/protobuf v1.36.1 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 	howett.net/plist v0.0.0-20181124034731-591f970eefbb // indirect
-	inet.af/netaddr v0.0.0-20220617031823-097006376321 // indirect
 )
--- a/machinery/go.sum
+++ b/machinery/go.sum
--- a/machinery/main.go
+++ b/machinery/main.go
@@ -6,9 +6,11 @@ import (
 	"os"
 	"time"

+	"github.com/kerberos-io/agent/machinery/src/capture"
 	"github.com/kerberos-io/agent/machinery/src/components"
 	"github.com/kerberos-io/agent/machinery/src/log"
 	"github.com/kerberos-io/agent/machinery/src/models"
+	"github.com/kerberos-io/agent/machinery/src/onvif"

 	configService "github.com/kerberos-io/agent/machinery/src/config"
 	"github.com/kerberos-io/agent/machinery/src/routers"
@@ -17,7 +19,7 @@ import (
 	"gopkg.in/DataDog/dd-trace-go.v1/profiler"
 )

-var VERSION = "3.0.0"
+var VERSION = utils.VERSION

 func main() {
 	// You might be interested in debugging the agent.
@@ -67,27 +69,44 @@ func main() {
 	flag.StringVar(&timeout, "timeout", "2000", "Number of milliseconds to wait for the ONVIF discovery to complete")
 	flag.Parse()

+	// Specify the level of loggin: "info", "warning", "debug", "error" or "fatal."
+	logLevel := os.Getenv("LOG_LEVEL")
+	if logLevel == "" {
+		logLevel = "info"
+	}
+	// Specify the output formatter of the log: "text" or "json".
+	logOutput := os.Getenv("LOG_OUTPUT")
+	if logOutput == "" {
+		logOutput = "text"
+	}
+	// Specify the timezone of the log: "UTC" or "Local".
 	timezone, _ := time.LoadLocation("CET")
-	log.Log.Init(configDirectory, timezone)
+	log.Log.Init(logLevel, logOutput, configDirectory, timezone)

 	switch action {

 	case "version":
-		log.Log.Info("You are currrently running Kerberos Agent " + VERSION)
+		log.Log.Info("main.Main(): You are currrently running Kerberos Agent " + VERSION)

 	case "discover":
-		log.Log.Info(timeout)
+		// Convert duration to int
+		timeout, err := time.ParseDuration(timeout + "ms")
+		if err != nil {
+			log.Log.Fatal("main.Main(): could not parse timeout: " + err.Error())
+			return
+		}
+		onvif.Discover(timeout)

 	case "decrypt":
-		log.Log.Info("Decrypting: " + flag.Arg(0) + " with key: " + flag.Arg(1))
+		log.Log.Info("main.Main(): Decrypting: " + flag.Arg(0) + " with key: " + flag.Arg(1))
 		symmetricKey := []byte(flag.Arg(1))

 		if symmetricKey == nil || len(symmetricKey) == 0 {
-			log.Log.Fatal("Main: symmetric key should not be empty")
+			log.Log.Fatal("main.Main(): symmetric key should not be empty")
 			return
 		}
 		if len(symmetricKey) != 32 {
-			log.Log.Fatal("Main: symmetric key should be 32 bytes")
+			log.Log.Fatal("main.Main(): symmetric key should be 32 bytes")
 			return
 		}

@@ -123,7 +142,7 @@ func main() {

 			// Set timezone
 			timezone, _ := time.LoadLocation(configuration.Config.Timezone)
-			log.Log.Init(configDirectory, timezone)
+			log.Log.Init(logLevel, logOutput, configDirectory, timezone)

 			// Check if we have a device Key or not, if not
 			// we will generate one.
@@ -132,9 +151,9 @@ func main() {
 				configuration.Config.Key = key
 				err := configService.StoreConfig(configDirectory, configuration.Config)
 				if err == nil {
-					log.Log.Info("Main: updated unique key for agent to: " + key)
+					log.Log.Info("main.Main(): updated unique key for agent to: " + key)
 				} else {
-					log.Log.Info("Main: something went wrong while trying to store key: " + key)
+					log.Log.Info("main.Main(): something went wrong while trying to store key: " + key)
 				}
 			}

@@ -142,18 +161,26 @@ func main() {
 			// This is used to restart the agent when the configuration is updated.
 			ctx, cancel := context.WithCancel(context.Background())

+			// We create a capture object, this will contain all the streaming clients.
+			// And allow us to extract media from within difference places in the agent.
+			capture := capture.Capture{
+				RTSPClient:    nil,
+				RTSPSubClient: nil,
+			}
+
 			// Bootstrapping the agent
 			communication := models.Communication{
 				Context:         &ctx,
 				CancelContext:   &cancel,
 				HandleBootstrap: make(chan string, 1),
 			}
-			go components.Bootstrap(configDirectory, &configuration, &communication)
+
+			go components.Bootstrap(configDirectory, &configuration, &communication, &capture)

 			// Start the REST API.
-			routers.StartWebserver(configDirectory, &configuration, &communication)
+			routers.StartWebserver(configDirectory, &configuration, &communication, &capture)
 		}
 	default:
-		log.Log.Error("Main: Sorry I don't understand :(")
+		log.Log.Error("main.Main(): Sorry I don't understand :(")
 	}
 }
--- a/machinery/src/api/onvif.go
+++ b/machinery/src/api/onvif.go
@@ -1 +0,0 @@
-package api
--- a/machinery/src/capture/IPCamera.go
+++ b/machinery/src/capture/IPCamera.go
@@ -1,150 +0,0 @@
-package capture
-
-import (
-	"context"
-	"strconv"
-	"sync"
-	"time"
-
-	"github.com/kerberos-io/agent/machinery/src/log"
-	"github.com/kerberos-io/agent/machinery/src/models"
-	"github.com/kerberos-io/joy4/av/pubsub"
-
-	"github.com/kerberos-io/joy4/av"
-	"github.com/kerberos-io/joy4/av/avutil"
-	"github.com/kerberos-io/joy4/cgo/ffmpeg"
-	"github.com/kerberos-io/joy4/format"
-)
-
-func OpenRTSP(ctx context.Context, url string) (av.DemuxCloser, []av.CodecData, error) {
-	format.RegisterAll()
-	infile, err := avutil.Open(ctx, url)
-	if err == nil {
-		streams, errstreams := infile.Streams()
-		return infile, streams, errstreams
-	}
-	return nil, []av.CodecData{}, err
-}
-
-func GetVideoStream(streams []av.CodecData) (av.CodecData, error) {
-	var videoStream av.CodecData
-	for _, stream := range streams {
-		if stream.Type().IsAudio() {
-			//astream := stream.(av.AudioCodecData)
-		} else if stream.Type().IsVideo() {
-			videoStream = stream
-		}
-	}
-	return videoStream, nil
-}
-
-func GetVideoDecoder(decoder *ffmpeg.VideoDecoder, streams []av.CodecData) {
-	// Load video codec
-	var vstream av.VideoCodecData
-	for _, stream := range streams {
-		if stream.Type().IsAudio() {
-			//astream := stream.(av.AudioCodecData)
-		} else if stream.Type().IsVideo() {
-			vstream = stream.(av.VideoCodecData)
-		}
-	}
-	err := ffmpeg.NewVideoDecoder(decoder, vstream)
-	if err != nil {
-		log.Log.Error("GetVideoDecoder: " + err.Error())
-	}
-}
-
-func DecodeImage(frame *ffmpeg.VideoFrame, pkt av.Packet, decoder *ffmpeg.VideoDecoder, decoderMutex *sync.Mutex) (*ffmpeg.VideoFrame, error) {
-	decoderMutex.Lock()
-	img, err := decoder.Decode(frame, pkt.Data)
-	decoderMutex.Unlock()
-	return img, err
-}
-
-func HandleStream(infile av.DemuxCloser, queue *pubsub.Queue, communication *models.Communication) { //, wg *sync.WaitGroup) {
-
-	log.Log.Debug("HandleStream: started")
-	var err error
-loop:
-	for {
-		// This will check if we need to stop the thread,
-		// because of a reconfiguration.
-		select {
-		case <-communication.HandleStream:
-			break loop
-		default:
-		}
-
-		var pkt av.Packet
-		if pkt, err = infile.ReadPacket(); err != nil { // sometimes this throws an end of file..
-			log.Log.Error("HandleStream: " + err.Error())
-			time.Sleep(1 * time.Second)
-		}
-
-		// Could be that a decode is throwing errors.
-		if len(pkt.Data) > 0 {
-
-			queue.WritePacket(pkt)
-
-			// This will check if we need to stop the thread,
-			// because of a reconfiguration.
-			select {
-			case <-communication.HandleStream:
-				break loop
-			default:
-			}
-
-			if pkt.IsKeyFrame {
-
-				// Increment packets, so we know the device
-				// is not blocking.
-				r := communication.PackageCounter.Load().(int64)
-				log.Log.Info("HandleStream: packet size " + strconv.Itoa(len(pkt.Data)))
-				communication.PackageCounter.Store((r + 1) % 1000)
-				communication.LastPacketTimer.Store(time.Now().Unix())
-			}
-		}
-	}
-
-	queue.Close()
-	log.Log.Debug("HandleStream: finished")
-}
-
-func HandleSubStream(infile av.DemuxCloser, queue *pubsub.Queue, communication *models.Communication) { //, wg *sync.WaitGroup) {
-
-	log.Log.Debug("HandleSubStream: started")
-	var err error
-loop:
-	for {
-		// This will check if we need to stop the thread,
-		// because of a reconfiguration.
-		select {
-		case <-communication.HandleSubStream:
-			break loop
-		default:
-		}
-
-		var pkt av.Packet
-		if pkt, err = infile.ReadPacket(); err != nil { // sometimes this throws an end of file..
-			log.Log.Error("HandleSubStream: " + err.Error())
-			time.Sleep(1 * time.Second)
-		}
-
-		// Could be that a decode is throwing errors.
-		if len(pkt.Data) > 0 {
-
-			queue.WritePacket(pkt)
-
-			// This will check if we need to stop the thread,
-			// because of a reconfiguration.
-			select {
-			case <-communication.HandleSubStream:
-				break loop
-			default:
-			}
-		}
-	}
-
-	queue.Close()
-	log.Log.Debug("HandleSubStream: finished")
-}
--- a/machinery/src/capture/RTSPClient.go
+++ b/machinery/src/capture/RTSPClient.go
@@ -0,0 +1,72 @@
+package capture
+
+import (
+	"context"
+	"image"
+
+	"github.com/kerberos-io/agent/machinery/src/models"
+	"github.com/kerberos-io/agent/machinery/src/packets"
+)
+
+type Capture struct {
+	RTSPClient            *Golibrtsp
+	RTSPSubClient         *Golibrtsp
+	RTSPBackChannelClient *Golibrtsp
+}
+
+func (c *Capture) SetMainClient(rtspUrl string) *Golibrtsp {
+	c.RTSPClient = &Golibrtsp{
+		Url: rtspUrl,
+	}
+	return c.RTSPClient
+}
+
+func (c *Capture) SetSubClient(rtspUrl string) *Golibrtsp {
+	c.RTSPSubClient = &Golibrtsp{
+		Url: rtspUrl,
+	}
+	return c.RTSPSubClient
+}
+
+func (c *Capture) SetBackChannelClient(rtspUrl string) *Golibrtsp {
+	c.RTSPBackChannelClient = &Golibrtsp{
+		Url: rtspUrl,
+	}
+	return c.RTSPBackChannelClient
+}
+
+// RTSPClient is a interface that abstracts the RTSP client implementation.
+type RTSPClient interface {
+	// Connect to the RTSP server.
+	Connect(ctx context.Context) error
+
+	// Connect to a backchannel RTSP server.
+	ConnectBackChannel(ctx context.Context) error
+
+	// Start the RTSP client, and start reading packets.
+	Start(ctx context.Context, streamType string, queue *packets.Queue, configuration *models.Configuration, communication *models.Communication) error
+
+	// Start the RTSP client, and start reading packets.
+	StartBackChannel(ctx context.Context) (err error)
+
+	// Decode a packet into a image.
+	DecodePacket(pkt packets.Packet) (image.YCbCr, error)
+
+	// Decode a packet into a image.
+	DecodePacketRaw(pkt packets.Packet) (image.Gray, error)
+
+	// Write a packet to the RTSP server.
+	WritePacket(pkt packets.Packet) error
+
+	// Close the connection to the RTSP server.
+	Close() error
+
+	// Get a list of streams from the RTSP server.
+	GetStreams() ([]packets.Stream, error)
+
+	// Get a list of video streams from the RTSP server.
+	GetVideoStreams() ([]packets.Stream, error)
+
+	// Get a list of audio streams from the RTSP server.
+	GetAudioStreams() ([]packets.Stream, error)
+}
--- a/machinery/src/capture/gortsplib.go
+++ b/machinery/src/capture/gortsplib.go
--- a/machinery/src/capture/main.go
+++ b/machinery/src/capture/main.go
@@ -3,19 +3,20 @@ package capture

 import (
 	"context"
+	"encoding/base64"
+	"image"
 	"os"
 	"strconv"
 	"time"

 	"github.com/gin-gonic/gin"
+	"github.com/kerberos-io/agent/machinery/src/conditions"
 	"github.com/kerberos-io/agent/machinery/src/encryption"
 	"github.com/kerberos-io/agent/machinery/src/log"
 	"github.com/kerberos-io/agent/machinery/src/models"
+	"github.com/kerberos-io/agent/machinery/src/packets"
 	"github.com/kerberos-io/agent/machinery/src/utils"
-	"github.com/kerberos-io/joy4/av/pubsub"
-	"github.com/kerberos-io/joy4/format/mp4"
-
-	"github.com/kerberos-io/joy4/av"
+	"github.com/yapingcat/gomedia/go-mp4"
 )

 func CleanupRecordingDirectory(configDirectory string, configuration *models.Configuration) {
@@ -52,14 +53,15 @@ func CleanupRecordingDirectory(configDirectory string, configuration *models.Con
 	}
 }

-func HandleRecordStream(queue *pubsub.Queue, configDirectory string, configuration *models.Configuration, communication *models.Communication, streams []av.CodecData) {
+func HandleRecordStream(queue *packets.Queue, configDirectory string, configuration *models.Configuration, communication *models.Communication, rtspClient RTSPClient) {

 	config := configuration.Config
+	loc, _ := time.LoadLocation(config.Timezone)

 	if config.Capture.Recording == "false" {
-		log.Log.Info("HandleRecordStream: disabled, we will not record anything.")
+		log.Log.Info("capture.main.HandleRecordStream(): disabled, we will not record anything.")
 	} else {
-		log.Log.Debug("HandleRecordStream: started")
+		log.Log.Debug("capture.main.HandleRecordStream(): started")

 		recordingPeriod := config.Capture.PostRecording         // number of seconds to record.
 		maxRecordingPeriod := config.Capture.MaxLengthRecording // maximum number of seconds to record.
@@ -69,20 +71,28 @@ func HandleRecordStream(queue *pubsub.Queue, configDirectory string, configurati
 		startRecording := now
 		timestamp := now

+		if config.FriendlyName != "" {
+			config.Name = config.FriendlyName
+		}
+
+		// For continuous and motion based recording we will use a single file.
+		var file *os.File
+
 		// Check if continuous recording.
 		if config.Capture.Continuous == "true" {

-			// Do not do anything!
-			log.Log.Info("HandleRecordStream: Start continuous recording ")
+			//var cws *cacheWriterSeeker
+			var myMuxer *mp4.Movmuxer
+			var videoTrack uint32
+			var audioTrack uint32
+			var name string
+
+			// Do not do anything!
+			log.Log.Info("capture.main.HandleRecordStream(continuous): start recording")

-			loc, _ := time.LoadLocation(config.Timezone)
 			now = time.Now().Unix()
 			timestamp = now
 			start := false
-			var name string
-			var myMuxer *mp4.Muxer
-			var file *os.File
-			var err error

 			// If continuous record the full length
 			recordingPeriod = maxRecordingPeriod
@@ -90,10 +100,9 @@ func HandleRecordStream(queue *pubsub.Queue, configDirectory string, configurati
 			fullName := ""

 			// Get as much packets we need.
-			//for pkt := range packets {
 			var cursorError error
-			var pkt av.Packet
-			var nextPkt av.Packet
+			var pkt packets.Packet
+			var nextPkt packets.Packet
 			recordingStatus := "idle"
 			recordingCursor := queue.Oldest()

@@ -111,21 +120,31 @@ func HandleRecordStream(queue *pubsub.Queue, configDirectory string, configurati
 					nextPkt.IsKeyFrame && (timestamp+recordingPeriod-now <= 0 || now-startRecording >= maxRecordingPeriod) {

 					// Write the last packet
-					if err := myMuxer.WritePacket(pkt); err != nil {
-						log.Log.Error(err.Error())
+					ttime := convertPTS(pkt.TimeLegacy)
+					if pkt.IsVideo {
+						if err := myMuxer.Write(videoTrack, pkt.Data, ttime, ttime); err != nil {
+							log.Log.Error("capture.main.HandleRecordStream(continuous): " + err.Error())
+						}
+					} else if pkt.IsAudio {
+						if pkt.Codec == "AAC" {
+							if err := myMuxer.Write(audioTrack, pkt.Data, ttime, ttime); err != nil {
+								log.Log.Error("capture.main.HandleRecordStream(continuous): " + err.Error())
+							}
+						} else if pkt.Codec == "PCM_MULAW" {
+							// TODO: transcode to AAC, some work to do..
+							log.Log.Debug("capture.main.HandleRecordStream(continuous): no AAC audio codec detected, skipping audio track.")
+						}
 					}

 					// This will write the trailer a well.
-					if err := myMuxer.WriteTrailerWithPacket(nextPkt); err != nil {
-						log.Log.Error(err.Error())
+					if err := myMuxer.WriteTrailer(); err != nil {
+						log.Log.Error("capture.main.HandleRecordStream(continuous): " + err.Error())
 					}

-					log.Log.Info("HandleRecordStream: Recording finished: file save: " + name)
+					log.Log.Info("capture.main.HandleRecordStream(continuous): recording finished: file save: " + name)

 					// Cleanup muxer
 					start = false
-					myMuxer.Close()
-					myMuxer = nil
 					file.Close()
 					file = nil

@@ -134,6 +153,27 @@ func HandleRecordStream(queue *pubsub.Queue, configDirectory string, configurati
 						utils.CreateFragmentedMP4(fullName, config.Capture.FragmentedDuration)
 					}

+					// Check if we need to encrypt the recording.
+					if config.Encryption != nil && config.Encryption.Enabled == "true" && config.Encryption.Recordings == "true" && config.Encryption.SymmetricKey != "" {
+						// reopen file into memory 'fullName'
+						contents, err := os.ReadFile(fullName)
+						if err == nil {
+							// encrypt
+							encryptedContents, err := encryption.AesEncrypt(contents, config.Encryption.SymmetricKey)
+							if err == nil {
+								// write back to file
+								err := os.WriteFile(fullName, []byte(encryptedContents), 0644)
+								if err != nil {
+									log.Log.Error("capture.main.HandleRecordStream(continuous): error writing file: " + err.Error())
+								}
+							} else {
+								log.Log.Error("capture.main.HandleRecordStream(continuous): error encrypting file: " + err.Error())
+							}
+						} else {
+							log.Log.Error("capture.main.HandleRecordStream(continuous): error reading file: " + err.Error())
+						}
+					}
+
 					// Create a symbol link.
 					fc, _ := os.Create(configDirectory + "/data/cloud/" + name)
 					fc.Close()
@@ -147,29 +187,13 @@ func HandleRecordStream(queue *pubsub.Queue, configDirectory string, configurati
 				// If not yet started and a keyframe, let's make a recording
 				if !start && pkt.IsKeyFrame {

-					// Check if within time interval
-					nowInTimezone := time.Now().In(loc)
-					weekday := nowInTimezone.Weekday()
-					hour := nowInTimezone.Hour()
-					minute := nowInTimezone.Minute()
-					second := nowInTimezone.Second()
-					timeEnabled := config.Time
-					timeInterval := config.Timetable[int(weekday)]
-
-					if timeEnabled == "true" && timeInterval != nil {
-						start1 := timeInterval.Start1
-						end1 := timeInterval.End1
-						start2 := timeInterval.Start2
-						end2 := timeInterval.End2
-						currentTimeInSeconds := hour*60*60 + minute*60 + second
-						if (currentTimeInSeconds >= start1 && currentTimeInSeconds <= end1) ||
-							(currentTimeInSeconds >= start2 && currentTimeInSeconds <= end2) {
-
-						} else {
-							log.Log.Debug("HandleRecordStream: Disabled: no continuous recording at this moment. Not within specified time interval.")
-							time.Sleep(5 * time.Second)
-							continue
-						}
+					// We might have different conditions enabled such as time window or uri response.
+					// We'll validate those conditions and if not valid we'll not do anything.
+					valid, err := conditions.Validate(loc, configuration)
+					if !valid && err != nil {
+						log.Log.Debug("capture.main.HandleRecordStream(continuous): " + err.Error() + ".")
+						time.Sleep(5 * time.Second)
+						continue
 					}

 					start = true
@@ -196,39 +220,60 @@ func HandleRecordStream(queue *pubsub.Queue, configDirectory string, configurati
 					fullName = configDirectory + "/data/recordings/" + name

 					// Running...
-					log.Log.Info("Recording started")
+					log.Log.Info("capture.main.HandleRecordStream(continuous): recording started")

 					file, err = os.Create(fullName)
 					if err == nil {
-						myMuxer = mp4.NewMuxer(file)
+						//cws = newCacheWriterSeeker(4096)
+						myMuxer, _ = mp4.CreateMp4Muxer(file)
+						// We choose between H264 and H265
+						width := configuration.Config.Capture.IPCamera.Width
+						height := configuration.Config.Capture.IPCamera.Height
+						widthOption := mp4.WithVideoWidth(uint32(width))
+						heightOption := mp4.WithVideoHeight(uint32(height))
+						if pkt.Codec == "H264" {
+							videoTrack = myMuxer.AddVideoTrack(mp4.MP4_CODEC_H264, widthOption, heightOption)
+						} else if pkt.Codec == "H265" {
+							videoTrack = myMuxer.AddVideoTrack(mp4.MP4_CODEC_H265, widthOption, heightOption)
+						}
+						// For an MP4 container, AAC is the only audio codec supported.
+						audioTrack = myMuxer.AddAudioTrack(mp4.MP4_CODEC_AAC)
+					} else {
+						log.Log.Error("capture.main.HandleRecordStream(continuous): " + err.Error())
 					}

-					log.Log.Info("HandleRecordStream: composing recording")
-					log.Log.Info("HandleRecordStream: write header")
-
-					// Creating the file, might block sometimes.
-					if err := myMuxer.WriteHeader(streams); err != nil {
-						log.Log.Error(err.Error())
-					}
-
-					if err := myMuxer.WritePacket(pkt); err != nil {
-						log.Log.Error(err.Error())
+					ttime := convertPTS(pkt.TimeLegacy)
+					if pkt.IsVideo {
+						if err := myMuxer.Write(videoTrack, pkt.Data, ttime, ttime); err != nil {
+							log.Log.Error("capture.main.HandleRecordStream(continuous): " + err.Error())
+						}
+					} else if pkt.IsAudio {
+						if pkt.Codec == "AAC" {
+							if err := myMuxer.Write(audioTrack, pkt.Data, ttime, ttime); err != nil {
+								log.Log.Error("capture.main.HandleRecordStream(continuous): " + err.Error())
+							}
+						} else if pkt.Codec == "PCM_MULAW" {
+							// TODO: transcode to AAC, some work to do..
+							log.Log.Debug("capture.main.HandleRecordStream(continuous): no AAC audio codec detected, skipping audio track.")
+						}
 					}

 					recordingStatus = "started"

 				} else if start {
-					if err := myMuxer.WritePacket(pkt); err != nil {
-						log.Log.Error(err.Error())
-					}
-
-					// We will sync to file every keyframe.
-					if pkt.IsKeyFrame {
-						err := file.Sync()
-						if err != nil {
-							log.Log.Error(err.Error())
-						} else {
-							log.Log.Info("HandleRecordStream: Synced file: " + name)
+					ttime := convertPTS(pkt.TimeLegacy)
+					if pkt.IsVideo {
+						if err := myMuxer.Write(videoTrack, pkt.Data, ttime, ttime); err != nil {
+							log.Log.Error("capture.main.HandleRecordStream(continuous): " + err.Error())
+						}
+					} else if pkt.IsAudio {
+						if pkt.Codec == "AAC" {
+							if err := myMuxer.Write(audioTrack, pkt.Data, ttime, ttime); err != nil {
+								log.Log.Error("capture.main.HandleRecordStream(continuous): " + err.Error())
+							}
+						} else if pkt.Codec == "PCM_MULAW" {
+							// TODO: transcode to AAC, some work to do..
+							log.Log.Debug("capture.main.HandleRecordStream(continuous): no AAC audio codec detected, skipping audio track.")
 						}
 					}
 				}
@@ -240,17 +285,15 @@ func HandleRecordStream(queue *pubsub.Queue, configDirectory string, configurati
 			// If this happens we need to check to properly close the recording.
 			if cursorError != nil {
 				if recordingStatus == "started" {
-
 					// This will write the trailer a well.
 					if err := myMuxer.WriteTrailer(); err != nil {
 						log.Log.Error(err.Error())
 					}

-					log.Log.Info("HandleRecordStream: Recording finished: file save: " + name)
+					log.Log.Info("capture.main.HandleRecordStream(continuous): Recording finished: file save: " + name)
+
 					// Cleanup muxer
 					start = false
-					myMuxer.Close()
-					myMuxer = nil
 					file.Close()
 					file = nil

@@ -259,24 +302,49 @@ func HandleRecordStream(queue *pubsub.Queue, configDirectory string, configurati
 						utils.CreateFragmentedMP4(fullName, config.Capture.FragmentedDuration)
 					}

+					// Check if we need to encrypt the recording.
+					if config.Encryption != nil && config.Encryption.Enabled == "true" && config.Encryption.Recordings == "true" && config.Encryption.SymmetricKey != "" {
+						// reopen file into memory 'fullName'
+						contents, err := os.ReadFile(fullName)
+						if err == nil {
+							// encrypt
+							encryptedContents, err := encryption.AesEncrypt(contents, config.Encryption.SymmetricKey)
+							if err == nil {
+								// write back to file
+								err := os.WriteFile(fullName, []byte(encryptedContents), 0644)
+								if err != nil {
+									log.Log.Error("capture.main.HandleRecordStream(motiondetection): error writing file: " + err.Error())
+								}
+							} else {
+								log.Log.Error("capture.main.HandleRecordStream(motiondetection): error encrypting file: " + err.Error())
+							}
+						} else {
+							log.Log.Error("capture.main.HandleRecordStream(motiondetection): error reading file: " + err.Error())
+						}
+					}
+
 					// Create a symbol link.
 					fc, _ := os.Create(configDirectory + "/data/cloud/" + name)
 					fc.Close()

 					recordingStatus = "idle"
+
+					// Clean up the recording directory if necessary.
+					CleanupRecordingDirectory(configDirectory, configuration)
 				}
 			}
 		} else {

-			log.Log.Info("HandleRecordStream: Start motion based recording ")
+			log.Log.Info("capture.main.HandleRecordStream(motiondetection): Start motion based recording ")

-			var myMuxer *mp4.Muxer
-			var file *os.File
-			var err error
-
-			var lastDuration time.Duration
+			var lastDuration int64
 			var lastRecordingTime int64

+			//var cws *cacheWriterSeeker
+			var myMuxer *mp4.Movmuxer
+			var videoTrack uint32
+			var audioTrack uint32
+
 			for motion := range communication.HandleMotion {

 				timestamp = time.Now().Unix()
@@ -319,26 +387,32 @@ func HandleRecordStream(queue *pubsub.Queue, configDirectory string, configurati
 				fullName := configDirectory + "/data/recordings/" + name

 				// Running...
-				log.Log.Info("HandleRecordStream: Recording started")
-				file, err = os.Create(fullName)
-				if err == nil {
-					myMuxer = mp4.NewMuxer(file)
-				}
+				log.Log.Info("capture.main.HandleRecordStream(motiondetection): recording started")
+				file, _ = os.Create(fullName)
+				myMuxer, _ = mp4.CreateMp4Muxer(file)

+				// Check which video codec we need to use.
+				videoSteams, _ := rtspClient.GetVideoStreams()
+				for _, stream := range videoSteams {
+					width := configuration.Config.Capture.IPCamera.Width
+					height := configuration.Config.Capture.IPCamera.Height
+					widthOption := mp4.WithVideoWidth(uint32(width))
+					heightOption := mp4.WithVideoHeight(uint32(height))
+					if stream.Name == "H264" {
+						videoTrack = myMuxer.AddVideoTrack(mp4.MP4_CODEC_H264, widthOption, heightOption)
+					} else if stream.Name == "H265" {
+						videoTrack = myMuxer.AddVideoTrack(mp4.MP4_CODEC_H265, widthOption, heightOption)
+					}
+				}
+				// For an MP4 container, AAC is the only audio codec supported.
+				audioTrack = myMuxer.AddAudioTrack(mp4.MP4_CODEC_AAC)
 				start := false

-				log.Log.Info("HandleRecordStream: composing recording")
-				log.Log.Info("HandleRecordStream: write header")
-				// Creating the file, might block sometimes.
-				if err := myMuxer.WriteHeader(streams); err != nil {
-					log.Log.Error(err.Error())
-				}
-
 				// Get as much packets we need.
 				var cursorError error
-				var pkt av.Packet
-				var nextPkt av.Packet
-				recordingCursor := queue.DelayedGopCount(int(config.Capture.PreRecording))
+				var pkt packets.Packet
+				var nextPkt packets.Packet
+				recordingCursor := queue.DelayedGopCount(int(config.Capture.PreRecording + 1))

 				if cursorError == nil {
 					pkt, cursorError = recordingCursor.ReadPacket()
@@ -348,39 +422,51 @@ func HandleRecordStream(queue *pubsub.Queue, configDirectory string, configurati

 					nextPkt, cursorError = recordingCursor.ReadPacket()
 					if cursorError != nil {
-						log.Log.Error("HandleRecordStream: " + cursorError.Error())
+						log.Log.Error("capture.main.HandleRecordStream(motiondetection): " + cursorError.Error())
 					}

 					now := time.Now().Unix()
 					select {
 					case motion := <-communication.HandleMotion:
 						timestamp = now
-						log.Log.Info("HandleRecordStream: motion detected while recording. Expanding recording.")
+						log.Log.Info("capture.main.HandleRecordStream(motiondetection): motion detected while recording. Expanding recording.")
 						numberOfChanges = motion.NumberOfChanges
-						log.Log.Info("Received message with recording data, detected changes to save: " + strconv.Itoa(numberOfChanges))
+						log.Log.Info("capture.main.HandleRecordStream(motiondetection): Received message with recording data, detected changes to save: " + strconv.Itoa(numberOfChanges))
 					default:
 					}

 					if (timestamp+recordingPeriod-now < 0 || now-startRecording > maxRecordingPeriod) && nextPkt.IsKeyFrame {
-						log.Log.Info("HandleRecordStream: closing recording (timestamp: " + strconv.FormatInt(timestamp, 10) + ", recordingPeriod: " + strconv.FormatInt(recordingPeriod, 10) + ", now: " + strconv.FormatInt(now, 10) + ", startRecording: " + strconv.FormatInt(startRecording, 10) + ", maxRecordingPeriod: " + strconv.FormatInt(maxRecordingPeriod, 10))
+						log.Log.Info("capture.main.HandleRecordStream(motiondetection): closing recording (timestamp: " + strconv.FormatInt(timestamp, 10) + ", recordingPeriod: " + strconv.FormatInt(recordingPeriod, 10) + ", now: " + strconv.FormatInt(now, 10) + ", startRecording: " + strconv.FormatInt(startRecording, 10) + ", maxRecordingPeriod: " + strconv.FormatInt(maxRecordingPeriod, 10))
 						break
 					}
 					if pkt.IsKeyFrame && !start && pkt.Time >= lastDuration {
-						log.Log.Info("HandleRecordStream: write frames")
+						log.Log.Debug("capture.main.HandleRecordStream(motiondetection): write frames")
 						start = true
 					}
 					if start {
-						if err := myMuxer.WritePacket(pkt); err != nil {
-							log.Log.Error(err.Error())
+						ttime := convertPTS(pkt.TimeLegacy)
+						if pkt.IsVideo {
+							if err := myMuxer.Write(videoTrack, pkt.Data, ttime, ttime); err != nil {
+								log.Log.Error("capture.main.HandleRecordStream(motiondetection): " + err.Error())
+							}
+						} else if pkt.IsAudio {
+							if pkt.Codec == "AAC" {
+								if err := myMuxer.Write(audioTrack, pkt.Data, ttime, ttime); err != nil {
+									log.Log.Error("capture.main.HandleRecordStream(motiondetection): " + err.Error())
+								}
+							} else if pkt.Codec == "PCM_MULAW" {
+								// TODO: transcode to AAC, some work to do..
+								log.Log.Debug("capture.main.HandleRecordStream(motiondetection): no AAC audio codec detected, skipping audio track.")
+							}
 						}

 						// We will sync to file every keyframe.
 						if pkt.IsKeyFrame {
 							err := file.Sync()
 							if err != nil {
-								log.Log.Error(err.Error())
+								log.Log.Error("capture.main.HandleRecordStream(motiondetection): " + err.Error())
 							} else {
-								log.Log.Info("HandleRecordStream: Synced file: " + name)
+								log.Log.Debug("capture.main.HandleRecordStream(motiondetection): synced file " + name)
 							}
 						}
 					}
@@ -388,16 +474,13 @@ func HandleRecordStream(queue *pubsub.Queue, configDirectory string, configurati
 					pkt = nextPkt
 				}

-				// This will write the trailer as well.
-				myMuxer.WriteTrailerWithPacket(nextPkt)
-				log.Log.Info("HandleRecordStream:  file save: " + name)
+				// This will write the trailer a well.
+				myMuxer.WriteTrailer()
+
+				log.Log.Info("capture.main.HandleRecordStream(motiondetection): file save: " + name)

 				lastDuration = pkt.Time
 				lastRecordingTime = time.Now().Unix()
-
-				// Cleanup muxer
-				myMuxer.Close()
-				myMuxer = nil
 				file.Close()
 				file = nil

@@ -417,13 +500,13 @@ func HandleRecordStream(queue *pubsub.Queue, configDirectory string, configurati
 							// write back to file
 							err := os.WriteFile(fullName, []byte(encryptedContents), 0644)
 							if err != nil {
-								log.Log.Error("HandleRecordStream: error writing file: " + err.Error())
+								log.Log.Error("capture.main.HandleRecordStream(motiondetection): error writing file: " + err.Error())
 							}
 						} else {
-							log.Log.Error("HandleRecordStream: error encrypting file: " + err.Error())
+							log.Log.Error("capture.main.HandleRecordStream(motiondetection): error encrypting file: " + err.Error())
 						}
 					} else {
-						log.Log.Error("HandleRecordStream: error reading file: " + err.Error())
+						log.Log.Error("capture.main.HandleRecordStream(motiondetection): error reading file: " + err.Error())
 					}
 				}

@@ -436,7 +519,7 @@ func HandleRecordStream(queue *pubsub.Queue, configDirectory string, configurati
 			}
 		}

-		log.Log.Debug("HandleRecordStream: finished")
+		log.Log.Debug("capture.main.HandleRecordStream(): finished")
 	}
 }

@@ -469,30 +552,46 @@ func VerifyCamera(c *gin.Context) {
 		if streamType == "secondary" {
 			rtspUrl = cameraStreams.SubRTSP
 		}
-		_, codecs, err := OpenRTSP(ctx, rtspUrl)
+
+		// Currently only support H264 encoded cameras, this will change.
+		// Establishing the camera connection without backchannel if no substream
+		rtspClient := &Golibrtsp{
+			Url: rtspUrl,
+		}
+
+		err := rtspClient.Connect(ctx)
 		if err == nil {

+			// Get the streams from the rtsp client.
+			streams, _ := rtspClient.GetStreams()
+
 			videoIdx := -1
 			audioIdx := -1
-			for i, codec := range codecs {
-				if codec.Type().String() == "H264" && videoIdx < 0 {
+			for i, stream := range streams {
+				if (stream.Name == "H264" || stream.Name == "H265") && videoIdx < 0 {
 					videoIdx = i
-				} else if codec.Type().String() == "PCM_MULAW" && audioIdx < 0 {
+				} else if stream.Name == "PCM_MULAW" && audioIdx < 0 {
 					audioIdx = i
 				}
 			}

-			if videoIdx > -1 {
-				c.JSON(200, models.APIResponse{
-					Message: "All good, detected a H264 codec.",
-					Data:    codecs,
-				})
+			err := rtspClient.Close()
+			if err == nil {
+				if videoIdx > -1 {
+					c.JSON(200, models.APIResponse{
+						Message: "All good, detected a H264 codec.",
+						Data:    streams,
+					})
+				} else {
+					c.JSON(400, models.APIResponse{
+						Message: "Stream doesn't have a H264 codec, we only support H264 so far.",
+					})
+				}
 			} else {
 				c.JSON(400, models.APIResponse{
-					Message: "Stream doesn't have a H264 codec, we only support H264 so far.",
+					Message: "Something went wrong while closing the connection " + err.Error(),
 				})
 			}
-
 		} else {
 			c.JSON(400, models.APIResponse{
 				Message: err.Error(),
@@ -504,3 +603,98 @@ func VerifyCamera(c *gin.Context) {
 		})
 	}
 }
+
+func Base64Image(captureDevice *Capture, communication *models.Communication) string {
+	// We'll try to get a snapshot from the camera.
+	var queue *packets.Queue
+	var cursor *packets.QueueCursor
+
+	// We'll pick the right client and decoder.
+	rtspClient := captureDevice.RTSPSubClient
+	if rtspClient != nil {
+		queue = communication.SubQueue
+		cursor = queue.Latest()
+	} else {
+		rtspClient = captureDevice.RTSPClient
+		queue = communication.Queue
+		cursor = queue.Latest()
+	}
+
+	// We'll try to have a keyframe, if not we'll return an empty string.
+	var encodedImage string
+	// Try for 3 times in a row.
+	count := 0
+	for count < 3 {
+		if queue != nil && cursor != nil && rtspClient != nil {
+			pkt, err := cursor.ReadPacket()
+			if err == nil {
+				if !pkt.IsKeyFrame {
+					continue
+				}
+				var img image.YCbCr
+				img, err = (*rtspClient).DecodePacket(pkt)
+				if err == nil {
+					bytes, _ := utils.ImageToBytes(&img)
+					encodedImage = base64.StdEncoding.EncodeToString(bytes)
+					break
+				} else {
+					count++
+					continue
+				}
+			}
+		} else {
+			break
+		}
+	}
+	return encodedImage
+}
+
+func JpegImage(captureDevice *Capture, communication *models.Communication) image.YCbCr {
+	// We'll try to get a snapshot from the camera.
+	var queue *packets.Queue
+	var cursor *packets.QueueCursor
+
+	// We'll pick the right client and decoder.
+	rtspClient := captureDevice.RTSPSubClient
+	if rtspClient != nil {
+		queue = communication.SubQueue
+		cursor = queue.Latest()
+	} else {
+		rtspClient = captureDevice.RTSPClient
+		queue = communication.Queue
+		cursor = queue.Latest()
+	}
+
+	// We'll try to have a keyframe, if not we'll return an empty string.
+	var image image.YCbCr
+	// Try for 3 times in a row.
+	count := 0
+	for count < 3 {
+		if queue != nil && cursor != nil && rtspClient != nil {
+			pkt, err := cursor.ReadPacket()
+			if err == nil {
+				if !pkt.IsKeyFrame {
+					continue
+				}
+				image, err = (*rtspClient).DecodePacket(pkt)
+				if err != nil {
+					count++
+					continue
+				} else {
+					break
+				}
+			}
+		} else {
+			break
+		}
+	}
+	return image
+}
+
+func convertPTS(v time.Duration) uint64 {
+	return uint64(v.Milliseconds())
+}
+
+func convertPTS2(v int64) uint64 {
+	return uint64(v) / 100
+}
--- a/machinery/src/cloud/Cloud.go
+++ b/machinery/src/cloud/Cloud.go
@@ -6,28 +6,26 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"os"
 	"strings"
-	"sync"

+	"github.com/dromara/carbon/v2"
 	"github.com/elastic/go-sysinfo"
 	"github.com/gin-gonic/gin"
-	"github.com/golang-module/carbon/v2"
-	"github.com/kerberos-io/joy4/av/pubsub"

 	mqtt "github.com/eclipse/paho.mqtt.golang"
-	av "github.com/kerberos-io/joy4/av"
-	"github.com/kerberos-io/joy4/cgo/ffmpeg"

 	"net/http"
 	"strconv"
 	"time"

-	"github.com/kerberos-io/agent/machinery/src/computervision"
+	"github.com/kerberos-io/agent/machinery/src/capture"
+	"github.com/kerberos-io/agent/machinery/src/encryption"
 	"github.com/kerberos-io/agent/machinery/src/log"
 	"github.com/kerberos-io/agent/machinery/src/models"
 	"github.com/kerberos-io/agent/machinery/src/onvif"
+	"github.com/kerberos-io/agent/machinery/src/packets"
 	"github.com/kerberos-io/agent/machinery/src/utils"
 	"github.com/kerberos-io/agent/machinery/src/webrtc"
 )
@@ -166,10 +164,10 @@ func GetSystemInfo() (models.System, error) {

 	// Read agent version
 	version, err := os.Open("./version")
-	defer version.Close()
 	agentVersion = "unknown"
 	if err == nil {
-		agentVersionBytes, err := ioutil.ReadAll(version)
+		defer version.Close()
+		agentVersionBytes, err := io.ReadAll(version)
 		agentVersion = string(agentVersionBytes)
 		if err != nil {
 			log.Log.Error(err.Error())
@@ -220,15 +218,205 @@ func GetSystemInfo() (models.System, error) {
 }

 func HandleHeartBeat(configuration *models.Configuration, communication *models.Communication, uptimeStart time.Time) {
-	log.Log.Debug("HandleHeartBeat: started")
+	log.Log.Debug("cloud.HandleHeartBeat(): started")
+
+	var client *http.Client
+	if os.Getenv("AGENT_TLS_INSECURE") == "true" {
+		tr := &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+		}
+		client = &http.Client{Transport: tr}
+	} else {
+		client = &http.Client{}
+	}
+
+	kerberosAgentVersion := utils.VERSION
+
+	// Create a loop pull point address, which we will use to retrieve async events
+	// As you'll read below camera manufactures are having different implementations of events.
+	var pullPointAddressLoopState string
+	if configuration.Config.Capture.IPCamera.ONVIFXAddr != "" {
+		cameraConfiguration := configuration.Config.Capture.IPCamera
+		device, _, err := onvif.ConnectToOnvifDevice(&cameraConfiguration)
+		if err != nil {
+			pullPointAddressLoopState, err = onvif.CreatePullPointSubscription(device)
+			if err != nil {
+				log.Log.Error("cloud.HandleHeartBeat(): error while creating pull point subscription: " + err.Error())
+			}
+		}
+	}

 loop:
 	for {
-
+		// Configuration migh have changed, so we will reload it.
 		config := configuration.Config

+		// We'll check ONVIF capabilitites anyhow.. Verify if we have PTZ, presets and inputs/outputs.
+		// For the inputs we will keep track of a the inputs and outputs state.
+		onvifEnabled := "false"
+		onvifZoom := "false"
+		onvifPanTilt := "false"
+		onvifPresets := "false"
+		var onvifPresetsList []byte
+		var onvifEventsList []byte
+		if config.Capture.IPCamera.ONVIFXAddr != "" {
+			cameraConfiguration := configuration.Config.Capture.IPCamera
+			device, _, err := onvif.ConnectToOnvifDevice(&cameraConfiguration)
+			if err == nil {
+				// We will try to retrieve the PTZ configurations from the device.
+				onvifEnabled = "true"
+				configurations, err := onvif.GetPTZConfigurationsFromDevice(device)
+				if err == nil {
+					_, canZoom, canPanTilt := onvif.GetPTZFunctionsFromDevice(configurations)
+					if canZoom {
+						onvifZoom = "true"
+					}
+					if canPanTilt {
+						onvifPanTilt = "true"
+					}
+					// Try to read out presets
+					presets, err := onvif.GetPresetsFromDevice(device)
+					if err == nil && len(presets) > 0 {
+						onvifPresets = "true"
+						onvifPresetsList, err = json.Marshal(presets)
+						if err != nil {
+							log.Log.Error("cloud.HandleHeartBeat(): error while marshalling presets: " + err.Error())
+							onvifPresetsList = []byte("[]")
+						}
+					} else {
+						if err != nil {
+							log.Log.Debug("cloud.HandleHeartBeat(): error while getting presets: " + err.Error())
+						} else {
+							log.Log.Debug("cloud.HandleHeartBeat(): no presets found.")
+						}
+						onvifPresetsList = []byte("[]")
+					}
+				} else {
+					log.Log.Debug("cloud.HandleHeartBeat(): error while getting PTZ configurations: " + err.Error())
+					onvifPresetsList = []byte("[]")
+				}
+
+				// We will also fetch some events, to know the status of the inputs and outputs.
+				// More event types might be added.
+				// -- We have two differen pull point subscriptions, one for the initials events and one for the loop.
+				// -- Some cameras do send recurrent events, others don't.
+				//   a. For some older Hikvision models, events are send repeatedly (if input is high) with the strong state (set to false).
+				//      - In this scenarion we are using a polling mechanism and set a timestamp to understand if the input is still active.
+				//   b. For some newer Hikvision models, Avigilon, events are send only once (if state is set active).
+				//      - In this scenario we are creating a new subscription to retrieve the initial (current) state of the inputs and outputs.
+
+				// Get a new pull point address, to get the initiatal state of the inputs and outputs.
+				pullPointAddressInitialState, err := onvif.CreatePullPointSubscription(device)
+				if err != nil {
+					log.Log.Error("cloud.HandleHeartBeat(): error while creating pull point subscription: " + err.Error())
+				}
+				if pullPointAddressInitialState != "" {
+					log.Log.Debug("cloud.HandleHeartBeat(): Fetching events from pullPointAddressInitialState")
+					events, err := onvif.GetEventMessages(device, pullPointAddressInitialState)
+					log.Log.Debug("cloud.HandleHeartBeat(): Completed fetching events from pullPointAddressInitialState")
+					if err == nil && len(events) > 0 {
+						onvifEventsList, err = json.Marshal(events)
+						if err != nil {
+							log.Log.Error("cloud.HandleHeartBeat(): error while marshalling events: " + err.Error())
+							onvifEventsList = []byte("[]")
+						}
+					} else if err != nil {
+						log.Log.Error("cloud.HandleHeartBeat(): error while getting events: " + err.Error())
+						onvifEventsList = []byte("[]")
+					} else if len(events) == 0 {
+						log.Log.Debug("cloud.HandleHeartBeat(): no events found.")
+						onvifEventsList = []byte("[]")
+					}
+					onvif.UnsubscribePullPoint(device, pullPointAddressInitialState)
+				}
+
+				// We do a second run an a long-living subscription to get the events asynchronously.
+				if pullPointAddressLoopState != "" {
+					log.Log.Debug("cloud.HandleHeartBeat(): Fetching events from pullPointAddressLoopState")
+					events, err := onvif.GetEventMessages(device, pullPointAddressLoopState)
+					log.Log.Debug("cloud.HandleHeartBeat(): Completed fetching events from pullPointAddressLoopState")
+					if err == nil && len(events) > 0 {
+						onvifEventsList, err = json.Marshal(events)
+						if err != nil {
+							log.Log.Error("cloud.HandleHeartBeat(): error while marshalling events: " + err.Error())
+							onvifEventsList = []byte("[]")
+						}
+					} else if err != nil {
+						log.Log.Error("cloud.HandleHeartBeat(): error while getting events: " + err.Error())
+						onvifEventsList = []byte("[]")
+						pullPointAddressLoopState, err = onvif.CreatePullPointSubscription(device)
+						if err != nil {
+							log.Log.Error("cloud.HandleHeartBeat(): error while creating pull point subscription: " + err.Error())
+						}
+					} else if len(events) == 0 {
+						log.Log.Debug("cloud.HandleHeartBeat(): no events found.")
+						onvifEventsList = []byte("[]")
+					}
+				} else {
+					log.Log.Debug("cloud.HandleHeartBeat(): no pull point address found.")
+					pullPointAddressLoopState, err = onvif.CreatePullPointSubscription(device)
+					if err != nil {
+						log.Log.Error("cloud.HandleHeartBeat(): error while creating pull point subscription: " + err.Error())
+					}
+				}
+
+				// It also might be that events are not supported by the camera, in that case we will try to get the digital inputs and outputs.
+				// Through the `device` API, the `GetDigitalInputs` and `GetDigitalOutputs` functions are called.
+				// The disadvantage of this approach is that we don't have the state of the inputs and outputs (which is crazy..)
+
+				if pullPointAddressInitialState == "" && pullPointAddressLoopState == "" {
+					var events []onvif.ONVIFEvents
+					outputs, err := onvif.GetRelayOutputs(device)
+					if err != nil {
+						log.Log.Debug("cloud.HandleHeartBeat(): error while getting relay outputs: " + err.Error())
+					} else {
+						for _, output := range outputs.RelayOutputs {
+							event := onvif.ONVIFEvents{
+								Key:       string(output.Token),
+								Value:     "false",
+								Type:      "output",
+								Timestamp: time.Now().Unix(),
+							}
+							events = append(events, event)
+						}
+					}
+
+					inputs, err := onvif.GetDigitalInputs(device)
+					if err != nil {
+						log.Log.Debug("cloud.HandleHeartBeat(): error while getting digital inputs: " + err.Error())
+					} else {
+						for _, input := range inputs.DigitalInputs {
+							event := onvif.ONVIFEvents{
+								Key:       string(input.Token),
+								Value:     "false",
+								Type:      "input",
+								Timestamp: time.Now().Unix(),
+							}
+							events = append(events, event)
+						}
+					}
+
+					// Marshal the events
+					onvifEventsList, err = json.Marshal(events)
+					if err != nil {
+						log.Log.Error("cloud.HandleHeartBeat(): error while marshalling events: " + err.Error())
+						onvifEventsList = []byte("[]")
+					}
+				}
+			} else {
+				log.Log.Error("cloud.HandleHeartBeat(): error while connecting to ONVIF device: " + err.Error())
+				onvifPresetsList = []byte("[]")
+				onvifEventsList = []byte("[]")
+			}
+		} else {
+			log.Log.Debug("cloud.HandleHeartBeat(): ONVIF is not enabled.")
+			onvifPresetsList = []byte("[]")
+			onvifEventsList = []byte("[]")
+		}
+
+		// We'll capture some more metrics, and send it to Hub, if not in offline mode ofcourse ;) ;)
 		if config.Offline == "true" {
-			log.Log.Debug("HandleHeartBeat: stopping as Offline is enabled.")
+			log.Log.Debug("cloud.HandleHeartBeat(): stopping as Offline is enabled.")
 		} else {

 			hubURI := config.HeartbeatURI
@@ -236,7 +424,6 @@ loop:
 			username := ""
 			vaultURI := ""

-			username = config.S3.Username
 			if config.Cloud == "s3" && config.S3 != nil && config.S3.Publickey != "" {
 				username = config.S3.Username
 				key = config.S3.Publickey
@@ -283,6 +470,16 @@ loop:
 				hasBackChannel = "true"
 			}

+			hub_encryption := "false"
+			if config.HubEncryption == "true" {
+				hub_encryption = "true"
+			}
+
+			e2e_encryption := "false"
+			if config.Encryption != nil && config.Encryption.Enabled == "true" {
+				e2e_encryption = "true"
+			}
+
 			// We will formated the uptime to a human readable format
 			// this will be used on Kerberos Hub: Uptime -> 1 day and 2 hours.
 			uptimeFormatted := uptimeStart.Format("2006-01-02 15:04:05")
@@ -294,72 +491,14 @@ loop:
 			boottimeString := carbon.Parse(bootTimeFormatted).DiffForHumans()
 			boottimeString = strings.ReplaceAll(boottimeString, "ago", "")

-			// We'll check which mode is enabled for the camera.
-			onvifEnabled := "false"
-			onvifZoom := "false"
-			onvifPanTilt := "false"
-			onvifPresets := "false"
-			var onvifPresetsList []byte
-			if config.Capture.IPCamera.ONVIFXAddr != "" {
-				cameraConfiguration := configuration.Config.Capture.IPCamera
-				device, err := onvif.ConnectToOnvifDevice(&cameraConfiguration)
-				if err == nil {
-					configurations, err := onvif.GetPTZConfigurationsFromDevice(device)
-					if err == nil {
-						onvifEnabled = "true"
-						_, canZoom, canPanTilt := onvif.GetPTZFunctionsFromDevice(configurations)
-						if canZoom {
-							onvifZoom = "true"
-						}
-						if canPanTilt {
-							onvifPanTilt = "true"
-						}
-						// Try to read out presets
-						presets, err := onvif.GetPresetsFromDevice(device)
-						if err == nil && len(presets) > 0 {
-							onvifPresets = "true"
-							onvifPresetsList, err = json.Marshal(presets)
-							if err != nil {
-								log.Log.Error("HandleHeartBeat: error while marshalling presets: " + err.Error())
-								onvifPresetsList = []byte("[]")
-							}
-						} else {
-							if err != nil {
-								log.Log.Error("HandleHeartBeat: error while getting presets: " + err.Error())
-							} else {
-								log.Log.Debug("HandleHeartBeat: no presets found.")
-							}
-							onvifPresetsList = []byte("[]")
-						}
-					} else {
-						log.Log.Error("HandleHeartBeat: error while getting PTZ configurations: " + err.Error())
-						onvifPresetsList = []byte("[]")
-					}
-				} else {
-					log.Log.Error("HandleHeartBeat: error while connecting to ONVIF device: " + err.Error())
-					onvifPresetsList = []byte("[]")
-				}
-			} else {
-				log.Log.Debug("HandleHeartBeat: ONVIF is not enabled.")
-				onvifPresetsList = []byte("[]")
-			}
-
-			var client *http.Client
-			if os.Getenv("AGENT_TLS_INSECURE") == "true" {
-				tr := &http.Transport{
-					TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
-				}
-				client = &http.Client{Transport: tr}
-			} else {
-				client = &http.Client{}
-			}
-
 			// We need a hub URI and hub public key before we will send a heartbeat
 			if hubURI != "" && key != "" {

 				var object = fmt.Sprintf(`{
 						"key" : "%s",
-						"version" : "3.0.0",
+						"version" : "%s",
+						"hub_encryption": "%s",
+						"e2e_encryption": "%s",
 						"release" : "%s",
 						"cpuid" : "%s",
 						"clouduser" : "%s",
@@ -386,6 +525,7 @@ loop:
 						"onvif_pantilt" : "%s",
 						"onvif_presets": "%s",
 						"onvif_presets_list": %s,
+						"onvif_events_list": %s,
 						"cameraConnected": "%s",
 						"hasBackChannel": "%s",
 						"numberoffiles" : "33",
@@ -394,7 +534,26 @@ loop:
 						"docker" : true,
 						"kios" : false,
 						"raspberrypi" : false
-					}`, config.Key, system.Version, system.CPUId, username, key, name, isEnterprise, system.Hostname, system.Architecture, system.TotalMemory, system.UsedMemory, system.FreeMemory, system.ProcessUsedMemory, macs, ips, "0", "0", "0", uptimeString, boottimeString, config.HubSite, onvifEnabled, onvifZoom, onvifPanTilt, onvifPresets, onvifPresetsList, cameraConnected, hasBackChannel)
+					}`, config.Key, kerberosAgentVersion, hub_encryption, e2e_encryption, system.Version, system.CPUId, username, key, name, isEnterprise, system.Hostname, system.Architecture, system.TotalMemory, system.UsedMemory, system.FreeMemory, system.ProcessUsedMemory, macs, ips, "0", "0", "0", uptimeString, boottimeString, config.HubSite, onvifEnabled, onvifZoom, onvifPanTilt, onvifPresets, onvifPresetsList, onvifEventsList, cameraConnected, hasBackChannel)
+
+				// Get the private key to encrypt the data using symmetric encryption: AES.
+				privateKey := config.HubPrivateKey
+				if hub_encryption == "true" && privateKey != "" {
+					// Encrypt the data using AES.
+					encrypted, err := encryption.AesEncrypt([]byte(object), privateKey)
+					if err != nil {
+						encrypted = []byte("")
+						log.Log.Error("cloud.HandleHeartBeat(): error while encrypting data: " + err.Error())
+					}
+
+					// Base64 encode the encrypted data.
+					encryptedBase64 := base64.StdEncoding.EncodeToString(encrypted)
+					object = fmt.Sprintf(`{
+						"cloudpublicKey": "%s",
+						"encrypted" : %t,
+						"encryptedData" : "%s"
+					}`, config.HubKey, true, encryptedBase64)
+				}

 				var jsonStr = []byte(object)
 				buffy := bytes.NewBuffer(jsonStr)
@@ -406,25 +565,27 @@ loop:
 				}
 				if err == nil && resp.StatusCode == 200 {
 					communication.CloudTimestamp.Store(time.Now().Unix())
-					log.Log.Info("HandleHeartBeat: (200) Heartbeat received by Kerberos Hub.")
+					log.Log.Info("cloud.HandleHeartBeat(): (200) Heartbeat received by Kerberos Hub.")
 				} else {
 					if communication.CloudTimestamp != nil && communication.CloudTimestamp.Load() != nil {
 						communication.CloudTimestamp.Store(int64(0))
 					}
-					log.Log.Error("HandleHeartBeat: (400) Something went wrong while sending to Kerberos Hub.")
+					log.Log.Error("cloud.HandleHeartBeat(): (400) Something went wrong while sending to Kerberos Hub.")
 				}
 			} else {
-				log.Log.Error("HandleHeartBeat: Disabled as we do not have a public key defined.")
+				log.Log.Error("cloud.HandleHeartBeat(): Disabled as we do not have a public key defined.")
 			}

 			// If we have a Kerberos Vault connected, we will also send some analytics
 			// to that service.
 			vaultURI = config.KStorage.URI
-			if vaultURI != "" {
+			accessKey := config.KStorage.AccessKey
+			secretAccessKey := config.KStorage.SecretAccessKey
+			if vaultURI != "" && accessKey != "" && secretAccessKey != "" {

 				var object = fmt.Sprintf(`{
 					"key" : "%s",
-					"version" : "3.0.0",
+					"version" : "%s",
 					"release" : "%s",
 					"cpuid" : "%s",
 					"clouduser" : "%s",
@@ -458,7 +619,7 @@ loop:
 					"docker" : true,
 					"kios" : false,
 					"raspberrypi" : false
-				}`, config.Key, system.Version, system.CPUId, username, key, name, isEnterprise, system.Hostname, system.Architecture, system.TotalMemory, system.UsedMemory, system.FreeMemory, system.ProcessUsedMemory, macs, ips, "0", "0", "0", uptimeString, boottimeString, config.HubSite, onvifEnabled, onvifZoom, onvifPanTilt, onvifPresets, onvifPresetsList, cameraConnected)
+				}`, config.Key, kerberosAgentVersion, system.Version, system.CPUId, username, key, name, isEnterprise, system.Hostname, system.Architecture, system.TotalMemory, system.UsedMemory, system.FreeMemory, system.ProcessUsedMemory, macs, ips, "0", "0", "0", uptimeString, boottimeString, config.HubSite, onvifEnabled, onvifZoom, onvifPanTilt, onvifPresets, onvifPresetsList, cameraConnected)

 				var jsonStr = []byte(object)
 				buffy := bytes.NewBuffer(jsonStr)
@@ -470,9 +631,9 @@ loop:
 					resp.Body.Close()
 				}
 				if err == nil && resp.StatusCode == 200 {
-					log.Log.Info("HandleHeartBeat: (200) Heartbeat received by Kerberos Vault.")
+					log.Log.Info("cloud.HandleHeartBeat(): (200) Heartbeat received by Kerberos Vault.")
 				} else {
-					log.Log.Error("HandleHeartBeat: (400) Something went wrong while sending to Kerberos Vault.")
+					log.Log.Error("cloud.HandleHeartBeat(): (400) Something went wrong while sending to Kerberos Vault.")
 				}
 			}
 		}
@@ -482,30 +643,35 @@ loop:
 		select {
 		case <-communication.HandleHeartBeat:
 			break loop
-		case <-time.After(15 * time.Second):
+		case <-time.After(10 * time.Second):
 		}
 	}

-	log.Log.Debug("HandleHeartBeat: finished")
+	if pullPointAddressLoopState != "" {
+		cameraConfiguration := configuration.Config.Capture.IPCamera
+		device, _, err := onvif.ConnectToOnvifDevice(&cameraConfiguration)
+		if err != nil {
+			onvif.UnsubscribePullPoint(device, pullPointAddressLoopState)
+		}
+	}
+
+	log.Log.Debug("cloud.HandleHeartBeat(): finished")
 }

-func HandleLiveStreamSD(livestreamCursor *pubsub.QueueCursor, configuration *models.Configuration, communication *models.Communication, mqttClient mqtt.Client, decoder *ffmpeg.VideoDecoder, decoderMutex *sync.Mutex) {
+func HandleLiveStreamSD(livestreamCursor *packets.QueueCursor, configuration *models.Configuration, communication *models.Communication, mqttClient mqtt.Client, rtspClient capture.RTSPClient) {

-	log.Log.Debug("HandleLiveStreamSD: started")
+	log.Log.Debug("cloud.HandleLiveStreamSD(): started")

 	config := configuration.Config

 	// If offline made is enabled, we will stop the thread.
 	if config.Offline == "true" {
-		log.Log.Debug("HandleLiveStreamSD: stopping as Offline is enabled.")
+		log.Log.Debug("cloud.HandleLiveStreamSD(): stopping as Offline is enabled.")
 	} else {

 		// Check if we need to enable the live stream
 		if config.Capture.Liveview != "false" {

-			// Allocate frame
-			frame := ffmpeg.AllocVideoFrame()
-
 			hubKey := ""
 			if config.Cloud == "s3" && config.S3 != nil && config.S3.Publickey != "" {
 				hubKey = config.S3.Publickey
@@ -520,7 +686,7 @@ func HandleLiveStreamSD(livestreamCursor *pubsub.QueueCursor, configuration *mod
 			lastLivestreamRequest := int64(0)

 			var cursorError error
-			var pkt av.Packet
+			var pkt packets.Packet

 			for cursorError == nil {
 				pkt, cursorError = livestreamCursor.ReadPacket()
@@ -536,10 +702,10 @@ func HandleLiveStreamSD(livestreamCursor *pubsub.QueueCursor, configuration *mod
 				if now-lastLivestreamRequest > 3 {
 					continue
 				}
-				log.Log.Info("HandleLiveStreamSD: Sending base64 encoded images to MQTT.")
-				_, err := computervision.GetRawImage(frame, pkt, decoder, decoderMutex)
+				log.Log.Info("cloud.HandleLiveStreamSD(): Sending base64 encoded images to MQTT.")
+				img, err := rtspClient.DecodePacket(pkt)
 				if err == nil {
-					bytes, _ := computervision.ImageToBytes(&frame.Image)
+					bytes, _ := utils.ImageToBytes(&img)
 					encoded := base64.StdEncoding.EncodeToString(bytes)

 					valueMap := make(map[string]interface{})
@@ -555,70 +721,124 @@ func HandleLiveStreamSD(livestreamCursor *pubsub.QueueCursor, configuration *mod
 					if err == nil {
 						mqttClient.Publish("kerberos/hub/"+hubKey, 0, false, payload)
 					} else {
-						log.Log.Info("HandleRequestConfig: something went wrong while sending acknowledge config to hub: " + string(payload))
+						log.Log.Info("cloud.HandleLiveStreamSD(): something went wrong while sending acknowledge config to hub: " + string(payload))
 					}
 				}
 			}

-			// Cleanup the frame.
-			frame.Free()
-
 		} else {
-			log.Log.Debug("HandleLiveStreamSD: stopping as Liveview is disabled.")
+			log.Log.Debug("cloud.HandleLiveStreamSD(): stopping as Liveview is disabled.")
 		}
 	}

-	log.Log.Debug("HandleLiveStreamSD: finished")
+	log.Log.Debug("cloud.HandleLiveStreamSD(): finished")
 }

-func HandleLiveStreamHD(livestreamCursor *pubsub.QueueCursor, configuration *models.Configuration, communication *models.Communication, mqttClient mqtt.Client, codecs []av.CodecData, decoder *ffmpeg.VideoDecoder, decoderMutex *sync.Mutex) {
+func HandleLiveStreamHD(livestreamCursor *packets.QueueCursor, configuration *models.Configuration, communication *models.Communication, mqttClient mqtt.Client, rtspClient capture.RTSPClient) {

 	config := configuration.Config

 	if config.Offline == "true" {
-		log.Log.Debug("HandleLiveStreamHD: stopping as Offline is enabled.")
+		log.Log.Debug("cloud.HandleLiveStreamHD(): stopping as Offline is enabled.")
 	} else {

 		// Check if we need to enable the live stream
 		if config.Capture.Liveview != "false" {

 			// Should create a track here.
-			videoTrack := webrtc.NewVideoTrack(codecs)
-			audioTrack := webrtc.NewAudioTrack(codecs)
-			go webrtc.WriteToTrack(livestreamCursor, configuration, communication, mqttClient, videoTrack, audioTrack, codecs, decoder, decoderMutex)
+			streams, _ := rtspClient.GetStreams()
+			videoTrack := webrtc.NewVideoTrack(streams)
+			audioTrack := webrtc.NewAudioTrack(streams)
+			go webrtc.WriteToTrack(livestreamCursor, configuration, communication, mqttClient, videoTrack, audioTrack, rtspClient)

 			if config.Capture.ForwardWebRTC == "true" {
-				// We get a request with an offer, but we'll forward it.
-				/*for m := range communication.HandleLiveHDHandshake {
-					// Forward SDP
-					m.CloudKey = config.Key
-					request, err := json.Marshal(m)
-					if err == nil {
-						mqttClient.Publish("kerberos/webrtc/request", 2, false, request)
-					}
-				}*/
-			} else {
-				log.Log.Info("HandleLiveStreamHD: Waiting for peer connections.")
-				for handshake := range communication.HandleLiveHDHandshake {
-					log.Log.Info("HandleLiveStreamHD: setting up a peer connection.")
-					key := config.Key + "/" + handshake.SessionID
-					webrtc.CandidatesMutex.Lock()
-					_, ok := webrtc.CandidateArrays[key]
-					if !ok {
-						webrtc.CandidateArrays[key] = make(chan string)
-					}
-					webrtc.CandidatesMutex.Unlock()
-					webrtc.InitializeWebRTCConnection(configuration, communication, mqttClient, videoTrack, audioTrack, handshake, webrtc.CandidateArrays[key])

+			} else {
+				log.Log.Info("cloud.HandleLiveStreamHD(): Waiting for peer connections.")
+				for handshake := range communication.HandleLiveHDHandshake {
+					log.Log.Info("cloud.HandleLiveStreamHD(): setting up a peer connection.")
+					go webrtc.InitializeWebRTCConnection(configuration, communication, mqttClient, videoTrack, audioTrack, handshake)
 				}
 			}

 		} else {
-			log.Log.Debug("HandleLiveStreamHD: stopping as Liveview is disabled.")
+			log.Log.Debug("cloud.HandleLiveStreamHD(): stopping as Liveview is disabled.")
 		}
 	}
 }

+func HandleRealtimeProcessing(processingCursor *packets.QueueCursor, configuration *models.Configuration, communication *models.Communication, mqttClient mqtt.Client, rtspClient capture.RTSPClient) {
+
+	log.Log.Debug("cloud.RealtimeProcessing(): started")
+
+	config := configuration.Config
+
+	// If offline made is enabled, we will stop the thread.
+	if config.Offline == "true" {
+		log.Log.Debug("cloud.RealtimeProcessing(): stopping as Offline is enabled.")
+	} else {
+
+		// Check if we need to enable the realtime processing
+		if config.RealtimeProcessing == "true" {
+
+			hubKey := ""
+			if config.Cloud == "s3" && config.S3 != nil && config.S3.Publickey != "" {
+				hubKey = config.S3.Publickey
+			} else if config.Cloud == "kstorage" && config.KStorage != nil && config.KStorage.CloudKey != "" {
+				hubKey = config.KStorage.CloudKey
+			}
+			// This is the new way ;)
+			if config.HubKey != "" {
+				hubKey = config.HubKey
+			}
+
+			// We will publish the keyframes to the MQTT topic.
+			realtimeProcessingTopic := "kerberos/keyframes/" + hubKey
+			if config.RealtimeProcessingTopic != "" {
+				realtimeProcessingTopic = config.RealtimeProcessingTopic
+			}
+
+			var cursorError error
+			var pkt packets.Packet
+
+			for cursorError == nil {
+				pkt, cursorError = processingCursor.ReadPacket()
+				if len(pkt.Data) == 0 || !pkt.IsKeyFrame {
+					continue
+				}
+
+				log.Log.Info("cloud.RealtimeProcessing(): Sending base64 encoded images to MQTT.")
+				img, err := rtspClient.DecodePacket(pkt)
+				if err == nil {
+					bytes, _ := utils.ImageToBytes(&img)
+					encoded := base64.StdEncoding.EncodeToString(bytes)
+
+					valueMap := make(map[string]interface{})
+					valueMap["image"] = encoded
+					message := models.Message{
+						Payload: models.Payload{
+							Action:   "receive-keyframe",
+							DeviceId: configuration.Config.Key,
+							Value:    valueMap,
+						},
+					}
+					payload, err := models.PackageMQTTMessage(configuration, message)
+					if err == nil {
+						mqttClient.Publish(realtimeProcessingTopic, 0, false, payload)
+					} else {
+						log.Log.Info("cloud.RealtimeProcessing(): something went wrong while sending acknowledge config to hub: " + string(payload))
+					}
+				}
+			}
+
+		} else {
+			log.Log.Debug("cloud.RealtimeProcessing(): stopping as Liveview is disabled.")
+		}
+	}
+
+	log.Log.Debug("cloud.HandleLiveStreamSD(): finished")
+}
+
 // VerifyHub godoc
 // @Router /api/hub/verify [post]
 // @ID verify-hub
@@ -626,7 +846,7 @@ func HandleLiveStreamHD(livestreamCursor *pubsub.QueueCursor, configuration *mod
 // @securityDefinitions.apikey Bearer
 // @in header
 // @name Authorization
-// @Tags config
+// @Tags persistence
 // @Param config body models.Config true "Config"
 // @Summary Will verify the hub connectivity.
 // @Description Will verify the hub connectivity.
@@ -657,34 +877,34 @@ func VerifyHub(c *gin.Context) {

 			resp, err := client.Do(req)
 			if err == nil {
-				body, err := ioutil.ReadAll(resp.Body)
+				body, err := io.ReadAll(resp.Body)
 				defer resp.Body.Close()
 				if err == nil {
 					if resp.StatusCode == 200 {
 						c.JSON(200, body)
 					} else {
 						c.JSON(400, models.APIResponse{
-							Data: "Something went wrong while reaching the Kerberos Hub API: " + string(body),
+							Data: "cloud.VerifyHub(): something went wrong while reaching the Kerberos Hub API: " + string(body),
 						})
 					}
 				} else {
 					c.JSON(400, models.APIResponse{
-						Data: "Something went wrong while ready the response body: " + err.Error(),
+						Data: "cloud.VerifyHub(): something went wrong while ready the response body: " + err.Error(),
 					})
 				}
 			} else {
 				c.JSON(400, models.APIResponse{
-					Data: "Something went wrong while reaching to the Kerberos Hub API: " + hubURI,
+					Data: "cloud.VerifyHub(): something went wrong while reaching to the Kerberos Hub API: " + hubURI,
 				})
 			}
 		} else {
 			c.JSON(400, models.APIResponse{
-				Data: "Something went wrong while creating the HTTP request: " + err.Error(),
+				Data: "cloud.VerifyHub(): something went wrong while creating the HTTP request: " + err.Error(),
 			})
 		}
 	} else {
 		c.JSON(400, models.APIResponse{
-			Data: "Something went wrong while receiving the config " + err.Error(),
+			Data: "cloud.VerifyHub(): something went wrong while receiving the config " + err.Error(),
 		})
 	}
 }
@@ -696,7 +916,7 @@ func VerifyHub(c *gin.Context) {
 // @securityDefinitions.apikey Bearer
 // @in header
 // @name Authorization
-// @Tags config
+// @Tags persistence
 // @Param config body models.Config true "Config"
 // @Summary Will verify the persistence.
 // @Description Will verify the persistence.
@@ -715,8 +935,8 @@ func VerifyPersistence(c *gin.Context, configDirectory string) {
 				config.HubKey == "" ||
 				config.HubPrivateKey == "" ||
 				config.S3.Region == "" {
-				msg := "VerifyPersistence: Kerberos Hub not properly configured."
-				log.Log.Info(msg)
+				msg := "cloud.VerifyPersistence(kerberoshub): Kerberos Hub not properly configured."
+				log.Log.Error(msg)
 				c.JSON(400, models.APIResponse{
 					Data: msg,
 				})
@@ -725,7 +945,7 @@ func VerifyPersistence(c *gin.Context, configDirectory string) {
 				// Open test-480p.mp4
 				file, err := os.Open(configDirectory + "/data/test-480p.mp4")
 				if err != nil {
-					msg := "VerifyPersistence: error reading test-480p.mp4: " + err.Error()
+					msg := "cloud.VerifyPersistence(kerberoshub): error reading test-480p.mp4: " + err.Error()
 					log.Log.Error(msg)
 					c.JSON(400, models.APIResponse{
 						Data: msg,
@@ -735,7 +955,7 @@ func VerifyPersistence(c *gin.Context, configDirectory string) {

 				req, err := http.NewRequest("POST", config.HubURI+"/storage/upload", file)
 				if err != nil {
-					msg := "VerifyPersistence: error reading Kerberos Hub HEAD request, " + config.HubURI + "/storage: " + err.Error()
+					msg := "cloud.VerifyPersistence(kerberoshub): error reading Kerberos Hub HEAD request, " + config.HubURI + "/storage: " + err.Error()
 					log.Log.Error(msg)
 					c.JSON(400, models.APIResponse{
 						Data: msg,
@@ -769,21 +989,21 @@ func VerifyPersistence(c *gin.Context, configDirectory string) {

 				if err == nil && resp != nil {
 					if resp.StatusCode == 200 {
-						msg := "VerifyPersistence: Upload allowed using the credentials provided (" + config.HubKey + ", " + config.HubPrivateKey + ")"
+						msg := "cloud.VerifyPersistence(kerberoshub): Upload allowed using the credentials provided (" + config.HubKey + ", " + config.HubPrivateKey + ")"
 						log.Log.Info(msg)
 						c.JSON(200, models.APIResponse{
 							Data: msg,
 						})
 					} else {
-						msg := "VerifyPersistence: Upload NOT allowed using the credentials provided (" + config.HubKey + ", " + config.HubPrivateKey + ")"
-						log.Log.Info(msg)
+						msg := "cloud.VerifyPersistence(kerberoshub): Upload NOT allowed using the credentials provided (" + config.HubKey + ", " + config.HubPrivateKey + ")"
+						log.Log.Error(msg)
 						c.JSON(400, models.APIResponse{
 							Data: msg,
 						})
 					}
 				} else {
-					msg := "VerifyPersistence: Error creating Kerberos Hub request"
-					log.Log.Info(msg)
+					msg := "cloud.VerifyPersistence(kerberoshub): Error creating Kerberos Hub request"
+					log.Log.Error(msg)
 					c.JSON(400, models.APIResponse{
 						Data: msg,
 					})
@@ -811,106 +1031,134 @@ func VerifyPersistence(c *gin.Context, configDirectory string) {
 				}

 				req, err := http.NewRequest("POST", uri+"/ping", nil)
-				req.Header.Add("X-Kerberos-Storage-AccessKey", accessKey)
-				req.Header.Add("X-Kerberos-Storage-SecretAccessKey", secretAccessKey)
-				resp, err := client.Do(req)
-
 				if err == nil {
-					body, err := ioutil.ReadAll(resp.Body)
-					defer resp.Body.Close()
-					if err == nil && resp.StatusCode == http.StatusOK {
+					req.Header.Add("X-Kerberos-Storage-AccessKey", accessKey)
+					req.Header.Add("X-Kerberos-Storage-SecretAccessKey", secretAccessKey)
+					resp, err := client.Do(req)

-						if provider != "" || directory != "" {
+					if err == nil {
+						body, err := io.ReadAll(resp.Body)
+						defer resp.Body.Close()
+						if err == nil && resp.StatusCode == http.StatusOK {

-							// Generate a random name.
-							timestamp := time.Now().Unix()
-							fileName := strconv.FormatInt(timestamp, 10) +
-								"_6-967003_" + config.Name + "_200-200-400-400_24_769.mp4"
+							if provider != "" || directory != "" {

-							// Open test-480p.mp4
-							file, err := os.Open(configDirectory + "/data/test-480p.mp4")
-							if err != nil {
-								msg := "VerifyPersistence: error reading test-480p.mp4: " + err.Error()
+								// Generate a random name.
+								timestamp := time.Now().Unix()
+								fileName := strconv.FormatInt(timestamp, 10) +
+									"_6-967003_" + config.Name + "_200-200-400-400_24_769.mp4"
+
+								// Open test-480p.mp4
+								file, err := os.Open(configDirectory + "/data/test-480p.mp4")
+								if err != nil {
+									msg := "cloud.VerifyPersistence(kerberosvault): error reading test-480p.mp4: " + err.Error()
+									log.Log.Error(msg)
+									c.JSON(400, models.APIResponse{
+										Data: msg,
+									})
+								}
+								defer file.Close()
+
+								req, err := http.NewRequest("POST", uri+"/storage", file)
+								if err == nil {
+
+									req.Header.Set("Content-Type", "video/mp4")
+									req.Header.Set("X-Kerberos-Storage-CloudKey", config.HubKey)
+									req.Header.Set("X-Kerberos-Storage-AccessKey", accessKey)
+									req.Header.Set("X-Kerberos-Storage-SecretAccessKey", secretAccessKey)
+									req.Header.Set("X-Kerberos-Storage-Provider", provider)
+									req.Header.Set("X-Kerberos-Storage-FileName", fileName)
+									req.Header.Set("X-Kerberos-Storage-Device", config.Key)
+									req.Header.Set("X-Kerberos-Storage-Capture", "IPCamera")
+									req.Header.Set("X-Kerberos-Storage-Directory", directory)
+
+									var client *http.Client
+									if os.Getenv("AGENT_TLS_INSECURE") == "true" {
+										tr := &http.Transport{
+											TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+										}
+										client = &http.Client{Transport: tr}
+									} else {
+										client = &http.Client{}
+									}
+
+									resp, err := client.Do(req)
+
+									if err == nil {
+										if resp != nil {
+											body, err := io.ReadAll(resp.Body)
+											defer resp.Body.Close()
+											if err == nil {
+												if resp.StatusCode == 200 {
+													msg := "cloud.VerifyPersistence(kerberosvault): Upload allowed using the credentials provided (" + accessKey + ", " + secretAccessKey + ")"
+													log.Log.Info(msg)
+													c.JSON(200, models.APIResponse{
+														Data: body,
+													})
+												} else {
+													msg := "cloud.VerifyPersistence(kerberosvault): Something went wrong while verifying your persistence settings. Make sure your provider is the same as the storage provider in your Kerberos Vault, and the relevant storage provider is configured properly."
+													log.Log.Error(msg)
+													c.JSON(400, models.APIResponse{
+														Data: msg,
+													})
+												}
+											}
+										}
+									} else {
+										msg := "cloud.VerifyPersistence(kerberosvault): Upload of fake recording failed: " + err.Error()
+										log.Log.Error(msg)
+										c.JSON(400, models.APIResponse{
+											Data: msg,
+										})
+									}
+								} else {
+									msg := "cloud.VerifyPersistence(kerberosvault): Something went wrong while creating /storage POST request." + err.Error()
+									log.Log.Error(msg)
+									c.JSON(400, models.APIResponse{
+										Data: msg,
+									})
+								}
+							} else {
+								msg := "cloud.VerifyPersistence(kerberosvault): Provider and/or directory is missing from the request."
 								log.Log.Error(msg)
 								c.JSON(400, models.APIResponse{
 									Data: msg,
 								})
 							}
-							defer file.Close()
-
-							req, err := http.NewRequest("POST", uri+"/storage", file)
-							if err == nil {
-
-								req.Header.Set("Content-Type", "video/mp4")
-								req.Header.Set("X-Kerberos-Storage-CloudKey", config.HubKey)
-								req.Header.Set("X-Kerberos-Storage-AccessKey", accessKey)
-								req.Header.Set("X-Kerberos-Storage-SecretAccessKey", secretAccessKey)
-								req.Header.Set("X-Kerberos-Storage-Provider", provider)
-								req.Header.Set("X-Kerberos-Storage-FileName", fileName)
-								req.Header.Set("X-Kerberos-Storage-Device", config.Key)
-								req.Header.Set("X-Kerberos-Storage-Capture", "IPCamera")
-								req.Header.Set("X-Kerberos-Storage-Directory", directory)
-
-								var client *http.Client
-								if os.Getenv("AGENT_TLS_INSECURE") == "true" {
-									tr := &http.Transport{
-										TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
-									}
-									client = &http.Client{Transport: tr}
-								} else {
-									client = &http.Client{}
-								}
-
-								resp, err := client.Do(req)
-
-								if err == nil {
-									if resp != nil {
-										body, err := ioutil.ReadAll(resp.Body)
-										defer resp.Body.Close()
-										if err == nil {
-											if resp.StatusCode == 200 {
-												c.JSON(200, body)
-											} else {
-												c.JSON(400, models.APIResponse{
-													Data: "VerifyPersistence: Something went wrong while verifying your persistence settings. Make sure your provider is the same as the storage provider in your Kerberos Vault, and the relevant storage provider is configured properly.",
-												})
-											}
-										}
-									}
-								} else {
-									c.JSON(400, models.APIResponse{
-										Data: "VerifyPersistence: Upload of fake recording failed: " + err.Error(),
-									})
-								}
-							} else {
-								c.JSON(400, models.APIResponse{
-									Data: "VerifyPersistence: Something went wrong while creating /storage POST request." + err.Error(),
-								})
-							}
 						} else {
+							msg := "cloud.VerifyPersistence(kerberosvault): Something went wrong while verifying storage credentials: " + string(body)
+							log.Log.Error(msg)
 							c.JSON(400, models.APIResponse{
-								Data: "VerifyPersistence: Provider and/or directory is missing from the request.",
+								Data: msg,
 							})
 						}
 					} else {
+						msg := "cloud.VerifyPersistence(kerberosvault): Something went wrong while verifying storage credentials:" + err.Error()
+						log.Log.Error(msg)
 						c.JSON(400, models.APIResponse{
-							Data: "VerifyPersistence: Something went wrong while verifying storage credentials: " + string(body),
+							Data: msg,
 						})
 					}
 				} else {
+					msg := "cloud.VerifyPersistence(kerberosvault): Something went wrong while verifying storage credentials:" + err.Error()
+					log.Log.Error(msg)
 					c.JSON(400, models.APIResponse{
-						Data: "VerifyPersistence: Something went wrong while verifying storage credentials:" + err.Error(),
+						Data: msg,
 					})
 				}
 			} else {
+				msg := "cloud.VerifyPersistence(kerberosvault): please fill-in the required Kerberos Vault credentials."
+				log.Log.Error(msg)
 				c.JSON(400, models.APIResponse{
-					Data: "VerifyPersistence: please fill-in the required Kerberos Vault credentials.",
+					Data: msg,
 				})
 			}
 		}
 	} else {
+		msg := "cloud.VerifyPersistence(): No persistence was specified, so do not know what to verify:" + err.Error()
+		log.Log.Error(msg)
 		c.JSON(400, models.APIResponse{
-			Data: "VerifyPersistence: No persistence was specified, so do not know what to verify:" + err.Error(),
+			Data: msg,
 		})
 	}
 }
--- a/machinery/src/cloud/kerberos_hub.go
+++ b/machinery/src/cloud/kerberos_hub.go
--- a/machinery/src/cloud/kerberos_vault.go
+++ b/machinery/src/cloud/kerberos_vault.go
--- a/machinery/src/components/Audio.go
+++ b/machinery/src/components/Audio.go
@@ -1,80 +0,0 @@
-package components
-
-import (
-	"bufio"
-	"fmt"
-	"os"
-	"time"
-
-	"github.com/kerberos-io/agent/machinery/src/log"
-	"github.com/kerberos-io/agent/machinery/src/models"
-	"github.com/kerberos-io/joy4/av"
-	"github.com/zaf/g711"
-)
-
-func GetBackChannelAudioCodec(streams []av.CodecData, communication *models.Communication) av.AudioCodecData {
-	for _, stream := range streams {
-		if stream.Type().IsAudio() {
-			if stream.Type().String() == "PCM_MULAW" {
-				pcmuCodec := stream.(av.AudioCodecData)
-				if pcmuCodec.IsBackChannel() {
-					communication.HasBackChannel = true
-					return pcmuCodec
-				}
-			}
-		}
-	}
-	return nil
-}
-
-func WriteAudioToBackchannel(infile av.DemuxCloser, streams []av.CodecData, communication *models.Communication) {
-	log.Log.Info("WriteAudioToBackchannel: looking for backchannel audio codec")
-
-	pcmuCodec := GetBackChannelAudioCodec(streams, communication)
-	if pcmuCodec != nil {
-		log.Log.Info("WriteAudioToBackchannel: found backchannel audio codec")
-
-		length := 0
-		channel := pcmuCodec.GetIndex() * 2 // This is the same calculation as Interleaved property in the SDP file.
-		for audio := range communication.HandleAudio {
-			// Encode PCM to MULAW
-			var bufferUlaw []byte
-			for _, v := range audio.Data {
-				b := g711.EncodeUlawFrame(v)
-				bufferUlaw = append(bufferUlaw, b)
-			}
-			infile.Write(bufferUlaw, channel, uint32(length))
-			length = (length + len(bufferUlaw)) % 65536
-			time.Sleep(128 * time.Millisecond)
-		}
-	}
-	log.Log.Info("WriteAudioToBackchannel: finished")
-
-}
-
-func WriteFileToBackChannel(infile av.DemuxCloser) {
-	// Do the warmup!
-	file, err := os.Open("./audiofile.bye")
-	if err != nil {
-		fmt.Println("WriteFileToBackChannel: error opening audiofile.bye file")
-	}
-	defer file.Close()
-
-	// Read file into buffer
-	reader := bufio.NewReader(file)
-	buffer := make([]byte, 1024)
-
-	count := 0
-	for {
-		_, err := reader.Read(buffer)
-		if err != nil {
-			break
-		}
-		// Send to backchannel
-		fmt.Println(buffer)
-		infile.Write(buffer, 2, uint32(count))
-
-		count = count + 1024
-		time.Sleep(128 * time.Millisecond)
-	}
-}
--- a/machinery/src/components/Kerberos.go
+++ b/machinery/src/components/Kerberos.go
@@ -2,16 +2,13 @@ package components

 import (
 	"context"
-	"runtime"
+	"os"
 	"strconv"
-	"sync"
 	"sync/atomic"
 	"time"

 	mqtt "github.com/eclipse/paho.mqtt.golang"
-	"github.com/kerberos-io/joy4/cgo/ffmpeg"
-
-	//"github.com/youpy/go-wav"
+	"github.com/gin-gonic/gin"

 	"github.com/kerberos-io/agent/machinery/src/capture"
 	"github.com/kerberos-io/agent/machinery/src/cloud"
@@ -20,14 +17,14 @@ import (
 	"github.com/kerberos-io/agent/machinery/src/log"
 	"github.com/kerberos-io/agent/machinery/src/models"
 	"github.com/kerberos-io/agent/machinery/src/onvif"
+	"github.com/kerberos-io/agent/machinery/src/packets"
 	routers "github.com/kerberos-io/agent/machinery/src/routers/mqtt"
-	"github.com/kerberos-io/joy4/av"
-	"github.com/kerberos-io/joy4/av/pubsub"
+	"github.com/kerberos-io/agent/machinery/src/utils"
 	"github.com/tevino/abool"
 )

-func Bootstrap(configDirectory string, configuration *models.Configuration, communication *models.Communication) {
-	log.Log.Debug("Bootstrap: started")
+func Bootstrap(configDirectory string, configuration *models.Configuration, communication *models.Communication, captureDevice *capture.Capture) {
+	log.Log.Debug("components.Kerberos.Bootstrap(): bootstrapping the kerberos agent.")

 	// We will keep track of the Kerberos Agent up time
 	// This is send to Kerberos Hub in a heartbeat.
@@ -39,12 +36,20 @@ func Bootstrap(configDirectory string, configuration *models.Configuration, comm
 	packageCounter.Store(int64(0))
 	communication.PackageCounter = &packageCounter

+	var packageCounterSub atomic.Value
+	packageCounterSub.Store(int64(0))
+	communication.PackageCounterSub = &packageCounterSub
+
 	// This is used when the last packet was received (timestamp),
 	// this metric is used to determine if the camera is still online/connected.
 	var lastPacketTimer atomic.Value
 	packageCounter.Store(int64(0))
 	communication.LastPacketTimer = &lastPacketTimer

+	var lastPacketTimerSub atomic.Value
+	packageCounterSub.Store(int64(0))
+	communication.LastPacketTimerSub = &lastPacketTimerSub
+
 	// This is used to understand if we have a working Kerberos Hub connection
 	// cloudTimestamp will be updated when successfully sending heartbeats.
 	var cloudTimestamp atomic.Value
@@ -58,18 +63,14 @@ func Bootstrap(configDirectory string, configuration *models.Configuration, comm
 	communication.HandleLiveSD = make(chan int64, 1)
 	communication.HandleLiveHDKeepalive = make(chan string, 1)
 	communication.HandleLiveHDPeers = make(chan string, 1)
-	communication.HandleONVIF = make(chan models.OnvifAction, 1)
 	communication.IsConfiguring = abool.New()

+	cameraSettings := &models.Camera{}
+
 	// Before starting the agent, we have a control goroutine, that might
 	// do several checks to see if the agent is still operational.
 	go ControlAgent(communication)

-	// Create some global variables
-	decoder := &ffmpeg.VideoDecoder{}
-	subDecoder := &ffmpeg.VideoDecoder{}
-	cameraSettings := &models.Camera{}
-
 	// Handle heartbeats
 	go cloud.HandleHeartBeat(configuration, communication, uptimeStart)

@@ -82,10 +83,12 @@ func Bootstrap(configDirectory string, configuration *models.Configuration, comm
 	for {

 		// This will blocking until receiving a signal to be restarted, reconfigured, stopped, etc.
-		status := RunAgent(configDirectory, configuration, communication, mqttClient, uptimeStart, cameraSettings, decoder, subDecoder)
+		status := RunAgent(configDirectory, configuration, communication, mqttClient, uptimeStart, cameraSettings, captureDevice)

 		if status == "stop" {
-			break
+			log.Log.Info("components.Kerberos.Bootstrap(): shutting down the agent in 3 seconds.")
+			time.Sleep(time.Second * 3)
+			os.Exit(0)
 		}

 		if status == "not started" {
@@ -107,267 +110,308 @@ func Bootstrap(configDirectory string, configuration *models.Configuration, comm
 		communication.Context = &ctx
 		communication.CancelContext = &cancel
 	}
-	log.Log.Debug("Bootstrap: finished")
 }

-func RunAgent(configDirectory string, configuration *models.Configuration, communication *models.Communication, mqttClient mqtt.Client, uptimeStart time.Time, cameraSettings *models.Camera, decoder *ffmpeg.VideoDecoder, subDecoder *ffmpeg.VideoDecoder) string {
+func RunAgent(configDirectory string, configuration *models.Configuration, communication *models.Communication, mqttClient mqtt.Client, uptimeStart time.Time, cameraSettings *models.Camera, captureDevice *capture.Capture) string {

-	log.Log.Debug("RunAgent: bootstrapping agent")
+	log.Log.Info("components.Kerberos.RunAgent(): Creating camera and processing threads.")
 	config := configuration.Config

 	status := "not started"

 	// Currently only support H264 encoded cameras, this will change.
-	// Establishing the camera connection
+	// Establishing the camera connection without backchannel if no substream
 	rtspUrl := config.Capture.IPCamera.RTSP
-	infile, streams, err := capture.OpenRTSP(context.Background(), rtspUrl)
-
-	// We will initialise the camera settings object
-	// so we can check if the camera settings have changed, and we need
-	// to reload the decoders.
-
-	videoStream, _ := capture.GetVideoStream(streams)
-	if videoStream == nil {
-		log.Log.Error("RunAgent: no video stream found, might be the wrong codec (we only support H264 for the moment)")
+	rtspClient := captureDevice.SetMainClient(rtspUrl)
+	if rtspUrl != "" {
+		err := rtspClient.Connect(context.Background())
+		if err != nil {
+			log.Log.Error("components.Kerberos.RunAgent(): error connecting to RTSP stream: " + err.Error())
+			rtspClient.Close()
+			rtspClient = nil
+			time.Sleep(time.Second * 3)
+			return status
+		}
+	} else {
+		log.Log.Error("components.Kerberos.RunAgent(): no rtsp url found in config, please provide one.")
+		rtspClient = nil
 		time.Sleep(time.Second * 3)
 		return status
 	}

-	num, denum := videoStream.(av.VideoCodecData).Framerate()
-	width := videoStream.(av.VideoCodecData).Width()
-	height := videoStream.(av.VideoCodecData).Height()
+	log.Log.Info("components.Kerberos.RunAgent(): opened RTSP stream: " + rtspUrl)
+
+	// Get the video streams from the RTSP server.
+	videoStreams, err := rtspClient.GetVideoStreams()
+	if err != nil || len(videoStreams) == 0 {
+		log.Log.Error("components.Kerberos.RunAgent(): no video stream found, might be the wrong codec (we only support H264 for the moment)")
+		rtspClient.Close()
+		time.Sleep(time.Second * 3)
+		return status
+	}
+
+	// Get the video stream from the RTSP server.
+	videoStream := videoStreams[0]
+
+	// Get some information from the video stream.
+	width := videoStream.Width
+	height := videoStream.Height

 	// Set config values as well
 	configuration.Config.Capture.IPCamera.Width = width
 	configuration.Config.Capture.IPCamera.Height = height

-	var queue *pubsub.Queue
-	var subQueue *pubsub.Queue
+	var queue *packets.Queue
+	var subQueue *packets.Queue

-	var decoderMutex sync.Mutex
-	var subDecoderMutex sync.Mutex
-
-	if err == nil {
-
-		log.Log.Info("RunAgent: opened RTSP stream: " + rtspUrl)
-
-		// We might have a secondary rtsp url, so we might need to use that.
-		var subInfile av.DemuxCloser
-		var subStreams []av.CodecData
-		subStreamEnabled := false
-		subRtspUrl := config.Capture.IPCamera.SubRTSP
-		if subRtspUrl != "" && subRtspUrl != rtspUrl {
-			subInfile, subStreams, err = capture.OpenRTSP(context.Background(), subRtspUrl)
-			if err == nil {
-				log.Log.Info("RunAgent: opened RTSP sub stream " + subRtspUrl)
-				subStreamEnabled = true
-			}
-
-			videoStream, _ := capture.GetVideoStream(subStreams)
-			if videoStream == nil {
-				log.Log.Error("RunAgent: no video substream found, might be the wrong codec (we only support H264 for the moment)")
-				time.Sleep(time.Second * 3)
-				return status
-			}
-
-			width := videoStream.(av.VideoCodecData).Width()
-			height := videoStream.(av.VideoCodecData).Height()
-
-			// Set config values as well
-			configuration.Config.Capture.IPCamera.Width = width
-			configuration.Config.Capture.IPCamera.Height = height
-		}
-
-		if cameraSettings.RTSP != rtspUrl || cameraSettings.SubRTSP != subRtspUrl || cameraSettings.Width != width || cameraSettings.Height != height || cameraSettings.Num != num || cameraSettings.Denum != denum || cameraSettings.Codec != videoStream.(av.VideoCodecData).Type() {
-
-			if cameraSettings.RTSP != "" && cameraSettings.SubRTSP != "" && cameraSettings.Initialized {
-				decoder.Close()
-				if subStreamEnabled {
-					subDecoder.Close()
-				}
-			}
-
-			// At some routines we will need to decode the image.
-			// Make sure its properly locked as we only have a single decoder.
-			log.Log.Info("RunAgent: camera settings changed, reloading decoder")
-			capture.GetVideoDecoder(decoder, streams)
-			if subStreamEnabled {
-				capture.GetVideoDecoder(subDecoder, subStreams)
-			}
-
-			cameraSettings.RTSP = rtspUrl
-			cameraSettings.SubRTSP = subRtspUrl
-			cameraSettings.Width = width
-			cameraSettings.Height = height
-			cameraSettings.Framerate = float64(num) / float64(denum)
-			cameraSettings.Num = num
-			cameraSettings.Denum = denum
-			cameraSettings.Codec = videoStream.(av.VideoCodecData).Type()
-			cameraSettings.Initialized = true
-
-		} else {
-			log.Log.Info("RunAgent: camera settings did not change, keeping decoder")
-		}
-
-		communication.Decoder = decoder
-		communication.SubDecoder = subDecoder
-		communication.DecoderMutex = &decoderMutex
-		communication.SubDecoderMutex = &subDecoderMutex
-
-		// Create a packet queue, which is filled by the HandleStream routing
-		// and consumed by all other routines: motion, livestream, etc.
-		if config.Capture.PreRecording <= 0 {
-			config.Capture.PreRecording = 1
-			log.Log.Warning("RunAgent: Prerecording value not found in config or invalid value! Found: " + strconv.FormatInt(config.Capture.PreRecording, 10))
-		}
-
-		// We are creating a queue to store the RTSP frames in, these frames will be
-		// processed by the different consumers: motion detection, recording, etc.
-		queue = pubsub.NewQueue()
-		communication.Queue = queue
-		queue.SetMaxGopCount(int(config.Capture.PreRecording) + 1) // GOP time frame is set to prerecording (we'll add 2 gops to leave some room).
-		log.Log.Info("RunAgent: SetMaxGopCount was set with: " + strconv.Itoa(int(config.Capture.PreRecording)+1))
-		queue.WriteHeader(streams)
-
-		// We might have a substream, if so we'll create a seperate queue.
-		if subStreamEnabled {
-			log.Log.Info("RunAgent: Creating sub stream queue with SetMaxGopCount set to " + strconv.Itoa(int(1)))
-			subQueue = pubsub.NewQueue()
-			communication.SubQueue = subQueue
-			subQueue.SetMaxGopCount(1)
-			subQueue.WriteHeader(subStreams)
-		}
-
-		// Handle the camera stream
-		go capture.HandleStream(infile, queue, communication)
-
-		// Handle the substream if enabled
-		if subStreamEnabled {
-			go capture.HandleSubStream(subInfile, subQueue, communication)
-		}
-
-		// Handle processing of audio
-		communication.HandleAudio = make(chan models.AudioDataPartial)
-
-		// Handle processing of motion
-		communication.HandleMotion = make(chan models.MotionDataPartial, 1)
-		if subStreamEnabled {
-			motionCursor := subQueue.Latest()
-			go computervision.ProcessMotion(motionCursor, configuration, communication, mqttClient, subDecoder, &subDecoderMutex)
-		} else {
-			motionCursor := queue.Latest()
-			go computervision.ProcessMotion(motionCursor, configuration, communication, mqttClient, decoder, &decoderMutex)
-		}
-
-		// Handle livestream SD (low resolution over MQTT)
-		if subStreamEnabled {
-			livestreamCursor := subQueue.Latest()
-			go cloud.HandleLiveStreamSD(livestreamCursor, configuration, communication, mqttClient, subDecoder, &subDecoderMutex)
-		} else {
-			livestreamCursor := queue.Latest()
-			go cloud.HandleLiveStreamSD(livestreamCursor, configuration, communication, mqttClient, decoder, &decoderMutex)
-		}
-
-		// Handle livestream HD (high resolution over WEBRTC)
-		communication.HandleLiveHDHandshake = make(chan models.RequestHDStreamPayload, 1)
-		if subStreamEnabled {
-			livestreamHDCursor := subQueue.Latest()
-			go cloud.HandleLiveStreamHD(livestreamHDCursor, configuration, communication, mqttClient, subStreams, subDecoder, &decoderMutex)
-		} else {
-			livestreamHDCursor := queue.Latest()
-			go cloud.HandleLiveStreamHD(livestreamHDCursor, configuration, communication, mqttClient, streams, decoder, &decoderMutex)
-		}
-
-		// Handle recording, will write an mp4 to disk.
-		go capture.HandleRecordStream(queue, configDirectory, configuration, communication, streams)
-
-		// Handle Upload to cloud provider (Kerberos Hub, Kerberos Vault and others)
-		go cloud.HandleUpload(configDirectory, configuration, communication)
-
-		// Handle ONVIF actions
-		go onvif.HandleONVIFActions(configuration, communication)
-
-		// If we reach this point, we have a working RTSP connection.
-		communication.CameraConnected = true
-
-		// We might have a camera with audio backchannel enabled.
-		// Check if we have a stream with a backchannel and is PCMU encoded.
-		go WriteAudioToBackchannel(infile, streams, communication)
-
-		// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-		// This will go into a blocking state, once this channel is triggered
-		// the agent will cleanup and restart.
-
-		status = <-communication.HandleBootstrap
-
-		// If we reach this point, we are stopping the stream.
-		communication.CameraConnected = false
-
-		// Cancel the main context, this will stop all the other goroutines.
-		(*communication.CancelContext)()
-
-		// We will re open the configuration, might have changed :O!
-		configService.OpenConfig(configDirectory, configuration)
-
-		// We will override the configuration with the environment variables
-		configService.OverrideWithEnvironmentVariables(configuration)
-
-		// Here we are cleaning up everything!
-		if configuration.Config.Offline != "true" {
-			communication.HandleUpload <- "stop"
-		}
-		communication.HandleStream <- "stop"
-		if subStreamEnabled {
-			communication.HandleSubStream <- "stop"
-		}
-
-		time.Sleep(time.Second * 3)
-
-		infile.Close()
-		infile = nil
-		queue.Close()
-		queue = nil
-		communication.Queue = nil
-		if subStreamEnabled {
-			subInfile.Close()
-			subInfile = nil
-			subQueue.Close()
-			subQueue = nil
-			communication.SubQueue = nil
-		}
-		close(communication.HandleMotion)
-		communication.HandleMotion = nil
-		close(communication.HandleAudio)
-		communication.HandleAudio = nil
-
-		// Waiting for some seconds to make sure everything is properly closed.
-		log.Log.Info("RunAgent: waiting 3 seconds to make sure everything is properly closed.")
-		time.Sleep(time.Second * 3)
-
-	} else {
-		log.Log.Error("Something went wrong while opening RTSP: " + err.Error())
-		time.Sleep(time.Second * 3)
+	// Create a packet queue, which is filled by the HandleStream routing
+	// and consumed by all other routines: motion, livestream, etc.
+	if config.Capture.PreRecording <= 0 {
+		config.Capture.PreRecording = 1
+		log.Log.Warning("components.Kerberos.RunAgent(): Prerecording value not found in config or invalid value! Found: " + strconv.FormatInt(config.Capture.PreRecording, 10))
 	}

-	log.Log.Debug("RunAgent: finished")
+	// We might have a secondary rtsp url, so we might need to use that for livestreaming let us check first!
+	subStreamEnabled := false
+	subRtspUrl := config.Capture.IPCamera.SubRTSP
+	var videoSubStreams []packets.Stream

-	// Clean up, force garbage collection
-	runtime.GC()
+	if subRtspUrl != "" && subRtspUrl != rtspUrl {
+		// For the sub stream we will not enable backchannel.
+		subStreamEnabled = true
+		rtspSubClient := captureDevice.SetSubClient(subRtspUrl)
+		captureDevice.RTSPSubClient = rtspSubClient
+
+		err := rtspSubClient.Connect(context.Background())
+		if err != nil {
+			log.Log.Error("components.Kerberos.RunAgent(): error connecting to RTSP sub stream: " + err.Error())
+			time.Sleep(time.Second * 3)
+			return status
+		}
+		log.Log.Info("components.Kerberos.RunAgent(): opened RTSP sub stream: " + subRtspUrl)
+
+		// Get the video streams from the RTSP server.
+		videoSubStreams, err = rtspSubClient.GetVideoStreams()
+		if err != nil || len(videoSubStreams) == 0 {
+			log.Log.Error("components.Kerberos.RunAgent(): no video sub stream found, might be the wrong codec (we only support H264 for the moment)")
+			rtspSubClient.Close()
+			time.Sleep(time.Second * 3)
+			return status
+		}
+
+		// Get the video stream from the RTSP server.
+		videoSubStream := videoSubStreams[0]
+
+		width := videoSubStream.Width
+		height := videoSubStream.Height
+
+		// Set config values as well
+		configuration.Config.Capture.IPCamera.SubWidth = width
+		configuration.Config.Capture.IPCamera.SubHeight = height
+	}
+
+	// We are creating a queue to store the RTSP frames in, these frames will be
+	// processed by the different consumers: motion detection, recording, etc.
+	queue = packets.NewQueue()
+	communication.Queue = queue
+
+	// Set the maximum GOP count, this is used to determine the pre-recording time.
+	log.Log.Info("components.Kerberos.RunAgent(): SetMaxGopCount was set with: " + strconv.Itoa(int(config.Capture.PreRecording)+1))
+	queue.SetMaxGopCount(int(config.Capture.PreRecording) + 1) // GOP time frame is set to prerecording (we'll add 2 gops to leave some room).
+	queue.WriteHeader(videoStreams)
+	go rtspClient.Start(context.Background(), "main", queue, configuration, communication)
+
+	// Main stream is connected and ready to go.
+	communication.MainStreamConnected = true
+
+	// Try to create backchannel
+	rtspBackChannelClient := captureDevice.SetBackChannelClient(rtspUrl)
+	err = rtspBackChannelClient.ConnectBackChannel(context.Background())
+	if err == nil {
+		log.Log.Info("components.Kerberos.RunAgent(): opened RTSP backchannel stream: " + rtspUrl)
+		go rtspBackChannelClient.StartBackChannel(context.Background())
+	}
+
+	rtspSubClient := captureDevice.RTSPSubClient
+	if subStreamEnabled && rtspSubClient != nil {
+		subQueue = packets.NewQueue()
+		communication.SubQueue = subQueue
+		subQueue.SetMaxGopCount(3) // GOP time frame is set to prerecording (we'll add 2 gops to leave some room).
+		subQueue.WriteHeader(videoSubStreams)
+		go rtspSubClient.Start(context.Background(), "sub", subQueue, configuration, communication)
+
+		// Sub stream is connected and ready to go.
+		communication.SubStreamConnected = true
+	}
+
+	// Handle livestream SD (low resolution over MQTT)
+	if subStreamEnabled {
+		livestreamCursor := subQueue.Latest()
+		go cloud.HandleLiveStreamSD(livestreamCursor, configuration, communication, mqttClient, rtspSubClient)
+	} else {
+		livestreamCursor := queue.Latest()
+		go cloud.HandleLiveStreamSD(livestreamCursor, configuration, communication, mqttClient, rtspClient)
+	}
+
+	// Handle livestream HD (high resolution over WEBRTC)
+	communication.HandleLiveHDHandshake = make(chan models.RequestHDStreamPayload, 1)
+	if subStreamEnabled {
+		livestreamHDCursor := subQueue.Latest()
+		go cloud.HandleLiveStreamHD(livestreamHDCursor, configuration, communication, mqttClient, rtspSubClient)
+	} else {
+		livestreamHDCursor := queue.Latest()
+		go cloud.HandleLiveStreamHD(livestreamHDCursor, configuration, communication, mqttClient, rtspClient)
+	}
+
+	// Handle recording, will write an mp4 to disk.
+	go capture.HandleRecordStream(queue, configDirectory, configuration, communication, rtspClient)
+
+	// Handle processing of motion
+	communication.HandleMotion = make(chan models.MotionDataPartial, 1)
+	if subStreamEnabled {
+		motionCursor := subQueue.Latest()
+		go computervision.ProcessMotion(motionCursor, configuration, communication, mqttClient, rtspSubClient)
+	} else {
+		motionCursor := queue.Latest()
+		go computervision.ProcessMotion(motionCursor, configuration, communication, mqttClient, rtspClient)
+	}
+
+	// Handle realtime processing if enabled.
+	if subStreamEnabled {
+		realtimeProcessingCursor := subQueue.Latest()
+		go cloud.HandleRealtimeProcessing(realtimeProcessingCursor, configuration, communication, mqttClient, rtspClient)
+	} else {
+		realtimeProcessingCursor := queue.Latest()
+		go cloud.HandleRealtimeProcessing(realtimeProcessingCursor, configuration, communication, mqttClient, rtspClient)
+	}
+
+	// Handle Upload to cloud provider (Kerberos Hub, Kerberos Vault and others)
+	go cloud.HandleUpload(configDirectory, configuration, communication)
+
+	// Handle ONVIF actions
+	communication.HandleONVIF = make(chan models.OnvifAction, 1)
+	go onvif.HandleONVIFActions(configuration, communication)
+
+	communication.HandleAudio = make(chan models.AudioDataPartial, 1)
+	if rtspBackChannelClient.HasBackChannel {
+		communication.HasBackChannel = true
+		go WriteAudioToBackchannel(communication, rtspBackChannelClient)
+	}
+
+	// If we reach this point, we have a working RTSP connection.
+	communication.CameraConnected = true
+
+	// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+	// This will go into a blocking state, once this channel is triggered
+	// the agent will cleanup and restart.
+
+	status = <-communication.HandleBootstrap
+
+	// If we reach this point, we are stopping the stream.
+	communication.CameraConnected = false
+	communication.MainStreamConnected = false
+	communication.SubStreamConnected = false
+
+	// Cancel the main context, this will stop all the other goroutines.
+	(*communication.CancelContext)()
+
+	// We will re open the configuration, might have changed :O!
+	configService.OpenConfig(configDirectory, configuration)
+
+	// We will override the configuration with the environment variables
+	configService.OverrideWithEnvironmentVariables(configuration)
+
+	// Here we are cleaning up everything!
+	if configuration.Config.Offline != "true" {
+		select {
+		case communication.HandleUpload <- "stop":
+			log.Log.Info("components.Kerberos.RunAgent(): stopping upload")
+		case <-time.After(1 * time.Second):
+			log.Log.Info("components.Kerberos.RunAgent(): stopping upload timed out")
+		}
+	}
+
+	select {
+	case communication.HandleStream <- "stop":
+		log.Log.Info("components.Kerberos.RunAgent(): stopping stream")
+	case <-time.After(1 * time.Second):
+		log.Log.Info("components.Kerberos.RunAgent(): stopping stream timed out")
+	}
+	// We use the steam channel to stop both main and sub stream.
+	//if subStreamEnabled {
+	//	communication.HandleSubStream <- "stop"
+	//}
+
+	time.Sleep(time.Second * 3)
+
+	err = rtspClient.Close()
+	if err != nil {
+		log.Log.Error("components.Kerberos.RunAgent(): error closing RTSP stream: " + err.Error())
+		time.Sleep(time.Second * 3)
+		return status
+	}
+
+	queue.Close()
+	queue = nil
+	communication.Queue = nil
+
+	if subStreamEnabled {
+		err = rtspSubClient.Close()
+		if err != nil {
+			log.Log.Error("components.Kerberos.RunAgent(): error closing RTSP sub stream: " + err.Error())
+			time.Sleep(time.Second * 3)
+			return status
+		}
+		subQueue.Close()
+		subQueue = nil
+		communication.SubQueue = nil
+	}
+
+	err = rtspBackChannelClient.Close()
+	if err != nil {
+		log.Log.Error("components.Kerberos.RunAgent(): error closing RTSP backchannel stream: " + err.Error())
+	}
+
+	time.Sleep(time.Second * 3)
+
+	close(communication.HandleLiveHDHandshake)
+	communication.HandleLiveHDHandshake = nil
+
+	close(communication.HandleMotion)
+	communication.HandleMotion = nil
+
+	close(communication.HandleAudio)
+	communication.HandleAudio = nil
+
+	close(communication.HandleONVIF)
+	communication.HandleONVIF = nil
+
+	// Waiting for some seconds to make sure everything is properly closed.
+	log.Log.Info("components.Kerberos.RunAgent(): waiting 3 seconds to make sure everything is properly closed.")
+	time.Sleep(time.Second * 3)

 	return status
 }

+// ControlAgent will check if the camera is still connected, if not it will restart the agent.
+// In the other thread we are keeping track of the number of packets received, and particular the keyframe packets.
+// Once we are not receiving any packets anymore, we will restart the agent.
 func ControlAgent(communication *models.Communication) {
-	log.Log.Debug("ControlAgent: started")
+	log.Log.Debug("components.Kerberos.ControlAgent(): started")
 	packageCounter := communication.PackageCounter
+	packageSubCounter := communication.PackageCounterSub
 	go func() {
 		// A channel to check the camera activity
 		var previousPacket int64 = 0
+		var previousPacketSub int64 = 0
 		var occurence = 0
+		var occurenceSub = 0
 		for {

 			// If camera is connected, we'll check if we are still receiving packets.
 			if communication.CameraConnected {
+
+				// First we'll check the main stream.
 				packetsR := packageCounter.Load().(int64)
 				if packetsR == previousPacket {
 					// If we are already reconfiguring,
@@ -379,20 +423,313 @@ func ControlAgent(communication *models.Communication) {
 					occurence = 0
 				}

-				log.Log.Info("ControlAgent: Number of packets read " + strconv.FormatInt(packetsR, 10))
+				log.Log.Info("components.Kerberos.ControlAgent(): Number of packets read from mainstream: " + strconv.FormatInt(packetsR, 10))

 				// After 15 seconds without activity this is thrown..
 				if occurence == 3 {
-					log.Log.Info("Main: Restarting machinery.")
-					communication.HandleBootstrap <- "restart"
-					time.Sleep(2 * time.Second)
+					log.Log.Info("components.Kerberos.ControlAgent(): Restarting machinery because of blocking mainstream.")
+					select {
+					case communication.HandleBootstrap <- "restart":
+						log.Log.Info("components.Kerberos.ControlAgent(): Restarting machinery because of blocking substream.")
+					case <-time.After(1 * time.Second):
+						log.Log.Info("components.Kerberos.ControlAgent(): Restarting machinery because of blocking substream timed out")
+					}
 					occurence = 0
 				}
+
+				// Now we'll check the sub stream.
+				packetsSubR := packageSubCounter.Load().(int64)
+				if communication.SubStreamConnected {
+					if packetsSubR == previousPacketSub {
+						// If we are already reconfiguring,
+						// we dont need to check if the stream is blocking.
+						if !communication.IsConfiguring.IsSet() {
+							occurenceSub = occurenceSub + 1
+						}
+					} else {
+						occurenceSub = 0
+					}
+
+					log.Log.Info("components.Kerberos.ControlAgent(): Number of packets read from substream: " + strconv.FormatInt(packetsSubR, 10))
+
+					// After 15 seconds without activity this is thrown..
+					if occurenceSub == 3 {
+						select {
+						case communication.HandleBootstrap <- "restart":
+							log.Log.Info("components.Kerberos.ControlAgent(): Restarting machinery because of blocking substream.")
+						case <-time.After(1 * time.Second):
+							log.Log.Info("components.Kerberos.ControlAgent(): Restarting machinery because of blocking substream timed out")
+						}
+						occurenceSub = 0
+					}
+				}
+
 				previousPacket = packageCounter.Load().(int64)
+				previousPacketSub = packageSubCounter.Load().(int64)
 			}

 			time.Sleep(5 * time.Second)
 		}
 	}()
-	log.Log.Debug("ControlAgent: finished")
+	log.Log.Debug("components.Kerberos.ControlAgent(): finished")
+}
+
+// GetDashboard godoc
+// @Router /api/dashboard [get]
+// @ID dashboard
+// @Tags general
+// @Summary Get all information showed on the dashboard.
+// @Description Get all information showed on the dashboard.
+// @Success 200
+func GetDashboard(c *gin.Context, configDirectory string, configuration *models.Configuration, communication *models.Communication) {
+
+	// Check if camera is online.
+	cameraIsOnline := communication.CameraConnected
+
+	// If an agent is properly setup with Kerberos Hub, we will send
+	// a ping to Kerberos Hub every 15seconds. On receiving a positive response
+	// it will update the CloudTimestamp value.
+	cloudIsOnline := false
+	if communication.CloudTimestamp != nil && communication.CloudTimestamp.Load() != nil {
+		timestamp := communication.CloudTimestamp.Load().(int64)
+		if timestamp > 0 {
+			cloudIsOnline = true
+		}
+	}
+
+	// The total number of recordings stored in the directory.
+	recordingDirectory := configDirectory + "/data/recordings"
+	numberOfRecordings := utils.NumberOfMP4sInDirectory(recordingDirectory)
+
+	// All days stored in this agent.
+	days := []string{}
+	latestEvents := []models.Media{}
+	files, err := utils.ReadDirectory(recordingDirectory)
+	if err == nil {
+		events := utils.GetSortedDirectory(files)
+
+		// Get All days
+		days = utils.GetDays(events, recordingDirectory, configuration)
+
+		// Get all latest events
+		var eventFilter models.EventFilter
+		eventFilter.NumberOfElements = 5
+		latestEvents = utils.GetMediaFormatted(events, recordingDirectory, configuration, eventFilter) // will get 5 latest recordings.
+	}
+
+	c.JSON(200, gin.H{
+		"offlineMode":        configuration.Config.Offline,
+		"cameraOnline":       cameraIsOnline,
+		"cloudOnline":        cloudIsOnline,
+		"numberOfRecordings": numberOfRecordings,
+		"days":               days,
+		"latestEvents":       latestEvents,
+	})
+}
+
+// GetLatestEvents godoc
+// @Router /api/latest-events [post]
+// @ID latest-events
+// @Tags general
+// @Param eventFilter body models.EventFilter true "Event filter"
+// @Summary Get the latest recordings (events) from the recordings directory.
+// @Description Get the latest recordings (events) from the recordings directory.
+// @Success 200
+func GetLatestEvents(c *gin.Context, configDirectory string, configuration *models.Configuration, communication *models.Communication) {
+	var eventFilter models.EventFilter
+	err := c.BindJSON(&eventFilter)
+	if err == nil {
+		// Default to 10 if no limit is set.
+		if eventFilter.NumberOfElements == 0 {
+			eventFilter.NumberOfElements = 10
+		}
+		recordingDirectory := configDirectory + "/data/recordings"
+		files, err := utils.ReadDirectory(recordingDirectory)
+		if err == nil {
+			events := utils.GetSortedDirectory(files)
+			// We will get all recordings from the directory (as defined by the filter).
+			fileObjects := utils.GetMediaFormatted(events, recordingDirectory, configuration, eventFilter)
+			c.JSON(200, gin.H{
+				"events": fileObjects,
+			})
+		} else {
+			c.JSON(400, gin.H{
+				"data": "Something went wrong: " + err.Error(),
+			})
+		}
+	} else {
+		c.JSON(400, gin.H{
+			"data": "Something went wrong: " + err.Error(),
+		})
+	}
+}
+
+// GetDays godoc
+// @Router /api/days [get]
+// @ID days
+// @Tags general
+// @Summary Get all days stored in the recordings directory.
+// @Description Get all days stored in the recordings directory.
+// @Success 200
+func GetDays(c *gin.Context, configDirectory string, configuration *models.Configuration, communication *models.Communication) {
+	recordingDirectory := configDirectory + "/data/recordings"
+	files, err := utils.ReadDirectory(recordingDirectory)
+	if err == nil {
+		events := utils.GetSortedDirectory(files)
+		days := utils.GetDays(events, recordingDirectory, configuration)
+		c.JSON(200, gin.H{
+			"events": days,
+		})
+	} else {
+		c.JSON(400, gin.H{
+			"data": "Something went wrong: " + err.Error(),
+		})
+	}
+}
+
+// StopAgent godoc
+// @Router /api/camera/stop [post]
+// @ID camera-stop
+// @Tags camera
+// @Summary Stop the agent.
+// @Description Stop the agent.
+// @Success 200 {object} models.APIResponse
+func StopAgent(c *gin.Context, communication *models.Communication) {
+	log.Log.Info("components.Kerberos.StopAgent(): sending signal to stop agent, this will os.Exit(0).")
+	select {
+	case communication.HandleBootstrap <- "stop":
+		log.Log.Info("components.Kerberos.StopAgent(): Stopping machinery.")
+	case <-time.After(1 * time.Second):
+		log.Log.Info("components.Kerberos.StopAgent(): Stopping machinery timed out")
+	}
+	c.JSON(200, gin.H{
+		"stopped": true,
+	})
+}
+
+// RestartAgent godoc
+// @Router /api/camera/restart [post]
+// @ID camera-restart
+// @Tags camera
+// @Summary Restart the agent.
+// @Description Restart the agent.
+// @Success 200 {object} models.APIResponse
+func RestartAgent(c *gin.Context, communication *models.Communication) {
+	log.Log.Info("components.Kerberos.RestartAgent(): sending signal to restart agent.")
+	select {
+	case communication.HandleBootstrap <- "restart":
+		log.Log.Info("components.Kerberos.RestartAgent(): Restarting machinery.")
+	case <-time.After(1 * time.Second):
+		log.Log.Info("components.Kerberos.RestartAgent(): Restarting machinery timed out")
+	}
+	c.JSON(200, gin.H{
+		"restarted": true,
+	})
+}
+
+// MakeRecording godoc
+// @Router /api/camera/record [post]
+// @ID camera-record
+// @Tags camera
+// @Summary Make a recording.
+// @Description Make a recording.
+// @Success 200 {object} models.APIResponse
+func MakeRecording(c *gin.Context, communication *models.Communication) {
+	log.Log.Info("components.Kerberos.MakeRecording(): sending signal to start recording.")
+	dataToPass := models.MotionDataPartial{
+		Timestamp:       time.Now().Unix(),
+		NumberOfChanges: 100000000, // hack set the number of changes to a high number to force recording
+	}
+	communication.HandleMotion <- dataToPass //Save data to the channel
+	c.JSON(200, gin.H{
+		"recording": true,
+	})
+}
+
+// GetSnapshotBase64 godoc
+// @Router /api/camera/snapshot/base64 [get]
+// @ID snapshot-base64
+// @Tags camera
+// @Summary Get a snapshot from the camera in base64.
+// @Description Get a snapshot from the camera in base64.
+// @Success 200
+func GetSnapshotBase64(c *gin.Context, captureDevice *capture.Capture, configuration *models.Configuration, communication *models.Communication) {
+	// We'll try to get a snapshot from the camera.
+	base64Image := capture.Base64Image(captureDevice, communication)
+	if base64Image != "" {
+		communication.Image = base64Image
+	}
+
+	c.JSON(200, gin.H{
+		"base64": communication.Image,
+	})
+}
+
+// GetSnapshotJpeg godoc
+// @Router /api/camera/snapshot/jpeg [get]
+// @ID snapshot-jpeg
+// @Tags camera
+// @Summary Get a snapshot from the camera in jpeg format.
+// @Description Get a snapshot from the camera in jpeg format.
+// @Success 200
+func GetSnapshotRaw(c *gin.Context, captureDevice *capture.Capture, configuration *models.Configuration, communication *models.Communication) {
+	// We'll try to get a snapshot from the camera.
+	image := capture.JpegImage(captureDevice, communication)
+
+	// encode image to jpeg
+	bytes, _ := utils.ImageToBytes(&image)
+
+	// Return image/jpeg
+	c.Data(200, "image/jpeg", bytes)
+}
+
+// GetConfig godoc
+// @Router /api/config [get]
+// @ID config
+// @Tags config
+// @Summary Get the current configuration.
+// @Description Get the current configuration.
+// @Success 200
+func GetConfig(c *gin.Context, captureDevice *capture.Capture, configuration *models.Configuration, communication *models.Communication) {
+	// We'll try to get a snapshot from the camera.
+	base64Image := capture.Base64Image(captureDevice, communication)
+	if base64Image != "" {
+		communication.Image = base64Image
+	}
+
+	c.JSON(200, gin.H{
+		"config":   configuration.Config,
+		"custom":   configuration.CustomConfig,
+		"global":   configuration.GlobalConfig,
+		"snapshot": communication.Image,
+	})
+}
+
+// UpdateConfig godoc
+// @Router /api/config [post]
+// @ID config
+// @Tags config
+// @Param config body models.Config true "Configuration"
+// @Summary Update the current configuration.
+// @Description Update the current configuration.
+// @Success 200
+func UpdateConfig(c *gin.Context, configDirectory string, configuration *models.Configuration, communication *models.Communication) {
+	var config models.Config
+	err := c.BindJSON(&config)
+	if err == nil {
+		err := configService.SaveConfig(configDirectory, config, configuration, communication)
+		if err == nil {
+			c.JSON(200, gin.H{
+				"data": "☄ Reconfiguring",
+			})
+		} else {
+			c.JSON(200, gin.H{
+				"data": "☄ Reconfiguring",
+			})
+		}
+	} else {
+		c.JSON(400, gin.H{
+			"data": "Something went wrong: " + err.Error(),
+		})
+	}
 }
--- a/machinery/src/components/Onvif.go
+++ b/machinery/src/components/Onvif.go
@@ -1,25 +0,0 @@
-package components
-
-import (
-	"time"
-
-	"github.com/cedricve/go-onvif"
-	"github.com/kerberos-io/agent/machinery/src/log"
-)
-
-func Discover(timeout time.Duration) {
-	log.Log.Info("Discovering devices")
-	log.Log.Info("Waiting for " + (timeout * time.Second).String())
-	devices, err := onvif.StartDiscovery(timeout * time.Second)
-	if err != nil {
-		log.Log.Error(err.Error())
-	} else {
-		for _, device := range devices {
-			hostname, _ := device.GetHostname()
-			log.Log.Info(hostname.Name)
-		}
-		if len(devices) == 0 {
-			log.Log.Info("No devices descovered\n")
-		}
-	}
-}
--- a/machinery/src/components/Stream.go
+++ b/machinery/src/components/Stream.go
@@ -1,93 +0,0 @@
-package components
-
-import (
-	"fmt"
-	"image"
-	"image/jpeg"
-	"log"
-	"time"
-
-	"github.com/deepch/vdk/av"
-	"github.com/deepch/vdk/codec/h264parser"
-	"github.com/deepch/vdk/format/rtsp"
-	"github.com/nsmith5/mjpeg"
-)
-
-type Stream struct {
-	Name   string
-	Url    string
-	Debug  bool
-	Codecs string
-}
-
-func CreateStream(name string, url string) *Stream {
-	return &Stream{
-		Name: name,
-		Url:  url,
-	}
-}
-
-func (s Stream) Open() *rtsp.Client {
-
-	// Enable debugging
-	if s.Debug {
-		rtsp.DebugRtsp = true
-	}
-
-	fmt.Println("Dialing in to " + s.Url)
-	session, err := rtsp.Dial(s.Url)
-	if err != nil {
-		log.Println("Something went wrong dialing into stream: ", err)
-		time.Sleep(5 * time.Second)
-	}
-	session.RtpKeepAliveTimeout = 10 * time.Second
-	return session
-}
-
-func (s Stream) Close(session *rtsp.Client) {
-	fmt.Println("Closing RTSP session.")
-	err := session.Close()
-	if err != nil {
-		log.Println("Something went wrong while closing your RTSP session: ", err)
-	}
-}
-
-func (s Stream) GetCodecs() []av.CodecData {
-	session := s.Open()
-	codec, err := session.Streams()
-	log.Println("Reading codecs from stream: ", codec)
-	if err != nil {
-		log.Println("Something went wrong while reading codecs from stream: ", err)
-		time.Sleep(5 * time.Second)
-	}
-	s.Close(session)
-	return codec
-}
-
-func (s Stream) ReadPackets(packetChannel chan av.Packet) {
-	session := s.Open()
-	for {
-		packet, err := session.ReadPacket()
-		if err != nil {
-			break
-		}
-		if len(packetChannel) < cap(packetChannel) {
-			packetChannel <- packet
-		}
-	}
-	s.Close(session)
-}
-
-func GetSPSFromCodec(codecs []av.CodecData) ([]byte, []byte) {
-	sps := codecs[0].(h264parser.CodecData).SPS()
-	pps := codecs[0].(h264parser.CodecData).PPS()
-	return sps, pps
-}
-
-func StartMotionJPEG(imageFunction func() (image.Image, error), quality int) mjpeg.Handler {
-	stream := mjpeg.Handler{
-		Next:    imageFunction,
-		Options: &jpeg.Options{Quality: quality},
-	}
-	return stream
-}
--- a/machinery/src/components/backchannel.go
+++ b/machinery/src/components/backchannel.go
@@ -0,0 +1,95 @@
+package components
+
+import (
+	"bufio"
+	"fmt"
+	"os"
+	"time"
+
+	"github.com/kerberos-io/agent/machinery/src/capture"
+	"github.com/kerberos-io/agent/machinery/src/log"
+	"github.com/kerberos-io/agent/machinery/src/models"
+	"github.com/kerberos-io/agent/machinery/src/packets"
+	"github.com/kerberos-io/joy4/av"
+	"github.com/pion/rtp"
+	"github.com/zaf/g711"
+)
+
+func GetBackChannelAudioCodec(streams []av.CodecData, communication *models.Communication) av.AudioCodecData {
+	for _, stream := range streams {
+		if stream.Type().IsAudio() {
+			if stream.Type().String() == "PCM_MULAW" {
+				pcmuCodec := stream.(av.AudioCodecData)
+				if pcmuCodec.IsBackChannel() {
+					communication.HasBackChannel = true
+					return pcmuCodec
+				}
+			}
+		}
+	}
+	return nil
+}
+
+func WriteAudioToBackchannel(communication *models.Communication, rtspClient capture.RTSPClient) {
+	log.Log.Info("Audio.WriteAudioToBackchannel(): writing to backchannel audio codec")
+	length := uint32(0)
+	sequenceNumber := uint16(0)
+	for audio := range communication.HandleAudio {
+		// Encode PCM to MULAW
+		var bufferUlaw []byte
+		for _, v := range audio.Data {
+			b := g711.EncodeUlawFrame(v)
+			bufferUlaw = append(bufferUlaw, b)
+		}
+
+		pkt := packets.Packet{
+			Packet: &rtp.Packet{
+				Header: rtp.Header{
+					Version:        2,
+					Marker:         true, // should be true
+					PayloadType:    0,    //packet.PayloadType, // will be owerwriten
+					SequenceNumber: sequenceNumber,
+					Timestamp:      uint32(length),
+					SSRC:           1293847657,
+				},
+				Payload: bufferUlaw,
+			},
+		}
+		err := rtspClient.WritePacket(pkt)
+		if err != nil {
+			log.Log.Error("Audio.WriteAudioToBackchannel(): error writing packet to backchannel")
+		}
+
+		length = (length + uint32(len(bufferUlaw))) % 65536
+		sequenceNumber = (sequenceNumber + 1) % 65535
+		time.Sleep(128 * time.Millisecond)
+	}
+	log.Log.Info("Audio.WriteAudioToBackchannel(): finished")
+
+}
+
+func WriteFileToBackChannel(infile av.DemuxCloser) {
+	// Do the warmup!
+	file, err := os.Open("./audiofile.bye")
+	if err != nil {
+		fmt.Println("WriteFileToBackChannel: error opening audiofile.bye file")
+	}
+	defer file.Close()
+
+	// Read file into buffer
+	reader := bufio.NewReader(file)
+	buffer := make([]byte, 1024)
+
+	count := 0
+	for {
+		_, err := reader.Read(buffer)
+		if err != nil {
+			break
+		}
+		// Send to backchannel
+		infile.Write(buffer, 2, uint32(count))
+
+		count = count + 1024
+		time.Sleep(128 * time.Millisecond)
+	}
+}
--- a/machinery/src/computervision/main.go
+++ b/machinery/src/computervision/main.go
@@ -1,28 +1,23 @@
 package computervision

 import (
-	"bufio"
-	"bytes"
-	"encoding/base64"
 	"image"
-	"image/jpeg"
-	"sync"
 	"time"

 	mqtt "github.com/eclipse/paho.mqtt.golang"
 	geo "github.com/kellydunn/golang-geo"
 	"github.com/kerberos-io/agent/machinery/src/capture"
+	"github.com/kerberos-io/agent/machinery/src/conditions"
 	"github.com/kerberos-io/agent/machinery/src/log"
 	"github.com/kerberos-io/agent/machinery/src/models"
-	"github.com/kerberos-io/joy4/av"
-	"github.com/kerberos-io/joy4/av/pubsub"
-	"github.com/kerberos-io/joy4/cgo/ffmpeg"
+	"github.com/kerberos-io/agent/machinery/src/packets"
 )

-func ProcessMotion(motionCursor *pubsub.QueueCursor, configuration *models.Configuration, communication *models.Communication, mqttClient mqtt.Client, decoder *ffmpeg.VideoDecoder, decoderMutex *sync.Mutex) { //, wg *sync.WaitGroup) {
+func ProcessMotion(motionCursor *packets.QueueCursor, configuration *models.Configuration, communication *models.Communication, mqttClient mqtt.Client, rtspClient capture.RTSPClient) {

-	log.Log.Debug("ProcessMotion: started")
+	log.Log.Debug("computervision.main.ProcessMotion(): start motion detection")
 	config := configuration.Config
+	loc, _ := time.LoadLocation(config.Timezone)

 	var isPixelChangeThresholdReached = false
 	var changesToReturn = 0
@@ -35,33 +30,30 @@ func ProcessMotion(motionCursor *pubsub.QueueCursor, configuration *models.Confi

 	if config.Capture.Continuous == "true" {

-		log.Log.Info("ProcessMotion: Continuous recording, so no motion detection.")
+		log.Log.Info("computervision.main.ProcessMotion(): you've enabled continuous recording, so no motion detection required.")

 	} else {

-		log.Log.Info("ProcessMotion: Motion detection enabled.")
+		log.Log.Info("computervision.main.ProcessMotion(): motion detected is enabled, so starting the motion detection.")

 		hubKey := config.HubKey
 		deviceKey := config.Key

-		// Allocate a VideoFrame
-		frame := ffmpeg.AllocVideoFrame()
-
 		// Initialise first 2 elements
 		var imageArray [3]*image.Gray

 		j := 0

 		var cursorError error
-		var pkt av.Packet
+		var pkt packets.Packet

 		for cursorError == nil {
 			pkt, cursorError = motionCursor.ReadPacket()
 			// Check If valid package.
 			if len(pkt.Data) > 0 && pkt.IsKeyFrame {
-				grayImage, err := GetGrayImage(frame, pkt, decoder, decoderMutex)
+				grayImage, err := rtspClient.DecodePacketRaw(pkt)
 				if err == nil {
-					imageArray[j] = grayImage
+					imageArray[j] = &grayImage
 					j++
 				}
 			}
@@ -70,34 +62,33 @@ func ProcessMotion(motionCursor *pubsub.QueueCursor, configuration *models.Confi
 			}
 		}

-		img := imageArray[0]
-		if img != nil {
+		// Calculate mask
+		var polyObjects []geo.Polygon

-			// Calculate mask
-			var polyObjects []geo.Polygon
-
-			if config.Region != nil {
-				for _, polygon := range config.Region.Polygon {
-					coords := polygon.Coordinates
-					poly := geo.Polygon{}
-					for _, c := range coords {
-						x := c.X
-						y := c.Y
-						p := geo.NewPoint(x, y)
-						if !poly.Contains(p) {
-							poly.Add(p)
-						}
+		if config.Region != nil {
+			for _, polygon := range config.Region.Polygon {
+				coords := polygon.Coordinates
+				poly := geo.Polygon{}
+				for _, c := range coords {
+					x := c.X
+					y := c.Y
+					p := geo.NewPoint(x, y)
+					if !poly.Contains(p) {
+						poly.Add(p)
 					}
-					polyObjects = append(polyObjects, poly)
 				}
+				polyObjects = append(polyObjects, poly)
 			}
+		}

+		img := imageArray[0]
+		var coordinatesToCheck []int
+		if img != nil {
 			bounds := img.Bounds()
 			rows := bounds.Dy()
 			cols := bounds.Dx()

 			// Make fixed size array of uinty8
-			var coordinatesToCheck []int
 			for y := 0; y < rows; y++ {
 				for x := 0; x < cols; x++ {
 					for _, poly := range polyObjects {
@@ -108,10 +99,13 @@ func ProcessMotion(motionCursor *pubsub.QueueCursor, configuration *models.Confi
 					}
 				}
 			}
+		}
+
+		// If no region is set, we'll skip the motion detection
+		if len(coordinatesToCheck) > 0 {

 			// Start the motion detection
 			i := 0
-			loc, _ := time.LoadLocation(config.Timezone)

 			for cursorError == nil {
 				pkt, cursorError = motionCursor.ReadPacket()
@@ -121,81 +115,58 @@ func ProcessMotion(motionCursor *pubsub.QueueCursor, configuration *models.Confi
 					continue
 				}

-				grayImage, err := GetGrayImage(frame, pkt, decoder, decoderMutex)
+				grayImage, err := rtspClient.DecodePacketRaw(pkt)
 				if err == nil {
-					imageArray[2] = grayImage
+					imageArray[2] = &grayImage
 				}

-				// Store snapshots (jpg) for hull.
-				if config.Capture.Snapshots != "false" {
-					StoreSnapshot(communication, frame, pkt, decoder, decoderMutex)
-				}
-
-				// Check if within time interval
-				detectMotion := true
-				timeEnabled := config.Time
-				if timeEnabled != "false" {
-					now := time.Now().In(loc)
-					weekday := now.Weekday()
-					hour := now.Hour()
-					minute := now.Minute()
-					second := now.Second()
-					if config.Timetable != nil && len(config.Timetable) > 0 {
-						timeInterval := config.Timetable[int(weekday)]
-						if timeInterval != nil {
-							start1 := timeInterval.Start1
-							end1 := timeInterval.End1
-							start2 := timeInterval.Start2
-							end2 := timeInterval.End2
-							currentTimeInSeconds := hour*60*60 + minute*60 + second
-							if (currentTimeInSeconds >= start1 && currentTimeInSeconds <= end1) ||
-								(currentTimeInSeconds >= start2 && currentTimeInSeconds <= end2) {
-
-							} else {
-								detectMotion = false
-								log.Log.Info("ProcessMotion: Time interval not valid, disabling motion detection.")
-							}
-						}
-					}
+				// We might have different conditions enabled such as time window or uri response.
+				// We'll validate those conditions and if not valid we'll not do anything.
+				detectMotion, err := conditions.Validate(loc, configuration)
+				if !detectMotion && err != nil {
+					log.Log.Debug("computervision.main.ProcessMotion(): " + err.Error() + ".")
 				}

 				if config.Capture.Motion != "false" {

-					// Remember additional information about the result of findmotion
-					isPixelChangeThresholdReached, changesToReturn = FindMotion(imageArray, coordinatesToCheck, pixelThreshold)
-					if detectMotion && isPixelChangeThresholdReached {
+					if detectMotion {

-						// If offline mode is disabled, send a message to the hub
-						if config.Offline != "true" {
-							if mqttClient != nil {
-								if hubKey != "" {
-									message := models.Message{
-										Payload: models.Payload{
-											Action:   "motion",
-											DeviceId: configuration.Config.Key,
-											Value: map[string]interface{}{
-												"timestamp": time.Now().Unix(),
+						// Remember additional information about the result of findmotion
+						isPixelChangeThresholdReached, changesToReturn = FindMotion(imageArray, coordinatesToCheck, pixelThreshold)
+						if isPixelChangeThresholdReached {
+
+							// If offline mode is disabled, send a message to the hub
+							if config.Offline != "true" {
+								if mqttClient != nil {
+									if hubKey != "" {
+										message := models.Message{
+											Payload: models.Payload{
+												Action:   "motion",
+												DeviceId: configuration.Config.Key,
+												Value: map[string]interface{}{
+													"timestamp": time.Now().Unix(),
+												},
 											},
-										},
-									}
-									payload, err := models.PackageMQTTMessage(configuration, message)
-									if err == nil {
-										mqttClient.Publish("kerberos/hub/"+hubKey, 0, false, payload)
+										}
+										payload, err := models.PackageMQTTMessage(configuration, message)
+										if err == nil {
+											mqttClient.Publish("kerberos/hub/"+hubKey, 2, false, payload)
+										} else {
+											log.Log.Info("computervision.main.ProcessMotion(): failed to package MQTT message: " + err.Error())
+										}
 									} else {
-										log.Log.Info("ProcessMotion: failed to package MQTT message: " + err.Error())
+										mqttClient.Publish("kerberos/agent/"+deviceKey, 2, false, "motion")
 									}
-								} else {
-									mqttClient.Publish("kerberos/agent/"+deviceKey, 2, false, "motion")
 								}
 							}
-						}

-						if config.Capture.Recording != "false" {
-							dataToPass := models.MotionDataPartial{
-								Timestamp:       time.Now().Unix(),
-								NumberOfChanges: changesToReturn,
+							if config.Capture.Recording != "false" {
+								dataToPass := models.MotionDataPartial{
+									Timestamp:       time.Now().Unix(),
+									NumberOfChanges: changesToReturn,
+								}
+								communication.HandleMotion <- dataToPass //Save data to the channel
 							}
-							communication.HandleMotion <- dataToPass //Save data to the channel
 						}
 					}

@@ -209,11 +180,9 @@ func ProcessMotion(motionCursor *pubsub.QueueCursor, configuration *models.Confi
 				img = nil
 			}
 		}
-
-		frame.Free()
 	}

-	log.Log.Debug("ProcessMotion: finished")
+	log.Log.Debug("computervision.main.ProcessMotion(): stop the motion detection.")
 }

 func FindMotion(imageArray [3]*image.Gray, coordinatesToCheck []int, pixelChangeThreshold int) (thresholdReached bool, changesDetected int) {
@@ -225,29 +194,6 @@ func FindMotion(imageArray [3]*image.Gray, coordinatesToCheck []int, pixelChange
 	return changes > pixelChangeThreshold, changes
 }

-func GetGrayImage(frame *ffmpeg.VideoFrame, pkt av.Packet, dec *ffmpeg.VideoDecoder, decoderMutex *sync.Mutex) (*image.Gray, error) {
-	_, err := capture.DecodeImage(frame, pkt, dec, decoderMutex)
-
-	// Do a deep copy of the image
-	imgDeepCopy := image.NewGray(frame.ImageGray.Bounds())
-	imgDeepCopy.Stride = frame.ImageGray.Stride
-	copy(imgDeepCopy.Pix, frame.ImageGray.Pix)
-
-	return imgDeepCopy, err
-}
-
-func GetRawImage(frame *ffmpeg.VideoFrame, pkt av.Packet, dec *ffmpeg.VideoDecoder, decoderMutex *sync.Mutex) (*ffmpeg.VideoFrame, error) {
-	_, err := capture.DecodeImage(frame, pkt, dec, decoderMutex)
-	return frame, err
-}
-
-func ImageToBytes(img image.Image) ([]byte, error) {
-	buffer := new(bytes.Buffer)
-	w := bufio.NewWriter(buffer)
-	err := jpeg.Encode(w, img, &jpeg.Options{Quality: 15})
-	return buffer.Bytes(), err
-}
-
 func AbsDiffBitwiseAndThreshold(img1 *image.Gray, img2 *image.Gray, img3 *image.Gray, threshold int, coordinatesToCheck []int) int {
 	changes := 0
 	for i := 0; i < len(coordinatesToCheck); i++ {
@@ -260,16 +206,3 @@ func AbsDiffBitwiseAndThreshold(img1 *image.Gray, img2 *image.Gray, img3 *image.
 	}
 	return changes
 }
-
-func StoreSnapshot(communication *models.Communication, frame *ffmpeg.VideoFrame, pkt av.Packet, decoder *ffmpeg.VideoDecoder, decoderMutex *sync.Mutex) {
-	rgbImage, err := GetRawImage(frame, pkt, decoder, decoderMutex)
-	if err == nil {
-		buffer := new(bytes.Buffer)
-		w := bufio.NewWriter(buffer)
-		err := jpeg.Encode(w, &rgbImage.Image, &jpeg.Options{Quality: 15})
-		if err == nil {
-			snapshot := base64.StdEncoding.EncodeToString(buffer.Bytes())
-			communication.Image = snapshot
-		}
-	}
-}
--- a/machinery/src/conditions/main.go
+++ b/machinery/src/conditions/main.go
@@ -0,0 +1,28 @@
+package conditions
+
+import (
+	"errors"
+	"time"
+
+	"github.com/kerberos-io/agent/machinery/src/models"
+)
+
+func Validate(loc *time.Location, configuration *models.Configuration) (valid bool, err error) {
+	valid = true
+	err = nil
+
+	withinTimeInterval := IsWithinTimeInterval(loc, configuration)
+	if !withinTimeInterval {
+		valid = false
+		err = errors.New("time interval not valid")
+		return
+	}
+	validUriResponse := IsValidUriResponse(configuration)
+	if !validUriResponse {
+		valid = false
+		err = errors.New("uri response not valid")
+		return
+	}
+
+	return
+}
--- a/machinery/src/conditions/timewindow.go
+++ b/machinery/src/conditions/timewindow.go
@@ -0,0 +1,39 @@
+package conditions
+
+import (
+	"time"
+
+	"github.com/kerberos-io/agent/machinery/src/log"
+	"github.com/kerberos-io/agent/machinery/src/models"
+)
+
+func IsWithinTimeInterval(loc *time.Location, configuration *models.Configuration) (enabled bool) {
+	config := configuration.Config
+	timeEnabled := config.Time
+	enabled = true
+	if timeEnabled != "false" {
+		now := time.Now().In(loc)
+		weekday := now.Weekday()
+		hour := now.Hour()
+		minute := now.Minute()
+		second := now.Second()
+		if config.Timetable != nil && len(config.Timetable) > 0 {
+			timeInterval := config.Timetable[int(weekday)]
+			if timeInterval != nil {
+				start1 := timeInterval.Start1
+				end1 := timeInterval.End1
+				start2 := timeInterval.Start2
+				end2 := timeInterval.End2
+				currentTimeInSeconds := hour*60*60 + minute*60 + second
+				if (currentTimeInSeconds >= start1 && currentTimeInSeconds <= end1) ||
+					(currentTimeInSeconds >= start2 && currentTimeInSeconds <= end2) {
+					log.Log.Debug("conditions.timewindow.IsWithinTimeInterval(): time interval valid, enabling recording.")
+				} else {
+					log.Log.Info("conditions.timewindow.IsWithinTimeInterval(): time interval not valid, disabling recording.")
+					enabled = false
+				}
+			}
+		}
+	}
+	return
+}
--- a/machinery/src/conditions/uri.go
+++ b/machinery/src/conditions/uri.go
@@ -0,0 +1,59 @@
+package conditions
+
+import (
+	"bytes"
+	"crypto/tls"
+	"fmt"
+	"net/http"
+	"os"
+	"time"
+
+	"github.com/kerberos-io/agent/machinery/src/log"
+	"github.com/kerberos-io/agent/machinery/src/models"
+)
+
+func IsValidUriResponse(configuration *models.Configuration) (enabled bool) {
+	config := configuration.Config
+	conditionURI := config.ConditionURI
+	enabled = true
+	if conditionURI != "" {
+
+		// We will send a POST request to the conditionURI, and expect a 200 response.
+		// In the payload we will send some information, so the other end can decide
+		// if it should enable or disable recording.
+
+		var client *http.Client
+		if os.Getenv("AGENT_TLS_INSECURE") == "true" {
+			tr := &http.Transport{
+				TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+			}
+			client = &http.Client{Transport: tr}
+		} else {
+			client = &http.Client{}
+		}
+
+		var object = fmt.Sprintf(`{
+			"camera_id" : "%s",
+			"camera_name" : "%s",
+			"site_id" : "%s",
+			"hub_key" : "%s",
+			"timestamp" : "%s",
+		}`, config.Key, config.FriendlyName, config.HubSite, config.HubKey, time.Now().Format("2006-01-02 15:04:05"))
+
+		var jsonStr = []byte(object)
+		buffy := bytes.NewBuffer(jsonStr)
+		req, _ := http.NewRequest("POST", conditionURI, buffy)
+		req.Header.Set("Content-Type", "application/json")
+		resp, err := client.Do(req)
+		if resp != nil {
+			resp.Body.Close()
+		}
+		if err == nil && resp.StatusCode == 200 {
+			log.Log.Info("conditions.uri.IsValidUriResponse(): response 200, enabling recording.")
+		} else {
+			log.Log.Info("conditions.uri.IsValidUriResponse(): response not 200, disabling recording.")
+			enabled = false
+		}
+	}
+	return
+}
--- a/machinery/src/config/main.go
+++ b/machinery/src/config/main.go
@@ -4,11 +4,9 @@ import (
 	"context"
 	"encoding/json"
 	"errors"
-	"image"
 	"io/ioutil"
 	"os"
 	"reflect"
-	"sort"
 	"strconv"
 	"strings"
 	"time"
@@ -20,25 +18,6 @@ import (
 	"go.mongodb.org/mongo-driver/bson"
 )

-func GetImageFromFilePath(configDirectory string) (image.Image, error) {
-	snapshotDirectory := configDirectory + "/data/snapshots"
-	files, err := ioutil.ReadDir(snapshotDirectory)
-	if err == nil && len(files) > 1 {
-		sort.Slice(files, func(i, j int) bool {
-			return files[i].ModTime().Before(files[j].ModTime())
-		})
-		filePath := configDirectory + "/data/snapshots/" + files[1].Name()
-		f, err := os.Open(filePath)
-		if err != nil {
-			return nil, err
-		}
-		defer f.Close()
-		image, _, err := image.Decode(f)
-		return image, err
-	}
-	return nil, errors.New("Could not find a snapshot in " + snapshotDirectory)
-}
-
 // ReadUserConfig Reads the user configuration of the Kerberos Open Source instance.
 // This will return a models.User struct including the username, password,
 // selected language, and if the installation was completed or not.
@@ -80,7 +59,7 @@ func OpenConfig(configDirectory string, configuration *models.Configuration) {
 		// Write to mongodb
 		client := database.New()

-		db := client.Database(database.DatabaseName)
+		db := client.Client.Database(database.DatabaseName)
 		collection := db.Collection("configuration")

 		var globalConfig models.Config
@@ -403,10 +382,21 @@ func OverrideWithEnvironmentVariables(configuration *models.Configuration) {
 				configuration.Config.MQTTPassword = value
 				break

+			/* Real-time streaming of keyframes to a MQTT topic */
+			case "AGENT_REALTIME_PROCESSING":
+				configuration.Config.RealtimeProcessing = value
+				break
+			case "AGENT_REALTIME_PROCESSING_TOPIC":
+				configuration.Config.RealtimeProcessingTopic = value
+				break
+
 			/* WebRTC settings for live-streaming (remote) */
 			case "AGENT_STUN_URI":
 				configuration.Config.STUNURI = value
 				break
+			case "AGENT_FORCE_TURN":
+				configuration.Config.ForceTurn = value
+				break
 			case "AGENT_TURN_URI":
 				configuration.Config.TURNURI = value
 				break
@@ -427,6 +417,9 @@ func OverrideWithEnvironmentVariables(configuration *models.Configuration) {
 				break

 			/* When connected and storing in Kerberos Hub (SAAS) */
+			case "AGENT_HUB_ENCRYPTION":
+				configuration.Config.HubEncryption = value
+				break
 			case "AGENT_HUB_URI":
 				configuration.Config.HubURI = value
 				break
@@ -479,7 +472,8 @@ func OverrideWithEnvironmentVariables(configuration *models.Configuration) {
 				configuration.Config.Encryption.Fingerprint = value
 				break
 			case "AGENT_ENCRYPTION_PRIVATE_KEY":
-				configuration.Config.Encryption.PrivateKey = value
+				encryptionPrivateKey := strings.ReplaceAll(value, "\\n", "\n")
+				configuration.Config.Encryption.PrivateKey = encryptionPrivateKey
 				break
 			case "AGENT_ENCRYPTION_SYMMETRIC_KEY":
 				configuration.Config.Encryption.SymmetricKey = value
@@ -502,7 +496,9 @@ func SaveConfig(configDirectory string, config models.Config, configuration *mod
 		if communication.CameraConnected {
 			select {
 			case communication.HandleBootstrap <- "restart":
-			default:
+				log.Log.Info("config.main.SaveConfig(): update config, restart agent.")
+			case <-time.After(1 * time.Second):
+				log.Log.Info("config.main.SaveConfig(): update config, restart agent.")
 			}
 		}

@@ -529,7 +525,7 @@ func StoreConfig(configDirectory string, config models.Config) error {
 		// Write to mongodb
 		client := database.New()

-		db := client.Database(database.DatabaseName)
+		db := client.Client.Database(database.DatabaseName)
 		collection := db.Collection("configuration")

 		ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
--- a/machinery/src/database/main.go
+++ b/machinery/src/database/main.go
@@ -15,12 +15,19 @@ type DB struct {
 	Client *mongo.Client
 }

+var TIMEOUT = 10 * time.Second
 var _init_ctx sync.Once
 var _instance *DB
-var DatabaseName = "KerberosFactory"

-func New() *mongo.Client {
+var DatabaseName = os.Getenv("MONGODB_DATABASE_FACTORY")

+func New() *DB {
+
+	if DatabaseName == "" {
+		DatabaseName = "KerberosFactory"
+	}
+
+	mongodbURI := os.Getenv("MONGODB_URI")
 	host := os.Getenv("MONGODB_HOST")
 	databaseCredentials := os.Getenv("MONGODB_DATABASE_CREDENTIALS")
 	replicaset := os.Getenv("MONGODB_REPLICASET")
@@ -28,28 +35,46 @@ func New() *mongo.Client {
 	password := os.Getenv("MONGODB_PASSWORD")
 	authentication := "SCRAM-SHA-256"

+	ctx, cancel := context.WithTimeout(context.Background(), TIMEOUT)
+	defer cancel()
+
 	_init_ctx.Do(func() {
-		ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-		defer cancel()
-
 		_instance = new(DB)
-		mongodbURI := fmt.Sprintf("mongodb://%s:%s@%s", username, password, host)
-		if replicaset != "" {
-			mongodbURI = fmt.Sprintf("%s/?replicaSet=%s", mongodbURI, replicaset)
-		}

-		client, err := mongo.Connect(ctx, options.Client().ApplyURI(mongodbURI).SetAuth(options.Credential{
-			AuthMechanism: authentication,
-			AuthSource:    databaseCredentials,
-			Username:      username,
-			Password:      password,
-		}))
-		if err != nil {
-			fmt.Printf("Error setting up mongodb connection: %+v\n", err)
-			os.Exit(1)
+		// We can also apply the complete URI
+		// e.g. "mongodb+srv://<username>:<password>@kerberos-hub.shhng.mongodb.net/?retryWrites=true&w=majority&appName=kerberos-hub"
+		if mongodbURI != "" {
+			serverAPI := options.ServerAPI(options.ServerAPIVersion1)
+			opts := options.Client().ApplyURI(mongodbURI).SetServerAPIOptions(serverAPI)
+
+			// Create a new client and connect to the server
+			client, err := mongo.Connect(ctx, opts)
+			if err != nil {
+				fmt.Printf("Error setting up mongodb connection: %+v\n", err)
+				os.Exit(1)
+			}
+			_instance.Client = client
+
+		} else {
+
+			// New MongoDB driver
+			mongodbURI := fmt.Sprintf("mongodb://%s:%s@%s", username, password, host)
+			if replicaset != "" {
+				mongodbURI = fmt.Sprintf("%s/?replicaSet=%s", mongodbURI, replicaset)
+			}
+			client, err := mongo.Connect(ctx, options.Client().ApplyURI(mongodbURI).SetAuth(options.Credential{
+				AuthMechanism: authentication,
+				AuthSource:    databaseCredentials,
+				Username:      username,
+				Password:      password,
+			}))
+			if err != nil {
+				fmt.Printf("Error setting up mongodb connection: %+v\n", err)
+				os.Exit(1)
+			}
+			_instance.Client = client
 		}
-		_instance.Client = client
 	})

-	return _instance.Client
+	return _instance
 }
--- a/machinery/src/encryption/main.go
+++ b/machinery/src/encryption/main.go
@@ -14,27 +14,15 @@ import (
 	"hash"
 )

-// DecryptWithPrivateKey decrypts data with private key
 func DecryptWithPrivateKey(ciphertext string, privateKey *rsa.PrivateKey) ([]byte, error) {
-
-	// decode our encrypted string into cipher bytes
 	cipheredValue, _ := base64.StdEncoding.DecodeString(ciphertext)
-
-	// decrypt the data
 	out, err := rsa.DecryptPKCS1v15(nil, privateKey, cipheredValue)
-
 	return out, err
 }

-// SignWithPrivateKey signs data with private key
 func SignWithPrivateKey(data []byte, privateKey *rsa.PrivateKey) ([]byte, error) {
-
-	// hash the data with sha256
 	hashed := sha256.Sum256(data)
-
-	// sign the data
 	signature, err := rsa.SignPKCS1v15(nil, privateKey, crypto.SHA256, hashed[:])
-
 	return signature, err
 }

@@ -59,16 +47,10 @@ func AesEncrypt(content []byte, password string) ([]byte, error) {
 	copy(cipherText[:8], []byte("Salted__"))
 	copy(cipherText[8:16], salt)
 	copy(cipherText[16:], cipherBytes)
-
-	//cipherText := base64.StdEncoding.EncodeToString(data)
 	return cipherText, nil
 }

 func AesDecrypt(cipherText []byte, password string) ([]byte, error) {
-	//data, err := base64.StdEncoding.DecodeString(cipherText)
-	//if err != nil {
-	//	return nil, err
-	//}
 	if string(cipherText[:8]) != "Salted__" {
 		return nil, errors.New("invalid crypto js aes encryption")
 	}
@@ -92,8 +74,6 @@ func AesDecrypt(cipherText []byte, password string) ([]byte, error) {
 	return result, nil
 }

-// https://stackoverflow.com/questions/27677236/encryption-in-javascript-and-decryption-with-php/27678978#27678978
-// https://github.com/brix/crypto-js/blob/8e6d15bf2e26d6ff0af5277df2604ca12b60a718/src/evpkdf.js#L55
 func EvpKDF(password []byte, salt []byte, keySize int, iterations int, hashAlgorithm string) ([]byte, error) {
 	var block []byte
 	var hasher hash.Hash
@@ -124,7 +104,6 @@ func EvpKDF(password []byte, salt []byte, keySize int, iterations int, hashAlgor
 }

 func DefaultEvpKDF(password []byte, salt []byte) (key []byte, iv []byte, err error) {
-	// https://github.com/brix/crypto-js/blob/8e6d15bf2e26d6ff0af5277df2604ca12b60a718/src/cipher-core.js#L775
 	keySize := 256 / 32
 	ivSize := 128 / 32
 	derivedKeyBytes, err := EvpKDF(password, salt, keySize+ivSize, 1, "md5")
@@ -134,7 +113,6 @@ func DefaultEvpKDF(password []byte, salt []byte) (key []byte, iv []byte, err err
 	return derivedKeyBytes[:keySize*4], derivedKeyBytes[keySize*4:], nil
 }

-// https://stackoverflow.com/questions/41579325/golang-how-do-i-decrypt-with-des-cbc-and-pkcs7
 func PKCS5UnPadding(src []byte) []byte {
 	length := len(src)
 	unpadding := int(src[length-1])
--- a/machinery/src/log/main.go
+++ b/machinery/src/log/main.go
@@ -12,7 +12,6 @@ import (
 // The logging library being used everywhere.
 var Log = Logging{
 	Logger: "logrus",
-	Level:  "debug",
 }

 // -----------------
@@ -45,19 +44,44 @@ func ConfigureGoLogging(configDirectory string, timezone *time.Location) {
 // This a logrus
 // -> github.com/sirupsen/logrus

-func ConfigureLogrus(timezone *time.Location) {
-	// Log as JSON instead of the default ASCII formatter.
-	logrus.SetFormatter(LocalTimeZoneFormatter{
-		Timezone:  timezone,
-		Formatter: &logrus.JSONFormatter{},
-	}) // Use local timezone for providing datetime in logs!
+func ConfigureLogrus(level string, output string, timezone *time.Location) {
+
+	if output == "json" {
+		// Log as JSON instead of the default ASCII formatter.
+		logrus.SetFormatter(LocalTimeZoneFormatter{
+			Timezone:  timezone,
+			Formatter: &logrus.JSONFormatter{},
+		})
+	} else if output == "text" {
+		// Log as text with colors.
+		formatter := logrus.TextFormatter{
+			ForceColors:   true,
+			FullTimestamp: true,
+		}
+		logrus.SetFormatter(LocalTimeZoneFormatter{
+			Timezone:  timezone,
+			Formatter: &formatter,
+		})
+	}
+
+	// Use local timezone for providing datetime in logs!

 	// Output to stdout instead of the default stderr
 	// Can be any io.Writer, see below for File example
 	logrus.SetOutput(os.Stdout)

 	// Only log the warning severity or above.
-	logrus.SetLevel(logrus.InfoLevel)
+	logLevel := logrus.InfoLevel
+	if level == "error" {
+		logLevel = logrus.ErrorLevel
+	} else if level == "debug" {
+		logLevel = logrus.DebugLevel
+	} else if level == "fatal" {
+		logLevel = logrus.FatalLevel
+	} else if level == "warning" {
+		logLevel = logrus.WarnLevel
+	} // Add this line for logging filename and line number!
+	logrus.SetLevel(logLevel)
 }

 type LocalTimeZoneFormatter struct {
@@ -72,15 +96,14 @@ func (u LocalTimeZoneFormatter) Format(e *logrus.Entry) ([]byte, error) {

 type Logging struct {
 	Logger string
-	Level  string
 }

-func (self *Logging) Init(configDirectory string, timezone *time.Location) {
+func (self *Logging) Init(level string, logoutput string, configDirectory string, timezone *time.Location) {
 	switch self.Logger {
 	case "go-logging":
 		ConfigureGoLogging(configDirectory, timezone)
 	case "logrus":
-		ConfigureLogrus(timezone)
+		ConfigureLogrus(level, logoutput, timezone)
 	default:
 	}
 }
--- a/machinery/src/models/Communication.go
+++ b/machinery/src/models/Communication.go
@@ -2,11 +2,9 @@ package models

 import (
 	"context"
-	"sync"
 	"sync/atomic"

-	"github.com/kerberos-io/joy4/av/pubsub"
-	"github.com/kerberos-io/joy4/cgo/ffmpeg"
+	"github.com/kerberos-io/agent/machinery/src/packets"
 	"github.com/tevino/abool"
 )

@@ -17,6 +15,8 @@ type Communication struct {
 	CancelContext         *context.CancelFunc
 	PackageCounter        *atomic.Value
 	LastPacketTimer       *atomic.Value
+	PackageCounterSub     *atomic.Value
+	LastPacketTimerSub    *atomic.Value
 	CloudTimestamp        *atomic.Value
 	HandleBootstrap       chan string
 	HandleStream          chan string
@@ -31,13 +31,11 @@ type Communication struct {
 	HandleLiveHDPeers     chan string
 	HandleONVIF           chan OnvifAction
 	IsConfiguring         *abool.AtomicBool
-	Queue                 *pubsub.Queue
-	SubQueue              *pubsub.Queue
-	DecoderMutex          *sync.Mutex
-	SubDecoderMutex       *sync.Mutex
-	Decoder               *ffmpeg.VideoDecoder
-	SubDecoder            *ffmpeg.VideoDecoder
+	Queue                 *packets.Queue
+	SubQueue              *packets.Queue
 	Image                 string
 	CameraConnected       bool
+	MainStreamConnected   bool
+	SubStreamConnected    bool
 	HasBackChannel        bool
 }
--- a/machinery/src/models/Config.go
+++ b/machinery/src/models/Config.go
@@ -12,37 +12,41 @@ type Configuration struct {
 // Config is the highlevel struct which contains all the configuration of
 // your Kerberos Open Source instance.
 type Config struct {
-	Type              string       `json:"type"`
-	Key               string       `json:"key"`
-	Name              string       `json:"name"`
-	FriendlyName      string       `json:"friendly_name"`
-	Time              string       `json:"time" bson:"time"`
-	Offline           string       `json:"offline"`
-	AutoClean         string       `json:"auto_clean"`
-	RemoveAfterUpload string       `json:"remove_after_upload"`
-	MaxDirectorySize  int64        `json:"max_directory_size"`
-	Timezone          string       `json:"timezone"`
-	Capture           Capture      `json:"capture"`
-	Timetable         []*Timetable `json:"timetable"`
-	Region            *Region      `json:"region"`
-	Cloud             string       `json:"cloud" bson:"cloud"`
-	S3                *S3          `json:"s3,omitempty" bson:"s3,omitempty"`
-	KStorage          *KStorage    `json:"kstorage,omitempty" bson:"kstorage,omitempty"`
-	Dropbox           *Dropbox     `json:"dropbox,omitempty" bson:"dropbox,omitempty"`
-	MQTTURI           string       `json:"mqtturi" bson:"mqtturi,omitempty"`
-	MQTTUsername      string       `json:"mqtt_username" bson:"mqtt_username"`
-	MQTTPassword      string       `json:"mqtt_password" bson:"mqtt_password"`
-	STUNURI           string       `json:"stunuri" bson:"stunuri"`
-	TURNURI           string       `json:"turnuri" bson:"turnuri"`
-	TURNUsername      string       `json:"turn_username" bson:"turn_username"`
-	TURNPassword      string       `json:"turn_password" bson:"turn_password"`
-	HeartbeatURI      string       `json:"heartbeaturi" bson:"heartbeaturi"` /*obsolete*/
-	HubURI            string       `json:"hub_uri" bson:"hub_uri"`
-	HubKey            string       `json:"hub_key" bson:"hub_key"`
-	HubPrivateKey     string       `json:"hub_private_key" bson:"hub_private_key"`
-	HubSite           string       `json:"hub_site" bson:"hub_site"`
-	ConditionURI      string       `json:"condition_uri" bson:"condition_uri"`
-	Encryption        *Encryption  `json:"encryption,omitempty" bson:"encryption,omitempty"`
+	Type                    string       `json:"type"`
+	Key                     string       `json:"key"`
+	Name                    string       `json:"name"`
+	FriendlyName            string       `json:"friendly_name"`
+	Time                    string       `json:"time" bson:"time"`
+	Offline                 string       `json:"offline"`
+	AutoClean               string       `json:"auto_clean"`
+	RemoveAfterUpload       string       `json:"remove_after_upload"`
+	MaxDirectorySize        int64        `json:"max_directory_size"`
+	Timezone                string       `json:"timezone"`
+	Capture                 Capture      `json:"capture"`
+	Timetable               []*Timetable `json:"timetable"`
+	Region                  *Region      `json:"region"`
+	Cloud                   string       `json:"cloud" bson:"cloud"`
+	S3                      *S3          `json:"s3,omitempty" bson:"s3,omitempty"`
+	KStorage                *KStorage    `json:"kstorage,omitempty" bson:"kstorage,omitempty"`
+	Dropbox                 *Dropbox     `json:"dropbox,omitempty" bson:"dropbox,omitempty"`
+	MQTTURI                 string       `json:"mqtturi" bson:"mqtturi,omitempty"`
+	MQTTUsername            string       `json:"mqtt_username" bson:"mqtt_username"`
+	MQTTPassword            string       `json:"mqtt_password" bson:"mqtt_password"`
+	STUNURI                 string       `json:"stunuri" bson:"stunuri"`
+	ForceTurn               string       `json:"turn_force" bson:"turn_force"`
+	TURNURI                 string       `json:"turnuri" bson:"turnuri"`
+	TURNUsername            string       `json:"turn_username" bson:"turn_username"`
+	TURNPassword            string       `json:"turn_password" bson:"turn_password"`
+	HeartbeatURI            string       `json:"heartbeaturi" bson:"heartbeaturi"` /*obsolete*/
+	HubEncryption           string       `json:"hub_encryption" bson:"hub_encryption"`
+	HubURI                  string       `json:"hub_uri" bson:"hub_uri"`
+	HubKey                  string       `json:"hub_key" bson:"hub_key"`
+	HubPrivateKey           string       `json:"hub_private_key" bson:"hub_private_key"`
+	HubSite                 string       `json:"hub_site" bson:"hub_site"`
+	ConditionURI            string       `json:"condition_uri" bson:"condition_uri"`
+	Encryption              *Encryption  `json:"encryption,omitempty" bson:"encryption,omitempty"`
+	RealtimeProcessing      string       `json:"realtimeprocessing,omitempty" bson:"realtimeprocessing,omitempty"`
+	RealtimeProcessingTopic string       `json:"realtimeprocessing_topic" bson:"realtimeprocessing_topic"`
 }

 // Capture defines which camera type (Id) you are using (IP, USB or Raspberry Pi camera),
@@ -71,11 +75,14 @@ type Capture struct {
 // IPCamera configuration, such as the RTSP url of the IPCamera and the FPS.
 // Also includes ONVIF integration
 type IPCamera struct {
+	RTSP          string `json:"rtsp"`
 	Width         int    `json:"width"`
 	Height        int    `json:"height"`
 	FPS           string `json:"fps"`
-	RTSP          string `json:"rtsp"`
 	SubRTSP       string `json:"sub_rtsp"`
+	SubWidth      int    `json:"sub_width"`
+	SubHeight     int    `json:"sub_height"`
+	SubFPS        string `json:"sub_fps"`
 	ONVIF         string `json:"onvif,omitempty" bson:"onvif"`
 	ONVIFXAddr    string `json:"onvif_xaddr" bson:"onvif_xaddr"`
 	ONVIFUsername string `json:"onvif_username" bson:"onvif_username"`
--- a/machinery/src/models/MQTT.go
+++ b/machinery/src/models/MQTT.go
@@ -6,7 +6,7 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"encoding/pem"
-	"io/ioutil"
+	"io"
 	"strings"
 	"time"

@@ -27,10 +27,13 @@ func PackageMQTTMessage(configuration *Configuration, msg Message) ([]byte, erro
 	msg.DeviceId = msg.Payload.DeviceId
 	msg.Timestamp = time.Now().Unix()

-	// At the moment we don't do the encryption part, but we'll implement it
-	// once the legacy methods (subscriptions are moved).
+	// Configuration
+	config := configuration.Config
+
+	// Next to hiding the message, we can also encrypt it using your own private key.
+	// Which is not stored in a remote environment (hence you are the only one owning it).
 	msg.Encrypted = false
-	if configuration.Config.Encryption != nil && configuration.Config.Encryption.Enabled == "true" {
+	if config.Encryption != nil && config.Encryption.Enabled == "true" {
 		msg.Encrypted = true
 	}
 	msg.PublicKey = ""
@@ -42,41 +45,69 @@ func PackageMQTTMessage(configuration *Configuration, msg Message) ([]byte, erro
 		// Pload to base64
 		data, err := json.Marshal(pload)
 		if err != nil {
-			log.Log.Error("failed to marshal payload: " + err.Error())
+			log.Log.Error("models.mqtt.PackageMQTTMessage(): failed to marshal payload: " + err.Error())
 		}

 		// Encrypt the value
 		privateKey := configuration.Config.Encryption.PrivateKey
 		r := strings.NewReader(privateKey)
-		pemBytes, _ := ioutil.ReadAll(r)
+		pemBytes, _ := io.ReadAll(r)
 		block, _ := pem.Decode(pemBytes)
 		if block == nil {
-			log.Log.Error("MQTTListenerHandler: error decoding PEM block containing private key")
+			log.Log.Error("models.mqtt.PackageMQTTMessage(): error decoding PEM block containing private key")
 		} else {
 			// Parse private key
 			b := block.Bytes
 			key, err := x509.ParsePKCS8PrivateKey(b)
 			if err != nil {
-				log.Log.Error("MQTTListenerHandler: error parsing private key: " + err.Error())
+				log.Log.Error("models.mqtt.PackageMQTTMessage(): error parsing private key: " + err.Error())
 			}

 			// Conver key to *rsa.PrivateKey
 			rsaKey, _ := key.(*rsa.PrivateKey)

 			// Create a 16bit key random
-			k := configuration.Config.Encryption.SymmetricKey
+			if config.Encryption != nil && config.Encryption.SymmetricKey != "" {
+				k := config.Encryption.SymmetricKey
+				encryptedValue, err := encryption.AesEncrypt(data, k)
+				if err == nil {
+
+					data := base64.StdEncoding.EncodeToString(encryptedValue)
+					// Sign the encrypted value
+					signature, err := encryption.SignWithPrivateKey([]byte(data), rsaKey)
+					if err == nil {
+						base64Signature := base64.StdEncoding.EncodeToString(signature)
+						msg.Payload.EncryptedValue = data
+						msg.Payload.Signature = base64Signature
+						msg.Payload.Value = make(map[string]interface{})
+					}
+				}
+			}
+		}
+	}
+
+	// We'll hide the message (by default in latest version)
+	// We will encrypt using the Kerberos Hub private key if set.
+	msg.Hidden = false
+	if config.HubEncryption == "true" && config.HubPrivateKey != "" {
+		msg.Hidden = true
+	}
+
+	if msg.Hidden {
+		pload := msg.Payload
+		// Pload to base64
+		data, err := json.Marshal(pload)
+		if err != nil {
+			msg.Hidden = false
+		} else {
+			k := config.HubPrivateKey
 			encryptedValue, err := encryption.AesEncrypt(data, k)
 			if err == nil {
-
 				data := base64.StdEncoding.EncodeToString(encryptedValue)
-				// Sign the encrypted value
-				signature, err := encryption.SignWithPrivateKey([]byte(data), rsaKey)
-				if err == nil {
-					base64Signature := base64.StdEncoding.EncodeToString(signature)
-					msg.Payload.EncryptedValue = data
-					msg.Payload.Signature = base64Signature
-					msg.Payload.Value = make(map[string]interface{})
-				}
+				msg.Payload.HiddenValue = data
+				msg.Payload.EncryptedValue = ""
+				msg.Payload.Signature = ""
+				msg.Payload.Value = make(map[string]interface{})
 			}
 		}
 	}
@@ -92,6 +123,7 @@ type Message struct {
 	DeviceId    string  `json:"device_id"`
 	Timestamp   int64   `json:"timestamp"`
 	Encrypted   bool    `json:"encrypted"`
+	Hidden      bool    `json:"hidden"`
 	PublicKey   string  `json:"public_key"`
 	Fingerprint string  `json:"fingerprint"`
 	Payload     Payload `json:"payload"`
@@ -104,6 +136,7 @@ type Payload struct {
 	DeviceId       string                 `json:"device_id"`
 	Signature      string                 `json:"signature"`
 	EncryptedValue string                 `json:"encrypted_value"`
+	HiddenValue    string                 `json:"hidden_value"`
 	Value          map[string]interface{} `json:"value"`
 }

@@ -159,3 +192,9 @@ type NavigatePTZPayload struct {
 	DeviceId  string `json:"device_id"` // device id
 	Action    string `json:"action"`    // action
 }
+
+type TriggerRelay struct {
+	Timestamp int64  `json:"timestamp"` // timestamp
+	DeviceId  string `json:"device_id"` // device id
+	Token     string `json:"token"`     // token
+}
--- a/machinery/src/models/api_response.go
+++ b/machinery/src/models/api_response.go
--- a/machinery/src/models/motion_data.go
+++ b/machinery/src/models/motion_data.go
--- a/machinery/src/models/output.go
+++ b/machinery/src/models/output.go
@@ -0,0 +1,15 @@
+package models
+
+import "time"
+
+// The OutputMessage contains the relevant information
+// to specify the type of triggers we want to execute.
+type OutputMessage struct {
+	Name      string
+	Outputs   []string
+	Trigger   string
+	Timestamp time.Time
+	File      string
+	CameraId  string
+	SiteId    string
+}
--- a/machinery/src/onvif/main.go
+++ b/machinery/src/onvif/main.go
--- a/machinery/src/outputs/main.go
+++ b/machinery/src/outputs/main.go
@@ -0,0 +1,59 @@
+package outputs
+
+import (
+	"github.com/kerberos-io/agent/machinery/src/log"
+	"github.com/kerberos-io/agent/machinery/src/models"
+)
+
+type Output interface {
+	// Triggers the integration
+	Trigger(message models.OutputMessage) error
+}
+
+func Execute(message *models.OutputMessage) (err error) {
+	err = nil
+
+	outputs := message.Outputs
+	for _, output := range outputs {
+		switch output {
+		case "slack":
+			slack := &SlackOutput{}
+			err := slack.Trigger(message)
+			if err == nil {
+				log.Log.Debug("outputs.main.Execute(slack): message was processed by output.")
+			} else {
+				log.Log.Error("outputs.main.Execute(slack): " + err.Error())
+			}
+			break
+		case "webhook":
+			webhook := &WebhookOutput{}
+			err := webhook.Trigger(message)
+			if err == nil {
+				log.Log.Debug("outputs.main.Execute(webhook): message was processed by output.")
+			} else {
+				log.Log.Error("outputs.main.Execute(webhook): " + err.Error())
+			}
+			break
+		case "onvif_relay":
+			onvif := &OnvifRelayOutput{}
+			err := onvif.Trigger(message)
+			if err == nil {
+				log.Log.Debug("outputs.main.Execute(onvif): message was processed by output.")
+			} else {
+				log.Log.Error("outputs.main.Execute(onvif): " + err.Error())
+			}
+			break
+		case "script":
+			script := &ScriptOutput{}
+			err := script.Trigger(message)
+			if err == nil {
+				log.Log.Debug("outputs.main.Execute(script): message was processed by output.")
+			} else {
+				log.Log.Error("outputs.main.Execute(script): " + err.Error())
+			}
+			break
+		}
+	}
+
+	return err
+}
--- a/machinery/src/outputs/onvif_relay.go
+++ b/machinery/src/outputs/onvif_relay.go
@@ -0,0 +1,12 @@
+package outputs
+
+import "github.com/kerberos-io/agent/machinery/src/models"
+
+type OnvifRelayOutput struct {
+	Output
+}
+
+func (o *OnvifRelayOutput) Trigger(message *models.OutputMessage) (err error) {
+	err = nil
+	return err
+}
--- a/machinery/src/outputs/script.go
+++ b/machinery/src/outputs/script.go
@@ -0,0 +1,12 @@
+package outputs
+
+import "github.com/kerberos-io/agent/machinery/src/models"
+
+type ScriptOutput struct {
+	Output
+}
+
+func (scr *ScriptOutput) Trigger(message *models.OutputMessage) (err error) {
+	err = nil
+	return err
+}
--- a/machinery/src/outputs/slack.go
+++ b/machinery/src/outputs/slack.go
@@ -0,0 +1,12 @@
+package outputs
+
+import "github.com/kerberos-io/agent/machinery/src/models"
+
+type SlackOutput struct {
+	Output
+}
+
+func (s *SlackOutput) Trigger(message *models.OutputMessage) (err error) {
+	err = nil
+	return err
+}
--- a/machinery/src/outputs/webhook.go
+++ b/machinery/src/outputs/webhook.go
@@ -0,0 +1,12 @@
+package outputs
+
+import "github.com/kerberos-io/agent/machinery/src/models"
+
+type WebhookOutput struct {
+	Output
+}
+
+func (w *WebhookOutput) Trigger(message *models.OutputMessage) (err error) {
+	err = nil
+	return err
+}
--- a/machinery/src/packets/buf.go
+++ b/machinery/src/packets/buf.go
@@ -0,0 +1,69 @@
+package packets
+
+type Buf struct {
+	Head, Tail BufPos
+	pkts       []Packet
+	Size       int
+	Count      int
+}
+
+func NewBuf() *Buf {
+	return &Buf{
+		pkts: make([]Packet, 64),
+	}
+}
+
+func (self *Buf) Pop() Packet {
+	if self.Count == 0 {
+		panic("pktque.Buf: Pop() when count == 0")
+	}
+
+	i := int(self.Head) & (len(self.pkts) - 1)
+	pkt := self.pkts[i]
+	self.pkts[i] = Packet{}
+	self.Size -= len(pkt.Data)
+	self.Head++
+	self.Count--
+
+	return pkt
+}
+
+func (self *Buf) grow() {
+	newpkts := make([]Packet, len(self.pkts)*2)
+	for i := self.Head; i.LT(self.Tail); i++ {
+		newpkts[int(i)&(len(newpkts)-1)] = self.pkts[int(i)&(len(self.pkts)-1)]
+	}
+	self.pkts = newpkts
+}
+
+func (self *Buf) Push(pkt Packet) {
+	if self.Count == len(self.pkts) {
+		self.grow()
+	}
+	self.pkts[int(self.Tail)&(len(self.pkts)-1)] = pkt
+	self.Tail++
+	self.Count++
+	self.Size += len(pkt.Data)
+}
+
+func (self *Buf) Get(pos BufPos) Packet {
+	return self.pkts[int(pos)&(len(self.pkts)-1)]
+}
+
+func (self *Buf) IsValidPos(pos BufPos) bool {
+	return pos.GE(self.Head) && pos.LT(self.Tail)
+}
+
+type BufPos int
+
+func (self BufPos) LT(pos BufPos) bool {
+	return self-pos < 0
+}
+
+func (self BufPos) GE(pos BufPos) bool {
+	return self-pos >= 0
+}
+
+func (self BufPos) GT(pos BufPos) bool {
+	return self-pos > 0
+}
--- a/machinery/src/packets/packet.go
+++ b/machinery/src/packets/packet.go
@@ -0,0 +1,21 @@
+package packets
+
+import (
+	"time"
+
+	"github.com/pion/rtp"
+)
+
+// Packet represents an RTP Packet
+type Packet struct {
+	Packet          *rtp.Packet
+	IsAudio         bool   // packet is audio
+	IsVideo         bool   // packet is video
+	IsKeyFrame      bool   // video packet is key frame
+	Idx             int8   // stream index in container format
+	Codec           string // codec name
+	CompositionTime int64  // packet presentation time minus decode time for H264 B-Frame
+	Time            int64  // packet decode time
+	TimeLegacy      time.Duration
+	Data            []byte // packet data
+}
--- a/machinery/src/packets/queue.go
+++ b/machinery/src/packets/queue.go
@@ -0,0 +1,224 @@
+// Packege pubsub implements publisher-subscribers model used in multi-channel streaming.
+package packets
+
+import (
+	"io"
+	"sync"
+)
+
+//        time
+// ----------------->
+//
+// V-A-V-V-A-V-V-A-V-V
+// |                 |
+// 0        5        10
+// head             tail
+// oldest          latest
+//
+
+// One publisher and multiple subscribers thread-safe packet buffer queue.
+type Queue struct {
+	buf                      *Buf
+	head, tail               int
+	lock                     *sync.RWMutex
+	cond                     *sync.Cond
+	curgopcount, maxgopcount int
+	streams                  []Stream
+	videoidx                 int
+	closed                   bool
+}
+
+func NewQueue() *Queue {
+	q := &Queue{}
+	q.buf = NewBuf()
+	q.maxgopcount = 2
+	q.lock = &sync.RWMutex{}
+	q.cond = sync.NewCond(q.lock.RLocker())
+	q.videoidx = -1
+	return q
+}
+
+func (self *Queue) SetMaxGopCount(n int) {
+	self.lock.Lock()
+	self.maxgopcount = n
+	self.lock.Unlock()
+	return
+}
+
+func (self *Queue) WriteHeader(streams []Stream) error {
+	self.lock.Lock()
+
+	self.streams = streams
+	for i, stream := range streams {
+		if stream.IsVideo {
+			self.videoidx = i
+		}
+	}
+	self.cond.Broadcast()
+
+	self.lock.Unlock()
+
+	return nil
+}
+
+func (self *Queue) WriteTrailer() error {
+	return nil
+}
+
+// After Close() called, all QueueCursor's ReadPacket will return io.EOF.
+func (self *Queue) Close() (err error) {
+	self.lock.Lock()
+
+	self.closed = true
+	self.cond.Broadcast()
+
+	// Close all QueueCursor's ReadPacket
+	for i := 0; i < self.buf.Size; i++ {
+		pkt := self.buf.Pop()
+		pkt.Data = nil
+	}
+
+	self.lock.Unlock()
+	return
+}
+
+func (self *Queue) GetSize() int {
+	return self.buf.Count
+}
+
+// Put packet into buffer, old packets will be discared.
+func (self *Queue) WritePacket(pkt Packet) (err error) {
+	self.lock.Lock()
+
+	self.buf.Push(pkt)
+	if pkt.Idx == int8(self.videoidx) && pkt.IsKeyFrame {
+		self.curgopcount++
+	}
+
+	for self.curgopcount >= self.maxgopcount && self.buf.Count > 1 {
+		pkt := self.buf.Pop()
+		if pkt.Idx == int8(self.videoidx) && pkt.IsKeyFrame {
+			self.curgopcount--
+		}
+		if self.curgopcount < self.maxgopcount {
+			break
+		}
+	}
+	//println("shrink", self.curgopcount, self.maxgopcount, self.buf.Head, self.buf.Tail, "count", self.buf.Count, "size", self.buf.Size)
+
+	self.cond.Broadcast()
+
+	self.lock.Unlock()
+	return
+}
+
+type QueueCursor struct {
+	que    *Queue
+	pos    BufPos
+	gotpos bool
+	init   func(buf *Buf, videoidx int) BufPos
+}
+
+func (self *Queue) newCursor() *QueueCursor {
+	return &QueueCursor{
+		que: self,
+	}
+}
+
+// Create cursor position at latest packet.
+func (self *Queue) Latest() *QueueCursor {
+	cursor := self.newCursor()
+	cursor.init = func(buf *Buf, videoidx int) BufPos {
+		return buf.Tail
+	}
+	return cursor
+}
+
+// Create cursor position at oldest buffered packet.
+func (self *Queue) Oldest() *QueueCursor {
+	cursor := self.newCursor()
+	cursor.init = func(buf *Buf, videoidx int) BufPos {
+		return buf.Head
+	}
+	return cursor
+}
+
+// Create cursor position at specific time in buffered packets.
+func (self *Queue) DelayedTime(dur int64) *QueueCursor {
+	cursor := self.newCursor()
+	cursor.init = func(buf *Buf, videoidx int) BufPos {
+		i := buf.Tail - 1
+		if buf.IsValidPos(i) {
+			end := buf.Get(i)
+			for buf.IsValidPos(i) {
+				if end.Time-buf.Get(i).Time > dur {
+					break
+				}
+				i--
+			}
+		}
+		return i
+	}
+	return cursor
+}
+
+// Create cursor position at specific delayed GOP count in buffered packets.
+func (self *Queue) DelayedGopCount(n int) *QueueCursor {
+	cursor := self.newCursor()
+	cursor.init = func(buf *Buf, videoidx int) BufPos {
+		i := buf.Tail - 1
+		if videoidx != -1 {
+			for gop := 0; buf.IsValidPos(i) && gop < n; i-- {
+				pkt := buf.Get(i)
+				if pkt.Idx == int8(self.videoidx) && pkt.IsKeyFrame {
+					gop++
+				}
+			}
+		}
+		return i
+	}
+	return cursor
+}
+
+func (self *QueueCursor) Streams() (streams []Stream, err error) {
+	self.que.cond.L.Lock()
+	for self.que.streams == nil && !self.que.closed {
+		self.que.cond.Wait()
+	}
+	if self.que.streams != nil {
+		streams = self.que.streams
+	} else {
+		err = io.EOF
+	}
+	self.que.cond.L.Unlock()
+	return
+}
+
+// ReadPacket will not consume packets in Queue, it's just a cursor.
+func (self *QueueCursor) ReadPacket() (pkt Packet, err error) {
+	self.que.cond.L.Lock()
+	buf := self.que.buf
+	if !self.gotpos {
+		self.pos = self.init(buf, self.que.videoidx)
+		self.gotpos = true
+	}
+	for {
+		if self.pos.LT(buf.Head) {
+			self.pos = buf.Head
+		} else if self.pos.GT(buf.Tail) {
+			self.pos = buf.Tail
+		}
+		if buf.IsValidPos(self.pos) {
+			pkt = buf.Get(self.pos)
+			self.pos++
+			break
+		}
+		if self.que.closed {
+			err = io.EOF
+			break
+		}
+		self.que.cond.Wait()
+	}
+	self.que.cond.L.Unlock()
+	return
+}
--- a/machinery/src/packets/stream.go
+++ b/machinery/src/packets/stream.go
@@ -0,0 +1,42 @@
+package packets
+
+type Stream struct {
+	// The name of the stream.
+	Name string
+
+	// The URL of the stream.
+	URL string
+
+	// Is the stream a video stream.
+	IsVideo bool
+
+	// Is the stream a audio stream.
+	IsAudio bool
+
+	// The width of the stream.
+	Width int
+
+	// The height of the stream.
+	Height int
+
+	// Num is the numerator of the framerate.
+	Num int
+
+	// Denum is the denominator of the framerate.
+	Denum int
+
+	// FPS is the framerate of the stream.
+	FPS float64
+
+	// For H264, this is the sps.
+	SPS []byte
+
+	// For H264, this is the pps.
+	PPS []byte
+
+	// For H265, this is the vps.
+	VPS []byte
+
+	// IsBackChannel is true if this stream is a back channel.
+	IsBackChannel bool
+}
--- a/machinery/src/packets/timeline.go
+++ b/machinery/src/packets/timeline.go
@@ -0,0 +1,60 @@
+package packets
+
+import (
+	"time"
+)
+
+/*
+pop                                   push
+
+     seg                 seg        seg
+  |--------|         |---------|   |---|
+     20ms                40ms       5ms
+----------------- time -------------------->
+headtm                               tailtm
+*/
+
+type tlSeg struct {
+	tm, dur time.Duration
+}
+
+type Timeline struct {
+	segs   []tlSeg
+	headtm time.Duration
+}
+
+func (self *Timeline) Push(tm time.Duration, dur time.Duration) {
+	if len(self.segs) > 0 {
+		tail := self.segs[len(self.segs)-1]
+		diff := tm - (tail.tm + tail.dur)
+		if diff < 0 {
+			tm -= diff
+		}
+	}
+	self.segs = append(self.segs, tlSeg{tm, dur})
+}
+
+func (self *Timeline) Pop(dur time.Duration) (tm time.Duration) {
+	if len(self.segs) == 0 {
+		return self.headtm
+	}
+
+	tm = self.segs[0].tm
+	for dur > 0 && len(self.segs) > 0 {
+		seg := &self.segs[0]
+		sub := dur
+		if seg.dur < sub {
+			sub = seg.dur
+		}
+		seg.dur -= sub
+		dur -= sub
+		seg.tm += sub
+		self.headtm += sub
+		if seg.dur == 0 {
+			copy(self.segs[0:], self.segs[1:])
+			self.segs = self.segs[:len(self.segs)-1]
+		}
+	}
+
+	return
+}
--- a/machinery/src/routers/http/Routes.go
+++ b/machinery/src/routers/http/Routes.go
@@ -1,243 +0,0 @@
-package http
-
-import (
-	"image"
-	"time"
-
-	jwt "github.com/appleboy/gin-jwt/v2"
-	"github.com/gin-gonic/gin"
-	"github.com/kerberos-io/agent/machinery/src/capture"
-	"github.com/kerberos-io/agent/machinery/src/onvif"
-	"github.com/kerberos-io/agent/machinery/src/routers/websocket"
-
-	"github.com/kerberos-io/agent/machinery/src/cloud"
-	"github.com/kerberos-io/agent/machinery/src/components"
-	configService "github.com/kerberos-io/agent/machinery/src/config"
-	"github.com/kerberos-io/agent/machinery/src/log"
-	"github.com/kerberos-io/agent/machinery/src/models"
-	"github.com/kerberos-io/agent/machinery/src/utils"
-)
-
-func AddRoutes(r *gin.Engine, authMiddleware *jwt.GinJWTMiddleware, configDirectory string, configuration *models.Configuration, communication *models.Communication) *gin.RouterGroup {
-
-	r.GET("/ws", func(c *gin.Context) {
-		websocket.WebsocketHandler(c, communication)
-	})
-
-	// This is legacy should be removed in future! Now everything
-	// lives under the /api prefix.
-	r.GET("/config", func(c *gin.Context) {
-		c.JSON(200, gin.H{
-			"config":   configuration.Config,
-			"custom":   configuration.CustomConfig,
-			"global":   configuration.GlobalConfig,
-			"snapshot": communication.Image,
-		})
-	})
-
-	// This is legacy should be removed in future! Now everything
-	// lives under the /api prefix.
-	r.POST("/config", func(c *gin.Context) {
-		var config models.Config
-		err := c.BindJSON(&config)
-		if err == nil {
-			err := configService.SaveConfig(configDirectory, config, configuration, communication)
-			if err == nil {
-				c.JSON(200, gin.H{
-					"data": "☄ Reconfiguring",
-				})
-			} else {
-				c.JSON(400, gin.H{
-					"data": "Something went wrong: " + err.Error(),
-				})
-			}
-		} else {
-			c.JSON(400, gin.H{
-				"data": "Something went wrong: " + err.Error(),
-			})
-		}
-	})
-
-	api := r.Group("/api")
-	{
-		api.POST("/login", authMiddleware.LoginHandler)
-
-		api.GET("/dashboard", func(c *gin.Context) {
-
-			// Check if camera is online.
-			cameraIsOnline := communication.CameraConnected
-
-			// If an agent is properly setup with Kerberos Hub, we will send
-			// a ping to Kerberos Hub every 15seconds. On receiving a positive response
-			// it will update the CloudTimestamp value.
-			cloudIsOnline := false
-			if communication.CloudTimestamp != nil && communication.CloudTimestamp.Load() != nil {
-				timestamp := communication.CloudTimestamp.Load().(int64)
-				if timestamp > 0 {
-					cloudIsOnline = true
-				}
-			}
-
-			// The total number of recordings stored in the directory.
-			recordingDirectory := configDirectory + "/data/recordings"
-			numberOfRecordings := utils.NumberOfMP4sInDirectory(recordingDirectory)
-
-			// All days stored in this agent.
-			days := []string{}
-			latestEvents := []models.Media{}
-			files, err := utils.ReadDirectory(recordingDirectory)
-			if err == nil {
-				events := utils.GetSortedDirectory(files)
-
-				// Get All days
-				days = utils.GetDays(events, recordingDirectory, configuration)
-
-				// Get all latest events
-				var eventFilter models.EventFilter
-				eventFilter.NumberOfElements = 5
-				latestEvents = utils.GetMediaFormatted(events, recordingDirectory, configuration, eventFilter) // will get 5 latest recordings.
-			}
-
-			c.JSON(200, gin.H{
-				"offlineMode":        configuration.Config.Offline,
-				"cameraOnline":       cameraIsOnline,
-				"cloudOnline":        cloudIsOnline,
-				"numberOfRecordings": numberOfRecordings,
-				"days":               days,
-				"latestEvents":       latestEvents,
-			})
-		})
-
-		api.POST("/latest-events", func(c *gin.Context) {
-			var eventFilter models.EventFilter
-			err := c.BindJSON(&eventFilter)
-			if err == nil {
-				// Default to 10 if no limit is set.
-				if eventFilter.NumberOfElements == 0 {
-					eventFilter.NumberOfElements = 10
-				}
-				recordingDirectory := configDirectory + "/data/recordings"
-				files, err := utils.ReadDirectory(recordingDirectory)
-				if err == nil {
-					events := utils.GetSortedDirectory(files)
-					// We will get all recordings from the directory (as defined by the filter).
-					fileObjects := utils.GetMediaFormatted(events, recordingDirectory, configuration, eventFilter)
-					c.JSON(200, gin.H{
-						"events": fileObjects,
-					})
-				} else {
-					c.JSON(400, gin.H{
-						"data": "Something went wrong: " + err.Error(),
-					})
-				}
-			} else {
-				c.JSON(400, gin.H{
-					"data": "Something went wrong: " + err.Error(),
-				})
-			}
-		})
-
-		api.GET("/days", func(c *gin.Context) {
-			recordingDirectory := configDirectory + "/data/recordings"
-			files, err := utils.ReadDirectory(recordingDirectory)
-			if err == nil {
-				events := utils.GetSortedDirectory(files)
-				days := utils.GetDays(events, recordingDirectory, configuration)
-				c.JSON(200, gin.H{
-					"events": days,
-				})
-			} else {
-				c.JSON(400, gin.H{
-					"data": "Something went wrong: " + err.Error(),
-				})
-			}
-		})
-
-		api.GET("/config", func(c *gin.Context) {
-			c.JSON(200, gin.H{
-				"config":   configuration.Config,
-				"custom":   configuration.CustomConfig,
-				"global":   configuration.GlobalConfig,
-				"snapshot": communication.Image,
-			})
-		})
-
-		api.POST("/config", func(c *gin.Context) {
-			var config models.Config
-			err := c.BindJSON(&config)
-			if err == nil {
-				err := configService.SaveConfig(configDirectory, config, configuration, communication)
-				if err == nil {
-					c.JSON(200, gin.H{
-						"data": "☄ Reconfiguring",
-					})
-				} else {
-					c.JSON(200, gin.H{
-						"data": "☄ Reconfiguring",
-					})
-				}
-			} else {
-				c.JSON(400, gin.H{
-					"data": "Something went wrong: " + err.Error(),
-				})
-			}
-		})
-
-		api.GET("/restart", func(c *gin.Context) {
-			communication.HandleBootstrap <- "restart"
-			c.JSON(200, gin.H{
-				"restarted": true,
-			})
-		})
-
-		api.GET("/stop", func(c *gin.Context) {
-			communication.HandleBootstrap <- "stop"
-			c.JSON(200, gin.H{
-				"stopped": true,
-			})
-		})
-
-		api.POST("/onvif/verify", func(c *gin.Context) {
-			onvif.VerifyOnvifConnection(c)
-		})
-
-		api.POST("/hub/verify", func(c *gin.Context) {
-			cloud.VerifyHub(c)
-		})
-
-		api.POST("/persistence/verify", func(c *gin.Context) {
-			cloud.VerifyPersistence(c, configDirectory)
-		})
-
-		// Streaming handler
-		api.GET("/stream", func(c *gin.Context) {
-			// TODO add a token validation!
-			imageFunction := func() (image.Image, error) {
-				// We will only send an image once per second.
-				time.Sleep(time.Second * 1)
-				log.Log.Info("AddRoutes (/stream): reading from MJPEG stream")
-				img, err := configService.GetImageFromFilePath(configDirectory)
-				return img, err
-			}
-			h := components.StartMotionJPEG(imageFunction, 80)
-			h.ServeHTTP(c.Writer, c.Request)
-		})
-
-		// Camera specific methods. Doesn't require any authorization.
-		// These are available for anyone, but require the agent, to reach
-		// the camera.
-		api.POST("/camera/onvif/login", LoginToOnvif)
-		api.POST("/camera/onvif/capabilities", GetOnvifCapabilities)
-		api.POST("/camera/onvif/presets", GetOnvifPresets)
-		api.POST("/camera/onvif/gotopreset", GoToOnvifPreset)
-		api.POST("/camera/onvif/pantilt", DoOnvifPanTilt)
-		api.POST("/camera/onvif/zoom", DoOnvifZoom)
-		api.POST("/camera/verify/:streamType", capture.VerifyCamera)
-
-		// Secured endpoints..
-		api.Use(authMiddleware.MiddlewareFunc())
-		{
-		}
-	}
-	return api
-}
--- a/machinery/src/routers/http/Server.go
+++ b/machinery/src/routers/http/Server.go
@@ -14,6 +14,7 @@ import (
 	"log"

 	_ "github.com/kerberos-io/agent/machinery/docs"
+	"github.com/kerberos-io/agent/machinery/src/capture"
 	"github.com/kerberos-io/agent/machinery/src/encryption"
 	"github.com/kerberos-io/agent/machinery/src/models"
 	swaggerFiles "github.com/swaggo/files"
@@ -38,12 +39,15 @@ import (
 // @in header
 // @name Authorization

-func StartServer(configDirectory string, configuration *models.Configuration, communication *models.Communication) {
+func StartServer(configDirectory string, configuration *models.Configuration, communication *models.Communication, captureDevice *capture.Capture) {
+
+	// Set release mode
+	gin.SetMode(gin.ReleaseMode)

 	// Initialize REST API
 	r := gin.Default()

-	// Profileerggerg
+	// Profiler
 	pprof.Register(r)

 	// Setup CORS
@@ -60,7 +64,7 @@ func StartServer(configDirectory string, configuration *models.Configuration, co
 	}

 	// Add all routes
-	AddRoutes(r, authMiddleware, configDirectory, configuration, communication)
+	AddRoutes(r, authMiddleware, configDirectory, configuration, communication, captureDevice)

 	// Update environment variables
 	environmentVariables := configDirectory + "/www/env.js"
@@ -105,8 +109,9 @@ func Files(c *gin.Context, configDirectory string, configuration *models.Configu

 		// Get symmetric key
 		symmetricKey := configuration.Config.Encryption.SymmetricKey
+		encryptedRecordings := configuration.Config.Encryption.Recordings
 		// Decrypt file
-		if symmetricKey != "" {
+		if encryptedRecordings == "true" && symmetricKey != "" {

 			// Read file
 			if err != nil {
--- a/machinery/src/routers/http/jwt_middleware.go
+++ b/machinery/src/routers/http/jwt_middleware.go
--- a/machinery/src/routers/http/methods.go
+++ b/machinery/src/routers/http/methods.go
@@ -2,6 +2,7 @@ package http

 import (
 	"github.com/gin-gonic/gin"
+	"github.com/kerberos-io/agent/machinery/src/log"
 	"github.com/kerberos-io/agent/machinery/src/models"
 	"github.com/kerberos-io/agent/machinery/src/onvif"
 )
@@ -19,7 +20,7 @@ func Login() {}
 // LoginToOnvif godoc
 // @Router /api/camera/onvif/login [post]
 // @ID camera-onvif-login
-// @Tags camera
+// @Tags onvif
 // @Param config body models.OnvifCredentials true "OnvifCredentials"
 // @Summary Try to login into ONVIF supported camera.
 // @Description Try to login into ONVIF supported camera.
@@ -43,11 +44,21 @@ func LoginToOnvif(c *gin.Context) {
 		}

 		cameraConfiguration := configuration.Config.Capture.IPCamera
-		device, err := onvif.ConnectToOnvifDevice(&cameraConfiguration)
+		device, capabilities, err := onvif.ConnectToOnvifDevice(&cameraConfiguration)
 		if err == nil {
-			c.JSON(200, gin.H{
-				"device": device,
-			})
+			// Get token from the first profile
+			token, err := onvif.GetTokenFromProfile(device, 0)
+			if err == nil {
+				c.JSON(200, gin.H{
+					"device":       device,
+					"capabilities": capabilities,
+					"token":        token,
+				})
+			} else {
+				c.JSON(400, gin.H{
+					"data": "Something went wrong: " + err.Error(),
+				})
+			}
 		} else {
 			c.JSON(400, gin.H{
 				"data": "Something went wrong: " + err.Error(),
@@ -63,7 +74,7 @@ func LoginToOnvif(c *gin.Context) {
 // GetOnvifCapabilities godoc
 // @Router /api/camera/onvif/capabilities [post]
 // @ID camera-onvif-capabilities
-// @Tags camera
+// @Tags onvif
 // @Param config body models.OnvifCredentials true "OnvifCredentials"
 // @Summary Will return the ONVIF capabilities for the specific camera.
 // @Description Will return the ONVIF capabilities for the specific camera.
@@ -87,10 +98,10 @@ func GetOnvifCapabilities(c *gin.Context) {
 		}

 		cameraConfiguration := configuration.Config.Capture.IPCamera
-		device, err := onvif.ConnectToOnvifDevice(&cameraConfiguration)
+		_, capabilities, err := onvif.ConnectToOnvifDevice(&cameraConfiguration)
 		if err == nil {
 			c.JSON(200, gin.H{
-				"capabilities": onvif.GetCapabilitiesFromDevice(device),
+				"capabilities": capabilities,
 			})
 		} else {
 			c.JSON(400, gin.H{
@@ -107,7 +118,7 @@ func GetOnvifCapabilities(c *gin.Context) {
 // DoOnvifPanTilt godoc
 // @Router /api/camera/onvif/pantilt [post]
 // @ID camera-onvif-pantilt
-// @Tags camera
+// @Tags onvif
 // @Param panTilt body models.OnvifPanTilt true "OnvifPanTilt"
 // @Summary Panning or/and tilting the camera.
 // @Description Panning or/and tilting the camera using a direction (x,y).
@@ -131,7 +142,7 @@ func DoOnvifPanTilt(c *gin.Context) {
 		}

 		cameraConfiguration := configuration.Config.Capture.IPCamera
-		device, err := onvif.ConnectToOnvifDevice(&cameraConfiguration)
+		device, _, err := onvif.ConnectToOnvifDevice(&cameraConfiguration)

 		if err == nil {
 			// Get token from the first profile
@@ -181,7 +192,7 @@ func DoOnvifPanTilt(c *gin.Context) {
 // DoOnvifZoom godoc
 // @Router /api/camera/onvif/zoom [post]
 // @ID camera-onvif-zoom
-// @Tags camera
+// @Tags onvif
 // @Param zoom body models.OnvifZoom true "OnvifZoom"
 // @Summary Zooming in or out the camera.
 // @Description Zooming in or out the camera.
@@ -205,7 +216,7 @@ func DoOnvifZoom(c *gin.Context) {
 		}

 		cameraConfiguration := configuration.Config.Capture.IPCamera
-		device, err := onvif.ConnectToOnvifDevice(&cameraConfiguration)
+		device, _, err := onvif.ConnectToOnvifDevice(&cameraConfiguration)

 		if err == nil {
 			// Get token from the first profile
@@ -254,7 +265,7 @@ func DoOnvifZoom(c *gin.Context) {
 // GetOnvifPresets godoc
 // @Router /api/camera/onvif/presets [post]
 // @ID camera-onvif-presets
-// @Tags camera
+// @Tags onvif
 // @Param config body models.OnvifCredentials true "OnvifCredentials"
 // @Summary Will return the ONVIF presets for the specific camera.
 // @Description Will return the ONVIF presets for the specific camera.
@@ -278,7 +289,7 @@ func GetOnvifPresets(c *gin.Context) {
 		}

 		cameraConfiguration := configuration.Config.Capture.IPCamera
-		device, err := onvif.ConnectToOnvifDevice(&cameraConfiguration)
+		device, _, err := onvif.ConnectToOnvifDevice(&cameraConfiguration)
 		if err == nil {
 			presets, err := onvif.GetPresetsFromDevice(device)
 			if err == nil {
@@ -305,7 +316,7 @@ func GetOnvifPresets(c *gin.Context) {
 // GoToOnvifPReset godoc
 // @Router /api/camera/onvif/gotopreset [post]
 // @ID camera-onvif-gotopreset
-// @Tags camera
+// @Tags onvif
 // @Param config body models.OnvifPreset true "OnvifPreset"
 // @Summary Will activate the desired ONVIF preset.
 // @Description Will activate the desired ONVIF preset.
@@ -329,7 +340,7 @@ func GoToOnvifPreset(c *gin.Context) {
 		}

 		cameraConfiguration := configuration.Config.Capture.IPCamera
-		device, err := onvif.ConnectToOnvifDevice(&cameraConfiguration)
+		device, _, err := onvif.ConnectToOnvifDevice(&cameraConfiguration)
 		if err == nil {
 			err := onvif.GoToPresetFromDevice(device, onvifPreset.Preset)
 			if err == nil {
@@ -352,3 +363,228 @@ func GoToOnvifPreset(c *gin.Context) {
 		})
 	}
 }
+
+// DoGetDigitalInputs godoc
+// @Router /api/camera/onvif/inputs [post]
+// @ID get-digital-inputs
+// @Security Bearer
+// @securityDefinitions.apikey Bearer
+// @in header
+// @name Authorization
+// @Tags onvif
+// @Param config body models.OnvifCredentials true "OnvifCredentials"
+// @Summary Will get the digital inputs from the ONVIF device.
+// @Description Will get the digital inputs from the ONVIF device.
+// @Success 200 {object} models.APIResponse
+func DoGetDigitalInputs(c *gin.Context) {
+	var onvifCredentials models.OnvifCredentials
+	err := c.BindJSON(&onvifCredentials)
+
+	if err == nil && onvifCredentials.ONVIFXAddr != "" {
+
+		configuration := &models.Configuration{
+			Config: models.Config{
+				Capture: models.Capture{
+					IPCamera: models.IPCamera{
+						ONVIFXAddr:    onvifCredentials.ONVIFXAddr,
+						ONVIFUsername: onvifCredentials.ONVIFUsername,
+						ONVIFPassword: onvifCredentials.ONVIFPassword,
+					},
+				},
+			},
+		}
+
+		cameraConfiguration := configuration.Config.Capture.IPCamera
+		device, _, err := onvif.ConnectToOnvifDevice(&cameraConfiguration)
+
+		onvifInputs, _ := onvif.GetDigitalInputs(device)
+		if err == nil {
+			// Get the digital inputs and outputs from the device
+			inputOutputs, err := onvif.GetInputOutputs()
+			if err == nil {
+				if err == nil {
+					// Get the digital outputs from the device
+					var inputs []onvif.ONVIFEvents
+					for _, event := range inputOutputs {
+						if event.Type == "input" {
+							inputs = append(inputs, event)
+						}
+					}
+					// Iterate over inputs from onvif and compare
+
+					for _, input := range onvifInputs.DigitalInputs {
+						find := false
+						for _, event := range inputs {
+							key := string(input.Token)
+							if key == event.Key {
+								find = true
+							}
+						}
+						if !find {
+							key := string(input.Token)
+							inputs = append(inputs, onvif.ONVIFEvents{
+								Key:  key,
+								Type: "input",
+							})
+						}
+					}
+					c.JSON(200, gin.H{
+						"data": inputs,
+					})
+				} else {
+					c.JSON(400, gin.H{
+						"data": "Something went wrong: " + err.Error(),
+					})
+				}
+			} else {
+				c.JSON(400, gin.H{
+					"data": "Something went wrong: " + err.Error(),
+				})
+			}
+		} else {
+			c.JSON(400, gin.H{
+				"data": "Something went wrong: " + err.Error(),
+			})
+		}
+	} else {
+		c.JSON(400, gin.H{
+			"data": "Something went wrong: " + err.Error(),
+		})
+	}
+}
+
+// DoGetRelayOutputs godoc
+// @Router /api/camera/onvif/outputs [post]
+// @ID get-relay-outputs
+// @Security Bearer
+// @securityDefinitions.apikey Bearer
+// @in header
+// @name Authorization
+// @Tags onvif
+// @Param config body models.OnvifCredentials true "OnvifCredentials"
+// @Summary Will get the relay outputs from the ONVIF device.
+// @Description Will get the relay outputs from the ONVIF device.
+// @Success 200 {object} models.APIResponse
+func DoGetRelayOutputs(c *gin.Context) {
+	var onvifCredentials models.OnvifCredentials
+	err := c.BindJSON(&onvifCredentials)
+
+	if err == nil && onvifCredentials.ONVIFXAddr != "" {
+
+		configuration := &models.Configuration{
+			Config: models.Config{
+				Capture: models.Capture{
+					IPCamera: models.IPCamera{
+						ONVIFXAddr:    onvifCredentials.ONVIFXAddr,
+						ONVIFUsername: onvifCredentials.ONVIFUsername,
+						ONVIFPassword: onvifCredentials.ONVIFPassword,
+					},
+				},
+			},
+		}
+
+		cameraConfiguration := configuration.Config.Capture.IPCamera
+		_, _, err := onvif.ConnectToOnvifDevice(&cameraConfiguration)
+		if err == nil {
+			// Get the digital inputs and outputs from the device
+			inputOutputs, err := onvif.GetInputOutputs()
+			if err == nil {
+				if err == nil {
+					// Get the digital outputs from the device
+					var outputs []onvif.ONVIFEvents
+					for _, event := range inputOutputs {
+						if event.Type == "output" {
+							outputs = append(outputs, event)
+						}
+					}
+					c.JSON(200, gin.H{
+						"data": outputs,
+					})
+				} else {
+					c.JSON(400, gin.H{
+						"data": "Something went wrong: " + err.Error(),
+					})
+				}
+			} else {
+				c.JSON(400, gin.H{
+					"data": "Something went wrong: " + err.Error(),
+				})
+			}
+		} else {
+			c.JSON(400, gin.H{
+				"data": "Something went wrong: " + err.Error(),
+			})
+		}
+	} else {
+		c.JSON(400, gin.H{
+			"data": "Something went wrong: " + err.Error(),
+		})
+	}
+}
+
+// DoTriggerRelayOutput godoc
+// @Router /api/camera/onvif/outputs/{output} [post]
+// @ID trigger-relay-output
+// @Security Bearer
+// @securityDefinitions.apikey Bearer
+// @in header
+// @name Authorization
+// @Tags onvif
+// @Param config body models.OnvifCredentials true "OnvifCredentials"
+// @Param output path string true "Output"
+// @Summary Will trigger the relay output from the ONVIF device.
+// @Description Will trigger the relay output from the ONVIF device.
+// @Success 200 {object} models.APIResponse
+func DoTriggerRelayOutput(c *gin.Context) {
+	var onvifCredentials models.OnvifCredentials
+	err := c.BindJSON(&onvifCredentials)
+
+	// Get the output from the url
+	output := c.Param("output")
+
+	if err == nil && onvifCredentials.ONVIFXAddr != "" && output != "" {
+
+		configuration := &models.Configuration{
+			Config: models.Config{
+				Capture: models.Capture{
+					IPCamera: models.IPCamera{
+						ONVIFXAddr:    onvifCredentials.ONVIFXAddr,
+						ONVIFUsername: onvifCredentials.ONVIFUsername,
+						ONVIFPassword: onvifCredentials.ONVIFPassword,
+					},
+				},
+			},
+		}
+
+		cameraConfiguration := configuration.Config.Capture.IPCamera
+		device, _, err := onvif.ConnectToOnvifDevice(&cameraConfiguration)
+		if err == nil {
+			err := onvif.TriggerRelayOutput(device, output)
+			if err == nil {
+				msg := "relay output triggered: " + output
+				log.Log.Info("routers.http.methods.DoTriggerRelayOutput(): " + msg)
+				c.JSON(200, gin.H{
+					"data": msg,
+				})
+			} else {
+				msg := "something went wrong: " + err.Error()
+				log.Log.Error("routers.http.methods.DoTriggerRelayOutput(): " + msg)
+				c.JSON(400, gin.H{
+					"data": msg,
+				})
+			}
+		} else {
+			msg := "something went wrong: " + err.Error()
+			log.Log.Error("routers.http.methods.DoTriggerRelayOutput(): " + msg)
+			c.JSON(400, gin.H{
+				"data": msg,
+			})
+		}
+	} else {
+		msg := "something went wrong: " + err.Error()
+		log.Log.Error("routers.http.methods.DoTriggerRelayOutput(): " + msg)
+		c.JSON(400, gin.H{
+			"data": msg,
+		})
+	}
+}
--- a/machinery/src/routers/http/routes.go
+++ b/machinery/src/routers/http/routes.go
@@ -0,0 +1,111 @@
+package http
+
+import (
+	jwt "github.com/appleboy/gin-jwt/v2"
+	"github.com/gin-gonic/gin"
+	"github.com/kerberos-io/agent/machinery/src/capture"
+	"github.com/kerberos-io/agent/machinery/src/components"
+	"github.com/kerberos-io/agent/machinery/src/onvif"
+	"github.com/kerberos-io/agent/machinery/src/routers/websocket"
+
+	"github.com/kerberos-io/agent/machinery/src/cloud"
+	"github.com/kerberos-io/agent/machinery/src/models"
+)
+
+func AddRoutes(r *gin.Engine, authMiddleware *jwt.GinJWTMiddleware, configDirectory string, configuration *models.Configuration, communication *models.Communication, captureDevice *capture.Capture) *gin.RouterGroup {
+
+	r.GET("/ws", func(c *gin.Context) {
+		websocket.WebsocketHandler(c, communication, captureDevice)
+	})
+
+	// This is legacy should be removed in future! Now everything
+	// lives under the /api prefix.
+	r.GET("/config", func(c *gin.Context) {
+		components.GetConfig(c, captureDevice, configuration, communication)
+	})
+
+	// This is legacy should be removed in future! Now everything
+	// lives under the /api prefix.
+	r.POST("/config", func(c *gin.Context) {
+		components.UpdateConfig(c, configDirectory, configuration, communication)
+	})
+
+	api := r.Group("/api")
+	{
+		api.POST("/login", authMiddleware.LoginHandler)
+
+		api.GET("/dashboard", func(c *gin.Context) {
+			components.GetDashboard(c, configDirectory, configuration, communication)
+		})
+
+		api.POST("/latest-events", func(c *gin.Context) {
+			components.GetLatestEvents(c, configDirectory, configuration, communication)
+		})
+
+		api.GET("/days", func(c *gin.Context) {
+			components.GetDays(c, configDirectory, configuration, communication)
+		})
+
+		api.GET("/config", func(c *gin.Context) {
+			components.GetConfig(c, captureDevice, configuration, communication)
+		})
+
+		api.POST("/config", func(c *gin.Context) {
+			components.UpdateConfig(c, configDirectory, configuration, communication)
+		})
+
+		// Will verify the current hub settings.
+		api.POST("/hub/verify", func(c *gin.Context) {
+			cloud.VerifyHub(c)
+		})
+
+		// Will verify the current persistence settings.
+		api.POST("/persistence/verify", func(c *gin.Context) {
+			cloud.VerifyPersistence(c, configDirectory)
+		})
+
+		// Camera specific methods. Doesn't require any authorization.
+		// These are available for anyone, but require the agent, to reach
+		// the camera.
+
+		api.POST("/camera/restart", func(c *gin.Context) {
+			components.RestartAgent(c, communication)
+		})
+
+		api.POST("/camera/stop", func(c *gin.Context) {
+			components.StopAgent(c, communication)
+		})
+
+		api.POST("/camera/record", func(c *gin.Context) {
+			components.MakeRecording(c, communication)
+		})
+
+		api.GET("/camera/snapshot/jpeg", func(c *gin.Context) {
+			components.GetSnapshotRaw(c, captureDevice, configuration, communication)
+		})
+
+		api.GET("/camera/snapshot/base64", func(c *gin.Context) {
+			components.GetSnapshotBase64(c, captureDevice, configuration, communication)
+		})
+
+		// Onvif specific methods. Doesn't require any authorization.
+		// Will verify the current onvif settings.
+		api.POST("/camera/onvif/verify", onvif.VerifyOnvifConnection)
+		api.POST("/camera/onvif/login", LoginToOnvif)
+		api.POST("/camera/onvif/capabilities", GetOnvifCapabilities)
+		api.POST("/camera/onvif/presets", GetOnvifPresets)
+		api.POST("/camera/onvif/gotopreset", GoToOnvifPreset)
+		api.POST("/camera/onvif/pantilt", DoOnvifPanTilt)
+		api.POST("/camera/onvif/zoom", DoOnvifZoom)
+		api.POST("/camera/onvif/inputs", DoGetDigitalInputs)
+		api.POST("/camera/onvif/outputs", DoGetRelayOutputs)
+		api.POST("/camera/onvif/outputs/:output", DoTriggerRelayOutput)
+		api.POST("/camera/verify/:streamType", capture.VerifyCamera)
+
+		// Secured endpoints..
+		api.Use(authMiddleware.MiddlewareFunc())
+		{
+		}
+	}
+	return api
+}
--- a/machinery/src/routers/main.go
+++ b/machinery/src/routers/main.go
@@ -1,10 +1,11 @@
 package routers

 import (
+	"github.com/kerberos-io/agent/machinery/src/capture"
 	"github.com/kerberos-io/agent/machinery/src/models"
 	"github.com/kerberos-io/agent/machinery/src/routers/http"
 )

-func StartWebserver(configDirectory string, configuration *models.Configuration, communication *models.Communication) {
-	http.StartServer(configDirectory, configuration, communication)
+func StartWebserver(configDirectory string, configuration *models.Configuration, communication *models.Communication, captureDevice *capture.Capture) {
+	http.StartServer(configDirectory, configuration, communication, captureDevice)
 }
--- a/machinery/src/routers/mqtt/main.go
+++ b/machinery/src/routers/mqtt/main.go
@@ -66,7 +66,7 @@ func ConfigureMQTT(configDirectory string, configuration *models.Configuration,
 	PREV_AgentKey = configuration.Config.Key

 	if config.Offline == "true" {
-		log.Log.Info("ConfigureMQTT: not starting as running in Offline mode.")
+		log.Log.Info("routers.mqtt.main.ConfigureMQTT(): not starting as running in Offline mode.")
 	} else {

 		opts := mqtt.NewClientOptions()
@@ -75,7 +75,7 @@ func ConfigureMQTT(configDirectory string, configuration *models.Configuration,
 		// and share and receive messages to/from.
 		mqttURL := config.MQTTURI
 		opts.AddBroker(mqttURL)
-		log.Log.Info("ConfigureMQTT: Set broker uri " + mqttURL)
+		log.Log.Debug("routers.mqtt.main.ConfigureMQTT(): Set broker uri " + mqttURL)

 		// Our MQTT broker can have username/password credentials
 		// to protect it from the outside.
@@ -84,8 +84,8 @@ func ConfigureMQTT(configDirectory string, configuration *models.Configuration,
 		if mqtt_username != "" || mqtt_password != "" {
 			opts.SetUsername(mqtt_username)
 			opts.SetPassword(mqtt_password)
-			log.Log.Info("ConfigureMQTT: Set username " + mqtt_username)
-			log.Log.Info("ConfigureMQTT: Set password " + mqtt_password)
+			log.Log.Debug("routers.mqtt.main.ConfigureMQTT(): Set username " + mqtt_username)
+			log.Log.Debug("routers.mqtt.main.ConfigureMQTT(): Set password " + mqtt_password)
 		}

 		// Some extra options to make sure the connection behaves
@@ -121,13 +121,13 @@ func ConfigureMQTT(configDirectory string, configuration *models.Configuration,
 			}

 			opts.SetClientID(mqttClientID)
-			log.Log.Info("ConfigureMQTT: Set ClientID " + mqttClientID)
+			log.Log.Info("routers.mqtt.main.ConfigureMQTT(): Set ClientID " + mqttClientID)
 			rand.Seed(time.Now().UnixNano())
 			webrtc.CandidateArrays = make(map[string](chan string))

 			opts.OnConnect = func(c mqtt.Client) {
 				// We managed to connect to the MQTT broker, hurray!
-				log.Log.Info("ConfigureMQTT: " + mqttClientID + " connected to " + mqttURL)
+				log.Log.Info("routers.mqtt.main.ConfigureMQTT(): " + mqttClientID + " connected to " + mqttURL)

 				// Create a susbcription for listen and reply
 				MQTTListenerHandler(c, hubKey, configDirectory, configuration, communication)
@@ -136,7 +136,7 @@ func ConfigureMQTT(configDirectory string, configuration *models.Configuration,
 		mqc := mqtt.NewClient(opts)
 		if token := mqc.Connect(); token.WaitTimeout(3 * time.Second) {
 			if token.Error() != nil {
-				log.Log.Error("ConfigureMQTT: unable to establish mqtt broker connection, error was: " + token.Error().Error())
+				log.Log.Error("routers.mqtt.main.ConfigureMQTT(): unable to establish mqtt broker connection, error was: " + token.Error().Error())
 			}
 		}
 		return mqc
@@ -147,10 +147,10 @@ func ConfigureMQTT(configDirectory string, configuration *models.Configuration,

 func MQTTListenerHandler(mqttClient mqtt.Client, hubKey string, configDirectory string, configuration *models.Configuration, communication *models.Communication) {
 	if hubKey == "" {
-		log.Log.Info("MQTTListenerHandler: no hub key provided, not subscribing to kerberos/hub/{hubkey}")
+		log.Log.Info("routers.mqtt.main.MQTTListenerHandler(): no hub key provided, not subscribing to kerberos/hub/{hubkey}")
 	} else {
-		topicOnvif := fmt.Sprintf("kerberos/agent/%s", hubKey)
-		mqttClient.Subscribe(topicOnvif, 1, func(c mqtt.Client, msg mqtt.Message) {
+		agentListener := fmt.Sprintf("kerberos/agent/%s", hubKey)
+		mqttClient.Subscribe(agentListener, 1, func(c mqtt.Client, msg mqtt.Message) {

 			// Decode the message, we are expecting following format.
 			// {
@@ -166,9 +166,33 @@ func MQTTListenerHandler(mqttClient mqtt.Client, hubKey string, configDirectory

 			// We will receive all messages from our hub, so we'll need to filter to the relevant device.
 			if message.Mid != "" && message.Timestamp != 0 && message.DeviceId == configuration.Config.Key {
-				// Messages might be encrypted, if so we'll
-				// need to decrypt them.
 				var payload models.Payload
+
+				// Messages might be hidden, if so we'll need to decrypt them using the Kerberos Hub private key.
+				if message.Hidden && configuration.Config.HubEncryption == "true" {
+					hiddenValue := message.Payload.HiddenValue
+					if len(hiddenValue) > 0 {
+						privateKey := configuration.Config.HubPrivateKey
+						if privateKey != "" {
+							data, err := base64.StdEncoding.DecodeString(hiddenValue)
+							if err != nil {
+								return
+							}
+							visibleValue, err := encryption.AesDecrypt(data, privateKey)
+							if err != nil {
+								log.Log.Error("routers.mqtt.main.MQTTListenerHandler(): error decrypting message: " + err.Error())
+								return
+							}
+							json.Unmarshal(visibleValue, &payload)
+							message.Payload = payload
+						} else {
+							log.Log.Error("routers.mqtt.main.MQTTListenerHandler(): error decrypting message, no private key provided.")
+						}
+					}
+				}
+
+				// Messages might be end-to-end encrypted, if so we'll need to decrypt them,
+				// using our own keys.
 				if message.Encrypted && configuration.Config.Encryption != nil && configuration.Config.Encryption.Enabled == "true" {
 					encryptedValue := message.Payload.EncryptedValue
 					if len(encryptedValue) > 0 {
@@ -178,14 +202,14 @@ func MQTTListenerHandler(mqttClient mqtt.Client, hubKey string, configDirectory
 						pemBytes, _ := ioutil.ReadAll(r)
 						block, _ := pem.Decode(pemBytes)
 						if block == nil {
-							log.Log.Error("MQTTListenerHandler: error decoding PEM block containing private key")
+							log.Log.Error("routers.mqtt.main.MQTTListenerHandler(): error decoding PEM block containing private key")
 							return
 						} else {
 							// Parse private key
 							b := block.Bytes
 							key, err := x509.ParsePKCS8PrivateKey(b)
 							if err != nil {
-								log.Log.Error("MQTTListenerHandler: error parsing private key: " + err.Error())
+								log.Log.Error("routers.mqtt.main.MQTTListenerHandler(): error parsing private key: " + err.Error())
 								return
 							} else {
 								// Conver key to *rsa.PrivateKey
@@ -205,16 +229,16 @@ func MQTTListenerHandler(mqttClient mqtt.Client, hubKey string, configDirectory
 										}
 										decryptedValue, err := encryption.AesDecrypt(data, string(decryptedKey))
 										if err != nil {
-											log.Log.Error("MQTTListenerHandler: error decrypting message: " + err.Error())
+											log.Log.Error("routers.mqtt.main.MQTTListenerHandler(): error decrypting message: " + err.Error())
 											return
 										}
 										json.Unmarshal(decryptedValue, &payload)
 									} else {
-										log.Log.Error("MQTTListenerHandler: error decrypting message, assymetric keys do not match.")
+										log.Log.Error("routers.mqtt.main.MQTTListenerHandler(): error decrypting message, assymetric keys do not match.")
 										return
 									}
 								} else if err != nil {
-									log.Log.Error("MQTTListenerHandler: error decrypting message: " + err.Error())
+									log.Log.Error("routers.mqtt.main.MQTTListenerHandler(): error decrypting message: " + err.Error())
 									return
 								}
 							}
@@ -225,7 +249,7 @@ func MQTTListenerHandler(mqttClient mqtt.Client, hubKey string, configDirectory
 				}

 				// We'll find out which message we received, and act accordingly.
-				log.Log.Info("MQTTListenerHandler: received message with action: " + payload.Action)
+				log.Log.Info("routers.mqtt.main.MQTTListenerHandler(): received message with action: " + payload.Action)
 				switch payload.Action {
 				case "record":
 					go HandleRecording(mqttClient, hubKey, payload, configuration, communication)
@@ -247,6 +271,8 @@ func MQTTListenerHandler(mqttClient mqtt.Client, hubKey string, configDirectory
 					go HandleRequestHDStream(mqttClient, hubKey, payload, configuration, communication)
 				case "receive-hd-candidates":
 					go HandleReceiveHDCandidates(mqttClient, hubKey, payload, configuration, communication)
+				case "trigger-relay":
+					go HandleTriggerRelay(mqttClient, hubKey, payload, configuration, communication)
 				}

 			}
@@ -299,7 +325,7 @@ func HandleGetPTZPosition(mqttClient mqtt.Client, hubKey string, payload models.
 		// Get Position from device
 		pos, err := onvif.GetPositionFromDevice(*configuration)
 		if err != nil {
-			log.Log.Error("HandlePTZPosition: error getting position from device: " + err.Error())
+			log.Log.Error("routers.mqtt.main.HandlePTZPosition(): error getting position from device: " + err.Error())
 		} else {
 			// Needs to wrapped!
 			posString := fmt.Sprintf("%f,%f,%f", pos.PanTilt.X, pos.PanTilt.Y, pos.Zoom.X)
@@ -315,9 +341,9 @@ func HandleGetPTZPosition(mqttClient mqtt.Client, hubKey string, payload models.
 			}
 			payload, err := models.PackageMQTTMessage(configuration, message)
 			if err == nil {
-				mqttClient.Publish("kerberos/hub/"+hubKey, 0, false, payload)
+				mqttClient.Publish("kerberos/hub/"+hubKey, 2, false, payload)
 			} else {
-				log.Log.Info("HandlePTZPosition: something went wrong while sending position to hub: " + string(payload))
+				log.Log.Info("routers.mqtt.main.HandlePTZPosition(): something went wrong while sending position to hub: " + string(payload))
 			}
 		}
 	}
@@ -334,9 +360,9 @@ func HandleUpdatePTZPosition(mqttClient mqtt.Client, hubKey string, payload mode
 	if onvifAction.Action != "" {
 		if communication.CameraConnected {
 			communication.HandleONVIF <- onvifAction
-			log.Log.Info("MQTTListenerHandleONVIF: Received an action - " + onvifAction.Action)
+			log.Log.Info("routers.mqtt.main.MQTTListenerHandleONVIF(): Received an action - " + onvifAction.Action)
 		} else {
-			log.Log.Info("MQTTListenerHandleONVIF: received action, but camera is not connected.")
+			log.Log.Info("routers.mqtt.main.MQTTListenerHandleONVIF(): received action, but camera is not connected.")
 		}
 	}
 }
@@ -350,16 +376,26 @@ func HandleRequestConfig(mqttClient mqtt.Client, hubKey string, payload models.P
 	json.Unmarshal(jsonData, &configPayload)

 	if configPayload.Timestamp != 0 {
-		// Get Config from the device

+		// Get Config from the device
 		key := configuration.Config.Key
 		name := configuration.Config.Name
+		if configuration.Config.FriendlyName != "" {
+			name = configuration.Config.FriendlyName
+		}

 		if key != "" && name != "" {

 			// Copy the config, as we don't want to share the encryption part.
 			deepCopy := configuration.Config

+			// We need a fix for the width and height if a substream.
+			// The ROI requires the width and height of the sub stream.
+			if configuration.Config.Capture.IPCamera.SubRTSP != "" {
+				deepCopy.Capture.IPCamera.Width = configuration.Config.Capture.IPCamera.SubWidth
+				deepCopy.Capture.IPCamera.Height = configuration.Config.Capture.IPCamera.SubHeight
+			}
+
 			var configMap map[string]interface{}
 			inrec, _ := json.Marshal(deepCopy)
 			json.Unmarshal(inrec, &configMap)
@@ -376,16 +412,16 @@ func HandleRequestConfig(mqttClient mqtt.Client, hubKey string, payload models.P
 			}
 			payload, err := models.PackageMQTTMessage(configuration, message)
 			if err == nil {
-				mqttClient.Publish("kerberos/hub/"+hubKey, 0, false, payload)
+				mqttClient.Publish("kerberos/hub/"+hubKey, 2, false, payload)
 			} else {
-				log.Log.Info("HandleRequestConfig: something went wrong while sending config to hub: " + string(payload))
+				log.Log.Info("routers.mqtt.main.HandleRequestConfig(): something went wrong while sending config to hub: " + string(payload))
 			}

 		} else {
-			log.Log.Info("HandleRequestConfig: no config available")
+			log.Log.Info("routers.mqtt.main.HandleRequestConfig(): no config available")
 		}

-		log.Log.Info("HandleRequestConfig: Received a request for the config")
+		log.Log.Info("routers.mqtt.main.HandleRequestConfig(): Received a request for the config")
 	}
 }

@@ -406,7 +442,7 @@ func HandleUpdateConfig(mqttClient mqtt.Client, hubKey string, payload models.Pa

 		err := configService.SaveConfig(configDirectory, config, configuration, communication)
 		if err == nil {
-			log.Log.Info("HandleUpdateConfig: Config updated")
+			log.Log.Info("routers.mqtt.main.HandleUpdateConfig(): Config updated")
 			message := models.Message{
 				Payload: models.Payload{
 					Action:   "acknowledge-update-config",
@@ -415,12 +451,12 @@ func HandleUpdateConfig(mqttClient mqtt.Client, hubKey string, payload models.Pa
 			}
 			payload, err := models.PackageMQTTMessage(configuration, message)
 			if err == nil {
-				mqttClient.Publish("kerberos/hub/"+hubKey, 0, false, payload)
+				mqttClient.Publish("kerberos/hub/"+hubKey, 2, false, payload)
 			} else {
-				log.Log.Info("HandleRequestConfig: something went wrong while sending acknowledge config to hub: " + string(payload))
+				log.Log.Info("routers.mqtt.main.HandleUpdateConfig(): something went wrong while sending acknowledge config to hub: " + string(payload))
 			}
 		} else {
-			log.Log.Info("HandleUpdateConfig: Config update failed")
+			log.Log.Info("routers.mqtt.main.HandleUpdateConfig(): Config update failed")
 		}
 	}
 }
@@ -438,9 +474,9 @@ func HandleRequestSDStream(mqttClient mqtt.Client, hubKey string, payload models
 			case communication.HandleLiveSD <- time.Now().Unix():
 			default:
 			}
-			log.Log.Info("HandleRequestSDStream: received request to livestream.")
+			log.Log.Info("routers.mqtt.main.HandleRequestSDStream(): received request to livestream.")
 		} else {
-			log.Log.Info("HandleRequestSDStream: received request to livestream, but camera is not connected.")
+			log.Log.Info("routers.mqtt.main.HandleRequestSDStream(): received request to livestream, but camera is not connected.")
 		}
 	}
 }
@@ -460,9 +496,9 @@ func HandleRequestHDStream(mqttClient mqtt.Client, hubKey string, payload models
 			case communication.HandleLiveHDHandshake <- requestHDStreamPayload:
 			default:
 			}
-			log.Log.Info("HandleRequestHDStream: received request to setup webrtc.")
+			log.Log.Info("routers.mqtt.main.HandleRequestHDStream(): received request to setup webrtc.")
 		} else {
-			log.Log.Info("HandleRequestHDStream: received request to setup webrtc, but camera is not connected.")
+			log.Log.Info("routers.mqtt.main.HandleRequestHDStream(): received request to setup webrtc, but camera is not connected.")
 		}
 	}
 }
@@ -478,9 +514,9 @@ func HandleReceiveHDCandidates(mqttClient mqtt.Client, hubKey string, payload mo
 		if communication.CameraConnected {
 			// Register candidate channel
 			key := configuration.Config.Key + "/" + receiveHDCandidatesPayload.SessionID
-			webrtc.RegisterCandidates(key, receiveHDCandidatesPayload)
+			go webrtc.RegisterCandidates(key, receiveHDCandidatesPayload)
 		} else {
-			log.Log.Info("HandleReceiveHDCandidates: received candidate, but camera is not connected.")
+			log.Log.Info("routers.mqtt.main.HandleReceiveHDCandidates(): received candidate, but camera is not connected.")
 		}
 	}
 }
@@ -497,10 +533,40 @@ func HandleNavigatePTZ(mqttClient mqtt.Client, hubKey string, payload models.Pay
 			var onvifAction models.OnvifAction
 			json.Unmarshal([]byte(action), &onvifAction)
 			communication.HandleONVIF <- onvifAction
-			log.Log.Info("HandleNavigatePTZ: Received an action - " + onvifAction.Action)
+			log.Log.Info("routers.mqtt.main.HandleNavigatePTZ(): Received an action - " + onvifAction.Action)
+		} else {
+			log.Log.Info("routers.mqtt.main.HandleNavigatePTZ(): received action, but camera is not connected.")
+		}
+	}
+}
+
+func HandleTriggerRelay(mqttClient mqtt.Client, hubKey string, payload models.Payload, configuration *models.Configuration, communication *models.Communication) {
+	value := payload.Value
+	jsonData, _ := json.Marshal(value)
+	var triggerRelayPayload models.TriggerRelay
+	json.Unmarshal(jsonData, &triggerRelayPayload)
+
+	if triggerRelayPayload.Timestamp != 0 {
+		if communication.CameraConnected {
+			// Get token (name of relay)
+			token := triggerRelayPayload.Token
+			// Connect to Onvif device
+			cameraConfiguration := configuration.Config.Capture.IPCamera
+			device, _, err := onvif.ConnectToOnvifDevice(&cameraConfiguration)
+			if err == nil {
+				// Trigger relay output
+				err := onvif.TriggerRelayOutput(device, token)
+				if err != nil {
+					log.Log.Error("routers.mqtt.main.HandleTriggerRelay(): error triggering relay: " + err.Error())
+				} else {
+					log.Log.Info("routers.mqtt.main.HandleTriggerRelay(): trigger (" + token + ") relay output.")
+				}
+			} else {
+				log.Log.Error("routers.mqtt.main.HandleTriggerRelay(): error connecting to device: " + err.Error())
+			}

 		} else {
-			log.Log.Info("HandleNavigatePTZ: received action, but camera is not connected.")
+			log.Log.Info("routers.mqtt.main.HandleTriggerRelay(): received trigger, but camera is not connected.")
 		}
 	}
 }
@@ -512,6 +578,6 @@ func DisconnectMQTT(mqttClient mqtt.Client, config *models.Config) {
 		mqttClient.Unsubscribe("kerberos/agent/" + PREV_HubKey)
 		mqttClient.Disconnect(1000)
 		mqttClient = nil
-		log.Log.Info("DisconnectMQTT: MQTT client disconnected.")
+		log.Log.Info("routers.mqtt.main.DisconnectMQTT(): MQTT client disconnected.")
 	}
 }
--- a/machinery/src/routers/websocket/main.go
+++ b/machinery/src/routers/websocket/main.go
@@ -3,15 +3,17 @@ package websocket
 import (
 	"context"
 	"encoding/base64"
+	"image"
 	"net/http"
 	"sync"

 	"github.com/gin-gonic/gin"
 	"github.com/gorilla/websocket"
-	"github.com/kerberos-io/agent/machinery/src/computervision"
+	"github.com/kerberos-io/agent/machinery/src/capture"
 	"github.com/kerberos-io/agent/machinery/src/log"
 	"github.com/kerberos-io/agent/machinery/src/models"
-	"github.com/kerberos-io/joy4/cgo/ffmpeg"
+	"github.com/kerberos-io/agent/machinery/src/packets"
+	"github.com/kerberos-io/agent/machinery/src/utils"
 )

 type Message struct {
@@ -47,7 +49,7 @@ var upgrader = websocket.Upgrader{
 	},
 }

-func WebsocketHandler(c *gin.Context, communication *models.Communication) {
+func WebsocketHandler(c *gin.Context, communication *models.Communication, captureDevice *capture.Capture) {
 	w := c.Writer
 	r := c.Request
 	conn, err := upgrader.Upgrade(w, r, nil)
@@ -58,12 +60,17 @@ func WebsocketHandler(c *gin.Context, communication *models.Communication) {

 		var message Message
 		err = conn.ReadJSON(&message)
+		if err != nil {
+			log.Log.Error("routers.websocket.main.WebsocketHandler(): " + err.Error())
+			return
+		}
 		clientID := message.ClientID
 		if sockets[clientID] == nil {
 			connection := new(Connection)
 			connection.Socket = conn
 			sockets[clientID] = connection
 			sockets[clientID].Cancels = make(map[string]context.CancelFunc)
+			log.Log.Info("routers.websocket.main.WebsocketHandler(): " + clientID + ": connected.")
 		}

 		// Continuously read messages
@@ -85,14 +92,14 @@ func WebsocketHandler(c *gin.Context, communication *models.Communication) {
 				if exists {
 					sockets[clientID].Cancels["stream-sd"]()
 				} else {
-					log.Log.Error("Streaming sd does not exists for " + clientID)
+					log.Log.Error("routers.websocket.main.WebsocketHandler(): streaming sd does not exists for " + clientID)
 				}

 			case "stream-sd":
 				if communication.CameraConnected {
 					_, exists := sockets[clientID].Cancels["stream-sd"]
 					if exists {
-						log.Log.Info("Already streaming sd for " + clientID)
+						log.Log.Debug("routers.websocket.main.WebsocketHandler(): already streaming sd for " + clientID)
 					} else {
 						startStream := Message{
 							ClientID:    clientID,
@@ -105,7 +112,7 @@ func WebsocketHandler(c *gin.Context, communication *models.Communication) {

 						ctx, cancel := context.WithCancel(context.Background())
 						sockets[clientID].Cancels["stream-sd"] = cancel
-						go ForwardSDStream(ctx, clientID, sockets[clientID], communication)
+						go ForwardSDStream(ctx, clientID, sockets[clientID], communication, captureDevice)
 					}
 				}
 			}
@@ -119,37 +126,46 @@ func WebsocketHandler(c *gin.Context, communication *models.Communication) {
 		_, exists := sockets[clientID]
 		if exists {
 			delete(sockets, clientID)
-			log.Log.Info("WebsocketHandler: " + clientID + ": terminated and disconnected websocket connection.")
+			log.Log.Info("routers.websocket.main.WebsocketHandler(): " + clientID + ": terminated and disconnected websocket connection.")
 		}
 	}
 }

-func ForwardSDStream(ctx context.Context, clientID string, connection *Connection, communication *models.Communication) {
+func ForwardSDStream(ctx context.Context, clientID string, connection *Connection, communication *models.Communication, captureDevice *capture.Capture) {

-	queue := communication.Queue
-	cursor := queue.Latest()
-	decoder := communication.Decoder
-	decoderMutex := communication.DecoderMutex
+	var queue *packets.Queue
+	var cursor *packets.QueueCursor

-	// Allocate ffmpeg.VideoFrame
-	frame := ffmpeg.AllocVideoFrame()
+	// We'll pick the right client and decoder.
+	rtspClient := captureDevice.RTSPSubClient
+	if rtspClient != nil {
+		queue = communication.SubQueue
+		cursor = queue.Latest()
+	} else {
+		rtspClient = captureDevice.RTSPClient
+		queue = communication.Queue
+		cursor = queue.Latest()
+	}

 logreader:
 	for {
 		var encodedImage string
-		if queue != nil && cursor != nil && decoder != nil {
+		if queue != nil && cursor != nil && rtspClient != nil {
 			pkt, err := cursor.ReadPacket()
 			if err == nil {
 				if !pkt.IsKeyFrame {
 					continue
 				}
-				img, err := computervision.GetRawImage(frame, pkt, decoder, decoderMutex)
+				var img image.YCbCr
+				img, err = (*rtspClient).DecodePacket(pkt)
 				if err == nil {
-					bytes, _ := computervision.ImageToBytes(&img.Image)
+					bytes, _ := utils.ImageToBytes(&img)
 					encodedImage = base64.StdEncoding.EncodeToString(bytes)
+				} else {
+					continue
 				}
 			} else {
-				log.Log.Error("ForwardSDStream:" + err.Error())
+				log.Log.Error("routers.websocket.main.ForwardSDStream():" + err.Error())
 				break logreader
 			}
 		}
@@ -163,7 +179,7 @@ logreader:
 		}
 		err := connection.WriteJson(startStrean)
 		if err != nil {
-			log.Log.Error("ForwardSDStream:" + err.Error())
+			log.Log.Error("routers.websocket.main.ForwardSDStream():" + err.Error())
 			break logreader
 		}
 		select {
@@ -173,16 +189,14 @@ logreader:
 		}
 	}

-	frame.Free()
-
 	// Close socket for streaming
 	_, exists := connection.Cancels["stream-sd"]
 	if exists {
 		delete(connection.Cancels, "stream-sd")
 	} else {
-		log.Log.Error("Streaming sd does not exists for " + clientID)
+		log.Log.Error("routers.websocket.main.ForwardSDStream(): streaming sd does not exists for " + clientID)
 	}

 	// Send stop streaming message
-	log.Log.Info("ForwardSDStream: stop sending streaming over websocket")
+	log.Log.Info("routers.websocket.main.ForwardSDStream(): stop sending streaming over websocket")
 }
--- a/machinery/src/rtsp/client.go
+++ b/machinery/src/rtsp/client.go
@@ -1,247 +0,0 @@
-package rtsp
-
-import (
-	"fmt"
-	"image"
-	"image/jpeg"
-	"log"
-	"os"
-	"strconv"
-	"time"
-
-	"github.com/bluenviron/gortsplib/v3"
-	"github.com/bluenviron/gortsplib/v3/pkg/base"
-	"github.com/bluenviron/gortsplib/v3/pkg/formats"
-	"github.com/bluenviron/gortsplib/v3/pkg/formats/rtph265"
-	"github.com/bluenviron/gortsplib/v3/pkg/url"
-	"github.com/bluenviron/mediacommon/pkg/codecs/h264"
-
-	"github.com/pion/rtp"
-)
-
-func CreateClient() {
-	c := &gortsplib.Client{
-		OnRequest: func(req *base.Request) {
-			//log.Log.Info(logger.Debug, "c->s %v", req)
-		},
-		OnResponse: func(res *base.Response) {
-			//s.Log(logger.Debug, "s->c %v", res)
-		},
-		OnTransportSwitch: func(err error) {
-			//s.Log(logger.Warn, err.Error())
-		},
-		OnPacketLost: func(err error) {
-			//s.Log(logger.Warn, err.Error())
-		},
-		OnDecodeError: func(err error) {
-			//s.Log(logger.Warn, err.Error())
-		},
-	}
-
-	u, err := url.Parse("rtsp://admin:admin@192.168.1.111") //"rtsp://seing:bud-edPTQc@109.159.199.103:554/rtsp/defaultPrimary?mtu=1440&streamType=m") //
-	if err != nil {
-		panic(err)
-	}
-
-	err = c.Start(u.Scheme, u.Host)
-	if err != nil {
-		//return err
-	}
-	defer c.Close()
-
-	medias, baseURL, _, err := c.Describe(u)
-	if err != nil {
-		//return err
-	}
-	fmt.Println(medias)
-
-	// find the H264 media and format
-	var forma *formats.H265
-	medi := medias.FindFormat(&forma)
-	if medi == nil {
-		panic("media not found")
-	}
-
-	// setup RTP/H264 -> H264 decoder
-	rtpDec := forma.CreateDecoder()
-	// setup H264 -> MPEG-TS muxer
-	//pegtsMuxer, err := newMPEGTSMuxer(forma.SPS, forma.PPS)
-	if err != nil {
-		panic(err)
-	}
-
-	// setup H264 -> raw frames decoder
-	/*h264RawDec, err := newH264Decoder()
-	if err != nil {
-		panic(err)
-	}
-	defer h264RawDec.close()
-
-	// if SPS and PPS are present into the SDP, send them to the decoder
-	if forma.SPS != nil {
-		h264RawDec.decode(forma.SPS)
-	}
-	if forma.PPS != nil {
-		h264RawDec.decode(forma.PPS)
-	}*/
-
-	readErr := make(chan error)
-	go func() {
-		readErr <- func() error {
-			// Get codecs
-			for _, medi := range medias {
-				for _, forma := range medi.Formats {
-					fmt.Println(forma)
-				}
-			}
-
-			err = c.SetupAll(medias, baseURL)
-			if err != nil {
-				return err
-			}
-
-			for _, medi := range medias {
-				for _, forma := range medi.Formats {
-					c.OnPacketRTP(medi, forma, func(pkt *rtp.Packet) {
-
-						au, pts, err := rtpDec.Decode(pkt)
-						if err != nil {
-							if err != rtph265.ErrNonStartingPacketAndNoPrevious && err != rtph265.ErrMorePacketsNeeded {
-								log.Printf("ERR: %v", err)
-							}
-							return
-						}
-
-						for _, nalu := range au {
-							log.Printf("received NALU with PTS %v and size %d\n", pts, len(nalu))
-						}
-
-						/*// extract access unit from RTP packets
-						// DecodeUntilMarker is necessary for the DTS extractor to work
-						if pkt.PayloadType == 96 {
-							au, pts, err := rtpDec.DecodeUntilMarker(pkt)
-
-							if err != nil {
-								if err != rtph264.ErrNonStartingPacketAndNoPrevious && err != rtph264.ErrMorePacketsNeeded {
-									log.Printf("ERR: %v", err)
-								}
-								return
-							}
-
-							// encode the access unit into MPEG-TS
-							mpegtsMuxer.encode(au, pts)
-
-							for _, nalu := range au {
-								// convert NALUs into RGBA frames
-								img, err := h264RawDec.decode(nalu)
-								if err != nil {
-									panic(err)
-								}
-
-								// wait for a frame
-								if img == nil {
-									continue
-								}
-
-								// convert frame to JPEG and save to file
-								err = saveToFile(img)
-								if err != nil {
-									panic(err)
-								}
-							}
-						}*/
-
-					})
-				}
-			}
-
-			_, err = c.Play(nil)
-			if err != nil {
-				return err
-			}
-
-			return c.Wait()
-		}()
-	}()
-
-	for {
-		select {
-		case err := <-readErr:
-			fmt.Println(err)
-		}
-	}
-}
-
-func saveToFile(img image.Image) error {
-	// create file
-	fname := strconv.FormatInt(time.Now().UnixNano()/int64(time.Millisecond), 10) + ".jpg"
-	f, err := os.Create(fname)
-	if err != nil {
-		panic(err)
-	}
-	defer f.Close()
-
-	log.Println("saving", fname)
-
-	// convert to jpeg
-	return jpeg.Encode(f, img, &jpeg.Options{
-		Quality: 60,
-	})
-}
-
-// extract SPS and PPS without decoding RTP packets
-func rtpH264ExtractSPSPPS(pkt *rtp.Packet) ([]byte, []byte) {
-	if len(pkt.Payload) < 1 {
-		return nil, nil
-	}
-
-	typ := h264.NALUType(pkt.Payload[0] & 0x1F)
-
-	switch typ {
-	case h264.NALUTypeSPS:
-		return pkt.Payload, nil
-
-	case h264.NALUTypePPS:
-		return nil, pkt.Payload
-
-	case h264.NALUTypeSTAPA:
-		payload := pkt.Payload[1:]
-		var sps []byte
-		var pps []byte
-
-		for len(payload) > 0 {
-			if len(payload) < 2 {
-				break
-			}
-
-			size := uint16(payload[0])<<8 | uint16(payload[1])
-			payload = payload[2:]
-
-			if size == 0 {
-				break
-			}
-
-			if int(size) > len(payload) {
-				return nil, nil
-			}
-
-			nalu := payload[:size]
-			payload = payload[size:]
-
-			typ = h264.NALUType(nalu[0] & 0x1F)
-
-			switch typ {
-			case h264.NALUTypeSPS:
-				sps = nalu
-
-			case h264.NALUTypePPS:
-				pps = nalu
-			}
-		}
-
-		return sps, pps
-
-	default:
-		return nil, nil
-	}
-}
--- a/machinery/src/rtsp/h264decoder.go
+++ b/machinery/src/rtsp/h264decoder.go
@@ -1,140 +0,0 @@
-package rtsp
-
-import (
-	"fmt"
-	"image"
-	"unsafe"
-)
-
-// #cgo pkg-config: libavcodec libavutil libswscale
-// #include <libavcodec/avcodec.h>
-// #include <libavutil/imgutils.h>
-// #include <libswscale/swscale.h>
-import "C"
-
-func frameData(frame *C.AVFrame) **C.uint8_t {
-	return (**C.uint8_t)(unsafe.Pointer(&frame.data[0]))
-}
-
-func frameLineSize(frame *C.AVFrame) *C.int {
-	return (*C.int)(unsafe.Pointer(&frame.linesize[0]))
-}
-
-// h264Decoder is a wrapper around ffmpeg's H264 decoder.
-type h264Decoder struct {
-	codecCtx    *C.AVCodecContext
-	srcFrame    *C.AVFrame
-	swsCtx      *C.struct_SwsContext
-	dstFrame    *C.AVFrame
-	dstFramePtr []uint8
-}
-
-// newH264Decoder allocates a new h264Decoder.
-func newH264Decoder() (*h264Decoder, error) {
-	codec := C.avcodec_find_decoder(C.AV_CODEC_ID_H264)
-	if codec == nil {
-		return nil, fmt.Errorf("avcodec_find_decoder() failed")
-	}
-
-	codecCtx := C.avcodec_alloc_context3(codec)
-	if codecCtx == nil {
-		return nil, fmt.Errorf("avcodec_alloc_context3() failed")
-	}
-
-	res := C.avcodec_open2(codecCtx, codec, nil)
-	if res < 0 {
-		C.avcodec_close(codecCtx)
-		return nil, fmt.Errorf("avcodec_open2() failed")
-	}
-
-	srcFrame := C.av_frame_alloc()
-	if srcFrame == nil {
-		C.avcodec_close(codecCtx)
-		return nil, fmt.Errorf("av_frame_alloc() failed")
-	}
-
-	return &h264Decoder{
-		codecCtx: codecCtx,
-		srcFrame: srcFrame,
-	}, nil
-}
-
-// close closes the decoder.
-func (d *h264Decoder) close() {
-	if d.dstFrame != nil {
-		C.av_frame_free(&d.dstFrame)
-	}
-
-	if d.swsCtx != nil {
-		C.sws_freeContext(d.swsCtx)
-	}
-
-	C.av_frame_free(&d.srcFrame)
-	C.avcodec_close(d.codecCtx)
-}
-
-func (d *h264Decoder) decode(nalu []byte) (image.Image, error) {
-	nalu = append([]uint8{0x00, 0x00, 0x00, 0x01}, []uint8(nalu)...)
-
-	// send frame to decoder
-	var avPacket C.AVPacket
-	avPacket.data = (*C.uint8_t)(C.CBytes(nalu))
-	defer C.free(unsafe.Pointer(avPacket.data))
-	avPacket.size = C.int(len(nalu))
-	res := C.avcodec_send_packet(d.codecCtx, &avPacket)
-	if res < 0 {
-		return nil, nil
-	}
-
-	// receive frame if available
-	res = C.avcodec_receive_frame(d.codecCtx, d.srcFrame)
-	if res < 0 {
-		return nil, nil
-	}
-
-	// if frame size has changed, allocate needed objects
-	if d.dstFrame == nil || d.dstFrame.width != d.srcFrame.width || d.dstFrame.height != d.srcFrame.height {
-		if d.dstFrame != nil {
-			C.av_frame_free(&d.dstFrame)
-		}
-
-		if d.swsCtx != nil {
-			C.sws_freeContext(d.swsCtx)
-		}
-
-		d.dstFrame = C.av_frame_alloc()
-		d.dstFrame.format = C.AV_PIX_FMT_RGBA
-		d.dstFrame.width = d.srcFrame.width
-		d.dstFrame.height = d.srcFrame.height
-		d.dstFrame.color_range = C.AVCOL_RANGE_JPEG
-		res = C.av_frame_get_buffer(d.dstFrame, 1)
-		if res < 0 {
-			return nil, fmt.Errorf("av_frame_get_buffer() err")
-		}
-
-		d.swsCtx = C.sws_getContext(d.srcFrame.width, d.srcFrame.height, C.AV_PIX_FMT_YUV420P,
-			d.dstFrame.width, d.dstFrame.height, (int32)(d.dstFrame.format), C.SWS_BILINEAR, nil, nil, nil)
-		if d.swsCtx == nil {
-			return nil, fmt.Errorf("sws_getContext() err")
-		}
-
-		dstFrameSize := C.av_image_get_buffer_size((int32)(d.dstFrame.format), d.dstFrame.width, d.dstFrame.height, 1)
-		d.dstFramePtr = (*[1 << 30]uint8)(unsafe.Pointer(d.dstFrame.data[0]))[:dstFrameSize:dstFrameSize]
-	}
-
-	// convert frame from YUV420 to RGB
-	res = C.sws_scale(d.swsCtx, frameData(d.srcFrame), frameLineSize(d.srcFrame),
-		0, d.srcFrame.height, frameData(d.dstFrame), frameLineSize(d.dstFrame))
-	if res < 0 {
-		return nil, fmt.Errorf("sws_scale() err")
-	}
-
-	// embed frame into an image.Image
-	return &image.RGBA{
-		Pix:    d.dstFramePtr,
-		Stride: 4 * (int)(d.dstFrame.width),
-		Rect: image.Rectangle{
-			Max: image.Point{(int)(d.dstFrame.width), (int)(d.dstFrame.height)},
-		},
-	}, nil
-}
--- a/machinery/src/rtsp/mp4muxer.go
+++ b/machinery/src/rtsp/mp4muxer.go
@@ -1,15 +0,0 @@
-package rtsp
-
-// mp4Muxer allows to save a H264 stream into a Mp4 file.
-type mp4Muxer struct {
-	sps []byte
-	pps []byte
-}
-
-// newMp4Muxer allocates a mp4Muxer.
-func newMp4Muxer(sps []byte, pps []byte) (*mp4Muxer, error) {
-	return &mp4Muxer{
-		sps: sps,
-		pps: pps,
-	}, nil
-}
--- a/machinery/src/rtsp/mpegtsmuxer.go
+++ b/machinery/src/rtsp/mpegtsmuxer.go
@@ -1,173 +0,0 @@
-package rtsp
-
-import (
-	"bufio"
-	"context"
-	"log"
-	"os"
-	"time"
-
-	"github.com/asticode/go-astits"
-	"github.com/bluenviron/mediacommon/pkg/codecs/h264"
-)
-
-// mpegtsMuxer allows to save a H264 stream into a MPEG-TS file.
-type mpegtsMuxer struct {
-	sps []byte
-	pps []byte
-
-	f                *os.File
-	b                *bufio.Writer
-	mux              *astits.Muxer
-	dtsExtractor     *h264.DTSExtractor
-	firstIDRReceived bool
-	startDTS         time.Duration
-}
-
-// newMPEGTSMuxer allocates a mpegtsMuxer.
-func newMPEGTSMuxer(sps []byte, pps []byte) (*mpegtsMuxer, error) {
-	f, err := os.Create("mystream.ts")
-	if err != nil {
-		return nil, err
-	}
-	b := bufio.NewWriter(f)
-
-	mux := astits.NewMuxer(context.Background(), b)
-	mux.AddElementaryStream(astits.PMTElementaryStream{
-		ElementaryPID: 256,
-		StreamType:    astits.StreamTypeH264Video,
-	})
-	mux.SetPCRPID(256)
-
-	return &mpegtsMuxer{
-		sps: sps,
-		pps: pps,
-		f:   f,
-		b:   b,
-		mux: mux,
-	}, nil
-}
-
-// close closes all the mpegtsMuxer resources.
-func (e *mpegtsMuxer) close() {
-	e.b.Flush()
-	e.f.Close()
-}
-
-// encode encodes a H264 access unit into MPEG-TS.
-func (e *mpegtsMuxer) encode(au [][]byte, pts time.Duration) error {
-	// prepend an AUD. This is required by some players
-	filteredNALUs := [][]byte{
-		{byte(h264.NALUTypeAccessUnitDelimiter), 240},
-	}
-
-	nonIDRPresent := false
-	idrPresent := false
-
-	for _, nalu := range au {
-		typ := h264.NALUType(nalu[0] & 0x1F)
-		switch typ {
-		case h264.NALUTypeSPS:
-			e.sps = append([]byte(nil), nalu...)
-			continue
-
-		case h264.NALUTypePPS:
-			e.pps = append([]byte(nil), nalu...)
-			continue
-
-		case h264.NALUTypeAccessUnitDelimiter:
-			continue
-
-		case h264.NALUTypeIDR:
-			idrPresent = true
-
-		case h264.NALUTypeNonIDR:
-			nonIDRPresent = true
-		}
-
-		filteredNALUs = append(filteredNALUs, nalu)
-	}
-
-	au = filteredNALUs
-
-	if !nonIDRPresent && !idrPresent {
-		return nil
-	}
-
-	// add SPS and PPS before every group that contains an IDR
-	if idrPresent {
-		au = append([][]byte{e.sps, e.pps}, au...)
-	}
-
-	var dts time.Duration
-
-	if !e.firstIDRReceived {
-		// skip samples silently until we find one with a IDR
-		if !idrPresent {
-			return nil
-		}
-
-		e.firstIDRReceived = true
-		e.dtsExtractor = h264.NewDTSExtractor()
-
-		var err error
-		dts, err = e.dtsExtractor.Extract(au, pts)
-		if err != nil {
-			return err
-		}
-
-		e.startDTS = dts
-		dts = 0
-		pts -= e.startDTS
-
-	} else {
-		var err error
-		dts, err = e.dtsExtractor.Extract(au, pts)
-		if err != nil {
-			return err
-		}
-
-		dts -= e.startDTS
-		pts -= e.startDTS
-	}
-
-	oh := &astits.PESOptionalHeader{
-		MarkerBits: 2,
-	}
-
-	if dts == pts {
-		oh.PTSDTSIndicator = astits.PTSDTSIndicatorOnlyPTS
-		oh.PTS = &astits.ClockReference{Base: int64(pts.Seconds() * 90000)}
-	} else {
-		oh.PTSDTSIndicator = astits.PTSDTSIndicatorBothPresent
-		oh.DTS = &astits.ClockReference{Base: int64(dts.Seconds() * 90000)}
-		oh.PTS = &astits.ClockReference{Base: int64(pts.Seconds() * 90000)}
-	}
-
-	// encode into Annex-B
-	annexb, err := h264.AnnexBMarshal(au)
-	if err != nil {
-		return err
-	}
-
-	// write TS packet
-	_, err = e.mux.WriteData(&astits.MuxerData{
-		PID: 256,
-		AdaptationField: &astits.PacketAdaptationField{
-			RandomAccessIndicator: idrPresent,
-		},
-		PES: &astits.PESData{
-			Header: &astits.PESHeader{
-				OptionalHeader: oh,
-				StreamID:       224, // video
-			},
-			Data: annexb,
-		},
-	})
-	if err != nil {
-		return err
-	}
-
-	log.Println("wrote TS packet")
-	return nil
-}
--- a/machinery/src/utils/main.go
+++ b/machinery/src/utils/main.go
@@ -1,9 +1,12 @@
 package utils

 import (
+	"bufio"
 	"bytes"
 	"errors"
 	"fmt"
+	"image"
+	"image/jpeg"
 	"io/ioutil"
 	"math/rand"
 	"os"
@@ -20,6 +23,8 @@ import (
 	"github.com/kerberos-io/agent/machinery/src/models"
 )

+const VERSION = "3.3.5"
+
 const letterBytes = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"

 // MaxUint8 - maximum value which can be held in an uint8
@@ -395,3 +400,10 @@ func Decrypt(directoryOrFile string, symmetricKey []byte) {
 		}
 	}
 }
+
+func ImageToBytes(img image.Image) ([]byte, error) {
+	buffer := new(bytes.Buffer)
+	w := bufio.NewWriter(buffer)
+	err := jpeg.Encode(w, img, &jpeg.Options{Quality: 15})
+	return buffer.Bytes(), err
+}
--- a/machinery/src/webrtc/main.go
+++ b/machinery/src/webrtc/main.go
@@ -3,23 +3,21 @@ package webrtc
 import (
 	"encoding/base64"
 	"encoding/json"
-	"fmt"
 	"io"
 	"strconv"
 	"sync"
 	"sync/atomic"
 	"time"

+	//"github.com/izern/go-fdkaac/fdkaac"
+	"github.com/kerberos-io/agent/machinery/src/capture"
 	"github.com/kerberos-io/agent/machinery/src/log"
 	"github.com/kerberos-io/agent/machinery/src/models"
-	"github.com/kerberos-io/joy4/av/pubsub"
+	"github.com/kerberos-io/agent/machinery/src/packets"

 	mqtt "github.com/eclipse/paho.mqtt.golang"
-	av "github.com/kerberos-io/joy4/av"
-	"github.com/kerberos-io/joy4/cgo/ffmpeg"
-	h264parser "github.com/kerberos-io/joy4/codec/h264parser"
-	pionWebRTC "github.com/pion/webrtc/v3"
-	pionMedia "github.com/pion/webrtc/v3/pkg/media"
+	pionWebRTC "github.com/pion/webrtc/v4"
+	pionMedia "github.com/pion/webrtc/v4/pkg/media"
 )

 var (
@@ -66,14 +64,13 @@ func CreateWebRTC(name string, stunServers []string, turnServers []string, turnS
 		TurnServersUsername:   turnServersUsername,
 		TurnServersCredential: turnServersCredential,
 		Timer:                 time.NewTimer(time.Second * 10),
-		PacketsCount:          make(chan int),
 	}
 }

 func (w WebRTC) DecodeSessionDescription(data string) ([]byte, error) {
 	sd, err := base64.StdEncoding.DecodeString(data)
 	if err != nil {
-		log.Log.Error("DecodeString error: " + err.Error())
+		log.Log.Error("webrtc.main.DecodeSessionDescription(): " + err.Error())
 		return []byte{}, err
 	}
 	return sd, nil
@@ -88,21 +85,22 @@ func (w WebRTC) CreateOffer(sd []byte) pionWebRTC.SessionDescription {
 }

 func RegisterCandidates(key string, candidate models.ReceiveHDCandidatesPayload) {
-
 	// Set lock
 	CandidatesMutex.Lock()
-	defer CandidatesMutex.Unlock()
-
-	channel := CandidateArrays[key]
-	if channel == nil {
-		channel = make(chan string)
-		CandidateArrays[key] = channel
+	_, ok := CandidateArrays[key]
+	if !ok {
+		CandidateArrays[key] = make(chan string)
 	}
-	log.Log.Info("HandleReceiveHDCandidates: " + candidate.Candidate)
-	channel <- candidate.Candidate
+	log.Log.Info("webrtc.main.HandleReceiveHDCandidates(): " + candidate.Candidate)
+	select {
+	case CandidateArrays[key] <- candidate.Candidate:
+	default:
+		log.Log.Info("webrtc.main.HandleReceiveHDCandidates(): channel is full.")
+	}
+	CandidatesMutex.Unlock()
 }

-func InitializeWebRTCConnection(configuration *models.Configuration, communication *models.Communication, mqttClient mqtt.Client, videoTrack *pionWebRTC.TrackLocalStaticSample, audioTrack *pionWebRTC.TrackLocalStaticSample, handshake models.RequestHDStreamPayload, candidates chan string) {
+func InitializeWebRTCConnection(configuration *models.Configuration, communication *models.Communication, mqttClient mqtt.Client, videoTrack *pionWebRTC.TrackLocalStaticSample, audioTrack *pionWebRTC.TrackLocalStaticSample, handshake models.RequestHDStreamPayload) {

 	config := configuration.Config
 	deviceKey := config.Key
@@ -111,6 +109,15 @@ func InitializeWebRTCConnection(configuration *models.Configuration, communicati
 	turnServersUsername := config.TURNUsername
 	turnServersCredential := config.TURNPassword

+	// We create a channel which will hold the candidates for this session.
+	sessionKey := config.Key + "/" + handshake.SessionID
+	CandidatesMutex.Lock()
+	_, ok := CandidateArrays[sessionKey]
+	if !ok {
+		CandidateArrays[sessionKey] = make(chan string)
+	}
+	CandidatesMutex.Unlock()
+
 	// Set variables
 	hubKey := handshake.HubKey
 	sessionDescription := handshake.SessionDescription
@@ -123,11 +130,16 @@ func InitializeWebRTCConnection(configuration *models.Configuration, communicati

 		mediaEngine := &pionWebRTC.MediaEngine{}
 		if err := mediaEngine.RegisterDefaultCodecs(); err != nil {
-			log.Log.Error("InitializeWebRTCConnection: something went wrong registering codecs.")
+			log.Log.Error("webrtc.main.InitializeWebRTCConnection(): something went wrong registering codecs for media engine: " + err.Error())
 		}

 		api := pionWebRTC.NewAPI(pionWebRTC.WithMediaEngine(mediaEngine))

+		policy := pionWebRTC.ICETransportPolicyAll
+		if config.ForceTurn == "true" {
+			policy = pionWebRTC.ICETransportPolicyRelay
+		}
+
 		peerConnection, err := api.NewPeerConnection(
 			pionWebRTC.Configuration{
 				ICEServers: []pionWebRTC.ICEServer{
@@ -140,77 +152,76 @@ func InitializeWebRTCConnection(configuration *models.Configuration, communicati
 						Credential: w.TurnServersCredential,
 					},
 				},
-				//ICETransportPolicy: pionWebRTC.ICETransportPolicyRelay,
+				ICETransportPolicy: policy,
 			},
 		)

 		if err == nil && peerConnection != nil {

 			if _, err = peerConnection.AddTrack(videoTrack); err != nil {
-				panic(err)
+				log.Log.Error("webrtc.main.InitializeWebRTCConnection(): something went wrong while adding video track: " + err.Error())
 			}

 			if _, err = peerConnection.AddTrack(audioTrack); err != nil {
-				panic(err)
+				log.Log.Error("webrtc.main.InitializeWebRTCConnection(): something went wrong while adding audio track: " + err.Error())
 			}

-			if err != nil {
-				panic(err)
-			}
-
-			peerConnection.OnICEConnectionStateChange(func(connectionState pionWebRTC.ICEConnectionState) {
-				if connectionState == pionWebRTC.ICEConnectionStateDisconnected {
+			peerConnection.OnConnectionStateChange(func(connectionState pionWebRTC.PeerConnectionState) {
+				if connectionState == pionWebRTC.PeerConnectionStateDisconnected || connectionState == pionWebRTC.PeerConnectionStateClosed {
+					// Set lock
 					CandidatesMutex.Lock()
-					defer CandidatesMutex.Unlock()
-
 					atomic.AddInt64(&peerConnectionCount, -1)
 					peerConnections[handshake.SessionID] = nil
-					close(candidates)
-					close(w.PacketsCount)
+					_, ok := CandidateArrays[sessionKey]
+					if ok {
+						close(CandidateArrays[sessionKey])
+						delete(CandidateArrays, sessionKey)
+					}
 					if err := peerConnection.Close(); err != nil {
-						panic(err)
+						log.Log.Error("webrtc.main.InitializeWebRTCConnection(): something went wrong while closing peer connection: " + err.Error())
 					}
-				} else if connectionState == pionWebRTC.ICEConnectionStateConnected {
+					CandidatesMutex.Unlock()
+				} else if connectionState == pionWebRTC.PeerConnectionStateConnected {
+					CandidatesMutex.Lock()
 					atomic.AddInt64(&peerConnectionCount, 1)
-				} else if connectionState == pionWebRTC.ICEConnectionStateChecking {
+					CandidatesMutex.Unlock()
+				} else if connectionState == pionWebRTC.PeerConnectionStateConnecting {
 					// Iterate over the candidates and send them to the remote client
-					// Non blocking channel
-					for candidate := range candidates {
-						log.Log.Info("InitializeWebRTCConnection: Received candidate.")
+					// Non blocking channe
+					for candidate := range CandidateArrays[sessionKey] {
+						CandidatesMutex.Lock()
+						log.Log.Info("webrtc.main.InitializeWebRTCConnection(): Received candidate from channel: " + candidate)
 						if candidateErr := peerConnection.AddICECandidate(pionWebRTC.ICECandidateInit{Candidate: string(candidate)}); candidateErr != nil {
-							log.Log.Error("InitializeWebRTCConnection: something went wrong while adding candidate: " + candidateErr.Error())
+							log.Log.Error("webrtc.main.InitializeWebRTCConnection(): something went wrong while adding candidate: " + candidateErr.Error())
 						}
+						CandidatesMutex.Unlock()
 					}
+				} else if connectionState == pionWebRTC.PeerConnectionStateFailed {
+					log.Log.Info("webrtc.main.InitializeWebRTCConnection(): ICEConnectionStateFailed")
 				}
-				log.Log.Info("InitializeWebRTCConnection: connection state changed to: " + connectionState.String())
-				log.Log.Info("InitializeWebRTCConnection: Number of peers connected (" + strconv.FormatInt(peerConnectionCount, 10) + ")")
+				log.Log.Info("webrtc.main.InitializeWebRTCConnection(): connection state changed to: " + connectionState.String())
+				log.Log.Info("webrtc.main.InitializeWebRTCConnection(): Number of peers connected (" + strconv.FormatInt(peerConnectionCount, 10) + ")")
 			})

 			offer := w.CreateOffer(sd)
 			if err = peerConnection.SetRemoteDescription(offer); err != nil {
-				panic(err)
+				log.Log.Error("webrtc.main.InitializeWebRTCConnection(): something went wrong while setting remote description: " + err.Error())
 			}

 			answer, err := peerConnection.CreateAnswer(nil)
 			if err != nil {
-				panic(err)
+				log.Log.Error("webrtc.main.InitializeWebRTCConnection(): something went wrong while creating answer: " + err.Error())
 			} else if err = peerConnection.SetLocalDescription(answer); err != nil {
-				panic(err)
+				log.Log.Error("webrtc.main.InitializeWebRTCConnection(): something went wrong while setting local description: " + err.Error())
 			}

-			// When an ICE candidate is available send to the other Pion instance
-			// the other Pion instance will add this candidate by calling AddICECandidate
-			var candidatesMux sync.Mutex
 			// When an ICE candidate is available send to the other peer using the signaling server (MQTT).
 			// The other peer will add this candidate by calling AddICECandidate
 			peerConnection.OnICECandidate(func(candidate *pionWebRTC.ICECandidate) {
-				if candidate == nil {
+				if candidate == nil || peerConnection.ICEConnectionState() == pionWebRTC.ICEConnectionStateConnected {
 					return
 				}

-				candidatesMux.Lock()
-				defer candidatesMux.Unlock()
-
 				//  Create a config map
 				valueMap := make(map[string]interface{})
 				candateJSON := candidate.ToJSON()
@@ -219,8 +230,10 @@ func InitializeWebRTCConnection(configuration *models.Configuration, communicati
 				candateBinary, err := json.Marshal(candateJSON)
 				if err == nil {
 					valueMap["candidate"] = string(candateBinary)
+					valueMap["sdp"] = []byte(base64.StdEncoding.EncodeToString([]byte(answer.SDP)))
+					valueMap["session_id"] = handshake.SessionID
 				} else {
-					log.Log.Info("HandleRequestConfig: something went wrong while marshalling candidate: " + err.Error())
+					log.Log.Info("webrtc.main.InitializeWebRTCConnection(): something went wrong while marshalling candidate: " + err.Error())
 				}

 				// We'll send the candidate to the hub
@@ -233,11 +246,10 @@ func InitializeWebRTCConnection(configuration *models.Configuration, communicati
 				}
 				payload, err := models.PackageMQTTMessage(configuration, message)
 				if err == nil {
-					log.Log.Info("InitializeWebRTCConnection:" + string(candateBinary))
 					token := mqttClient.Publish("kerberos/hub/"+hubKey, 2, false, payload)
 					token.Wait()
 				} else {
-					log.Log.Info("HandleRequestConfig: something went wrong while sending acknowledge config to hub: " + string(payload))
+					log.Log.Info("webrtc.main.InitializeWebRTCConnection(): while packaging mqtt message: " + err.Error())
 				}
 			})

@@ -248,7 +260,8 @@ func InitializeWebRTCConnection(configuration *models.Configuration, communicati
 				//  Create a config map
 				valueMap := make(map[string]interface{})
 				valueMap["sdp"] = []byte(base64.StdEncoding.EncodeToString([]byte(answer.SDP)))
-				log.Log.Info("InitializeWebRTCConnection: Send SDP answer")
+				valueMap["session_id"] = handshake.SessionID
+				log.Log.Info("webrtc.main.InitializeWebRTCConnection(): Send SDP answer")

 				// We'll send the candidate to the hub
 				message := models.Message{
@@ -263,30 +276,29 @@ func InitializeWebRTCConnection(configuration *models.Configuration, communicati
 					token := mqttClient.Publish("kerberos/hub/"+hubKey, 2, false, payload)
 					token.Wait()
 				} else {
-					log.Log.Info("HandleRequestConfig: something went wrong while sending acknowledge config to hub: " + string(payload))
+					log.Log.Info("webrtc.main.InitializeWebRTCConnection(): while packaging mqtt message: " + err.Error())
 				}
 			}
 		}
 	} else {
-		log.Log.Error("InitializeWebRTCConnection: NewPeerConnection failed: " + err.Error())
+		log.Log.Error("Initializwebrtc.main.InitializeWebRTCConnection()eWebRTCConnection: NewPeerConnection failed: " + err.Error())
 	}
 }

-func NewVideoTrack(codecs []av.CodecData) *pionWebRTC.TrackLocalStaticSample {
-	var mimeType string
-	mimeType = pionWebRTC.MimeTypeH264
+func NewVideoTrack(streams []packets.Stream) *pionWebRTC.TrackLocalStaticSample {
+	mimeType := pionWebRTC.MimeTypeH264
 	outboundVideoTrack, _ := pionWebRTC.NewTrackLocalStaticSample(pionWebRTC.RTPCodecCapability{MimeType: mimeType}, "video", "pion124")
 	return outboundVideoTrack
 }

-func NewAudioTrack(codecs []av.CodecData) *pionWebRTC.TrackLocalStaticSample {
+func NewAudioTrack(streams []packets.Stream) *pionWebRTC.TrackLocalStaticSample {
 	var mimeType string
-	for _, codec := range codecs {
-		if codec.Type().String() == "OPUS" {
+	for _, stream := range streams {
+		if stream.Name == "OPUS" {
 			mimeType = pionWebRTC.MimeTypeOpus
-		} else if codec.Type().String() == "PCM_MULAW" {
+		} else if stream.Name == "PCM_MULAW" {
 			mimeType = pionWebRTC.MimeTypePCMU
-		} else if codec.Type().String() == "PCM_ALAW" {
+		} else if stream.Name == "PCM_ALAW" {
 			mimeType = pionWebRTC.MimeTypePCMA
 		}
 	}
@@ -294,7 +306,7 @@ func NewAudioTrack(codecs []av.CodecData) *pionWebRTC.TrackLocalStaticSample {
 	return outboundAudioTrack
 }

-func WriteToTrack(livestreamCursor *pubsub.QueueCursor, configuration *models.Configuration, communication *models.Communication, mqttClient mqtt.Client, videoTrack *pionWebRTC.TrackLocalStaticSample, audioTrack *pionWebRTC.TrackLocalStaticSample, codecs []av.CodecData, decoder *ffmpeg.VideoDecoder, decoderMutex *sync.Mutex) {
+func WriteToTrack(livestreamCursor *packets.QueueCursor, configuration *models.Configuration, communication *models.Communication, mqttClient mqtt.Client, videoTrack *pionWebRTC.TrackLocalStaticSample, audioTrack *pionWebRTC.TrackLocalStaticSample, rtspClient capture.RTSPClient) {

 	config := configuration.Config

@@ -303,51 +315,51 @@ func WriteToTrack(livestreamCursor *pubsub.QueueCursor, configuration *models.Co

 	// Set the indexes for the video & audio streams
 	// Later when we read a packet we need to figure out which track to send it to.
-	videoIdx := -1
-	audioIdx := -1
-	for i, codec := range codecs {
-		if codec.Type().String() == "H264" && videoIdx < 0 {
-			videoIdx = i
-		} else if (codec.Type().String() == "OPUS" || codec.Type().String() == "PCM_MULAW" || codec.Type().String() == "PCM_ALAW") && audioIdx < 0 {
-			audioIdx = i
+	hasH264 := false
+	hasPCM_MULAW := false
+	hasAAC := false
+	hasOpus := false
+	streams, _ := rtspClient.GetStreams()
+	for _, stream := range streams {
+		if stream.Name == "H264" {
+			hasH264 = true
+		} else if stream.Name == "PCM_MULAW" {
+			hasPCM_MULAW = true
+		} else if stream.Name == "AAC" {
+			hasAAC = true
+		} else if stream.Name == "OPUS" {
+			hasOpus = true
 		}
 	}

-	if videoIdx == -1 {
-		log.Log.Error("WriteToTrack: no video codec found.")
+	if !hasH264 && !hasPCM_MULAW && !hasAAC && !hasOpus {
+		log.Log.Error("webrtc.main.WriteToTrack(): no valid video codec and audio codec found.")
 	} else {
-		annexbNALUStartCode := func() []byte { return []byte{0x00, 0x00, 0x00, 0x01} }
-
 		if config.Capture.TranscodingWebRTC == "true" {
-			if videoIdx > -1 {
-				log.Log.Info("WriteToTrack: successfully using a transcoder.")
-			} else {
-			}
+			// Todo..
 		} else {
-			log.Log.Info("WriteToTrack: not using a transcoder.")
+			//log.Log.Info("webrtc.main.WriteToTrack(): not using a transcoder.")
 		}

 		var cursorError error
-		var pkt av.Packet
-		var previousTime time.Duration
+		var pkt packets.Packet
+		var previousTimeVideo int64
+		var previousTimeAudio int64

 		start := false
 		receivedKeyFrame := false
-		codecData := codecs[videoIdx]
 		lastKeepAlive := "0"
 		peerCount := "0"

 		for cursorError == nil {

 			pkt, cursorError = livestreamCursor.ReadPacket()
-			bufferDuration := pkt.Time - previousTime
-			previousTime = pkt.Time

-			if config.Capture.ForwardWebRTC != "true" && peerConnectionCount == 0 {
-				start = false
-				receivedKeyFrame = false
-				continue
-			}
+			//if config.Capture.ForwardWebRTC != "true" && peerConnectionCount == 0 {
+			//	start = false
+			//	receivedKeyFrame = false
+			//	continue
+			//}

 			select {
 			case lastKeepAlive = <-communication.HandleLiveHDKeepalive:
@@ -383,64 +395,57 @@ func WriteToTrack(livestreamCursor *pubsub.QueueCursor, configuration *models.Co
 				}
 			}

-			if config.Capture.TranscodingWebRTC == "true" {
+			//if config.Capture.TranscodingWebRTC == "true" {
+			// We will transcode the video
+			// TODO..
+			//}

-				/*decoderMutex.Lock()
-				decoder.SetFramerate(30, 1)
-				frame, err := decoder.Decode(pkt.Data)
-				decoderMutex.Unlock()
-				if err == nil && frame != nil && frame.Width() > 0 && frame.Height() > 0 {
-					var _outpkts []av.Packet
-					transcodingResolution := config.Capture.TranscodingResolution
-					newWidth := frame.Width() * int(transcodingResolution) / 100
-					newHeight := frame.Height() * int(transcodingResolution) / 100
-					encoder.SetResolution(newWidth, newHeight)
-					if _outpkts, err = encoder.Encode(frame); err != nil {
-					}
-					if len(_outpkts) > 0 {
-						pkt = _outpkts[0]
-						codecData, _ = encoder.CodecData()
-					}
-				}*/
+			if pkt.IsVideo {

-			}
+				// Calculate the difference
+				bufferDuration := pkt.Time - previousTimeVideo
+				previousTimeVideo = pkt.Time

-			switch int(pkt.Idx) {
-			case videoIdx:
-				// For every key-frame pre-pend the SPS and PPS
-				pkt.Data = pkt.Data[4:]
+				// Start at the first keyframe
 				if pkt.IsKeyFrame {
 					start = true
-					pkt.Data = append(annexbNALUStartCode(), pkt.Data...)
-					pkt.Data = append(codecData.(h264parser.CodecData).PPS(), pkt.Data...)
-					pkt.Data = append(annexbNALUStartCode(), pkt.Data...)
-					pkt.Data = append(codecData.(h264parser.CodecData).SPS(), pkt.Data...)
-					pkt.Data = append(annexbNALUStartCode(), pkt.Data...)
-					log.Log.Info("WriteToTrack: Sending keyframe")
 				}
-
 				if start {
-					sample := pionMedia.Sample{Data: pkt.Data, Duration: bufferDuration}
+					bufferDurationCasted := time.Duration(bufferDuration) * time.Millisecond
+					sample := pionMedia.Sample{Data: pkt.Data, Duration: bufferDurationCasted, PacketTimestamp: uint32(pkt.Time)}
+					//sample = pionMedia.Sample{Data: pkt.Data, Duration: time.Second}
 					if config.Capture.ForwardWebRTC == "true" {
-						samplePacket, err := json.Marshal(sample)
-						if err == nil {
-							// Write packets
-							topic := fmt.Sprintf("kerberos/webrtc/packets/%s", config.Key)
-							mqttClient.Publish(topic, 0, false, samplePacket)
-						} else {
-							log.Log.Info("WriteToTrack: Error marshalling frame, " + err.Error())
-						}
+						// We will send the video to a remote peer
+						// TODO..
 					} else {
 						if err := videoTrack.WriteSample(sample); err != nil && err != io.ErrClosedPipe {
-							log.Log.Error("WriteToTrack: something went wrong while writing sample: " + err.Error())
+							log.Log.Error("webrtc.main.WriteToTrack(): something went wrong while writing sample: " + err.Error())
 						}
 					}
 				}
-			case audioIdx:
+			} else if pkt.IsAudio {
+
+				// @TODO: We need to check if the audio is PCM_MULAW or AAC
+				// If AAC we need to transcode it to PCM_MULAW
+				// If PCM_MULAW we can send it directly.
+
+				if hasAAC {
+					// We will transcode the audio
+					// TODO..
+					//d := fdkaac.NewAacDecoder()
+					continue
+				}
+
+				// Calculate the difference
+				bufferDuration := pkt.Time - previousTimeAudio
+				previousTimeAudio = pkt.Time
+
 				// We will send the audio
-				sample := pionMedia.Sample{Data: pkt.Data, Duration: pkt.Time}
+				bufferDurationCasted := time.Duration(bufferDuration) * time.Millisecond
+				sample := pionMedia.Sample{Data: pkt.Data, Duration: bufferDurationCasted, PacketTimestamp: uint32(pkt.Time)}
+				//sample = pionMedia.Sample{Data: pkt.Data, Duration: time.Second}
 				if err := audioTrack.WriteSample(sample); err != nil && err != io.ErrClosedPipe {
-					log.Log.Error("WriteToTrack: something went wrong while writing sample: " + err.Error())
+					log.Log.Error("webrtc.main.WriteToTrack(): something went wrong while writing sample: " + err.Error())
 				}
 			}
 		}
@@ -452,5 +457,5 @@ func WriteToTrack(livestreamCursor *pubsub.QueueCursor, configuration *models.Co
 	}

 	peerConnectionCount = 0
-	log.Log.Info("WriteToTrack: stop writing to track.")
+	log.Log.Info("webrtc.main.WriteToTrack(): stop writing to track.")
 }
--- a/machinery/update-mod.sh
+++ b/machinery/update-mod.sh
@@ -0,0 +1,4 @@
+export GOSUMDB=off
+rm -rf go.*
+go mod init github.com/kerberos-io/agent/machinery
+go mod tidy 
--- a/snap/hooks/configure
+++ b/snap/hooks/configure
@@ -1,6 +0,0 @@
-#!/bin/sh -e
-
-cp -R $SNAP/data $SNAP_COMMON/
-cp -R $SNAP/www $SNAP_COMMON/
-cp -R $SNAP/version $SNAP_COMMON/
-cp -R $SNAP/mp4fragment $SNAP_COMMON/
--- a/snap/snapcraft.yaml
+++ b/snap/snapcraft.yaml
@@ -1,23 +0,0 @@
-name: kerberosio # you probably want to 'snapcraft register <name>'
-base: core22 # the base snap is the execution environment for this snap
-version: '3.0.0' # just for humans, typically '1.2+git' or '1.3.2'
-summary: A stand-alone open source video surveillance system # 79 char long summary
-description: |
-   Kerberos Agent is an isolated and scalable video (surveillance) management
-   agent made available as Open Source under the MIT License. This means that
-   all the source code is available for you or your company, and you can use,
-   transform and distribute the source code; as long you keep a reference of
-   the original license. Kerberos Agent can be used for commercial usage.
-
-grade: stable # stable # must be 'stable' to release into candidate/stable channels
-confinement: strict # use 'strict' once you have the right plugs and slots
-environment:
-  GIN_MODE: release
-apps:
-  agent:
-    command: main -config /var/snap/kerberosio/common
-    plugs: [ network, network-bind ]
-parts:
-  agent:
-    source: . #https://github.com/kerberos-io/agent/releases/download/21c0e01/agent-amd64.tar
-    plugin: dump
--- a/ui/package.json
+++ b/ui/package.json
@@ -1,7 +1,6 @@
 {
  "name": "agent-ui",
  "version": "0.1.0",
-  "private": false,
  "dependencies": {
    "@giantmachines/redux-websocket": "^1.5.1",
    "@kerberos-io/ui": "^1.76.0",
--- a/ui/public/locales/de/translation.json
+++ b/ui/public/locales/de/translation.json
@@ -80,6 +80,7 @@
      "description_general": "Allgemeine Einstellungen für den Kerberos Agent",
      "key": "Schlüssel",
      "camera_name": "Kamera Name",
+      "camera_friendly_name": "Kamera Anzeigename",
      "timezone": "Zeitzone",
      "select_timezone": "Zeitzone auswählen",
      "advanced_configuration": "Erweiterte Konfiguration",
@@ -99,9 +100,9 @@
    "camera": {
      "camera": "Kamera",
      "description_camera": "Diese Einstellungen sind notwendig um eine Verbindung mit der Kamera herzustellen",
-      "only_h264": "Aktuell werden nur H264 RTSP kompatible Kameras unterstützt",
+      "only_h264": "Aktuell werden nur H264/H265 RTSP kompatible Kameras unterstützt",
      "rtsp_url": "RTSP URL",
-      "rtsp_h264": "H264 RTSP URL der Kamera",
+      "rtsp_h264": "H264/H265 RTSP URL der Kamera",
      "sub_rtsp_url": "RTSP url für die Live Übertragung.",
      "sub_rtsp_h264": "Ergänzende URL der Kamera mit geringerer Auflösung für die Live Übertragung.",
      "onvif": "ONVIF",
@@ -145,6 +146,8 @@
      "turn_server": "TURN Server",
      "turn_username": "Benutzername",
      "turn_password": "Passwort",
+      "force_turn": "Erzwinge TURN",
+      "force_turn_description": "Erzwinge die Verwendung von TURN",
      "stun_turn_forward": "Weiterleiten und transkodieren",
      "stun_turn_description_forward": "Optiemierungen und Verbesserungen der TURN/STUN Kommunikation.",
      "stun_turn_webrtc": "Weiterleiten an WebRTC Schnittstelle",
@@ -185,6 +188,8 @@
      "description_persistence": "Die möglichkeit zur Speicherung der Daten an einem Zentralen Ort ist der Beginn einer effektiven Videoüberwachung. Es kann zwischen",
      "description2_persistence": ", oder einem Drittanbieter gewählt werden.",
      "select_persistence": "Speicherort auswählen",
+      "kerberoshub_encryption": "Encryption",
+      "kerberoshub_encryption_description": "All traffic from/to Kerberos Hub will encrypted using AES-256.",
      "kerberoshub_proxyurl": "Kerberos Hub Proxy URL",
      "kerberoshub_description_proxyurl": "Der Proxy Endpunkt zum hochladen der Aufnahmen.",
      "kerberoshub_apiurl": "Kerberos Hub API URL",
--- a/ui/public/locales/en/translation.json
+++ b/ui/public/locales/en/translation.json
@@ -80,6 +80,7 @@
      "description_general": "General settings for your Kerberos Agent",
      "key": "Key",
      "camera_name": "Camera name",
+      "camera_friendly_name": "Friendly name",
      "timezone": "Timezone",
      "select_timezone": "Select a timezone",
      "advanced_configuration": "Advanced configuration",
@@ -99,9 +100,9 @@
    "camera": {
      "camera": "Camera",
      "description_camera": "Camera settings are required to make a connection to your camera of choice.",
-      "only_h264": "Currently only H264 RTSP streams are supported.",
+      "only_h264": "Currently only H264/H265 RTSP streams are supported.",
      "rtsp_url": "RTSP url",
-      "rtsp_h264": "A H264 RTSP connection to your camera.",
+      "rtsp_h264": "A H264/H265 RTSP connection to your camera.",
      "sub_rtsp_url": "Sub RTSP url (used for livestreaming)",
      "sub_rtsp_h264": "A secondary RTSP connection to the low resolution of your camera.",
      "onvif": "ONVIF",
@@ -145,6 +146,8 @@
      "turn_server": "TURN server",
      "turn_username": "Username",
      "turn_password": "Password",
+      "force_turn": "Force TURN",
+      "force_turn_description": "Force TURN usage, even when STUN is available.",
      "stun_turn_forward": "Forwarding and transcoding",
      "stun_turn_description_forward": "Optimisations and enhancements for TURN/STUN communication.",
      "stun_turn_webrtc": "Forwarding to WebRTC broker",
@@ -157,7 +160,12 @@
      "description2_mqtt": "to the Kerberos Agent, to achieve for example livestreaming or ONVIF (PTZ) capabilities.",
      "mqtt_brokeruri": "Broker Uri",
      "mqtt_username": "Username",
-      "mqtt_password": "Password"
+      "mqtt_password": "Password",
+      "realtimeprocessing": "Realtime Processing",
+      "description_realtimeprocessing": "By enabling realtime processing, you will receive realtime video keyframes through the MQTT connection specified above.",
+      "realtimeprocessing_topic": "Topic to publish",
+      "realtimeprocessing_enabled": "Enable realtime processing",
+      "description_realtimeprocessing_enabled": "Send realtime video keyframes through MQTT."
    },
    "conditions": {
      "timeofinterest": "Time Of Interest",
@@ -185,6 +193,8 @@
      "description_persistence": "Having the ability to store your recordings is the beginning of everything. You can choose between our",
      "description2_persistence": ", or a 3rd party provider",
      "select_persistence": "Select a persistence",
+      "kerberoshub_encryption": "Encryption",
+      "kerberoshub_encryption_description": "All traffic from/to Kerberos Hub will encrypted using AES-256.",
      "kerberoshub_proxyurl": "Kerberos Hub Proxy URL",
      "kerberoshub_description_proxyurl": "The Proxy endpoint for uploading your recordings.",
      "kerberoshub_apiurl": "Kerberos Hub API URL",
--- a/ui/public/locales/es/translation.json
+++ b/ui/public/locales/es/translation.json
@@ -80,6 +80,7 @@
      "description_general": "General settings for your Kerberos Agent",
      "key": "Key",
      "camera_name": "Camera name",
+      "camera_friendly_name": "Camera friendly name",
      "timezone": "Timezone",
      "select_timezone": "Select a timezone",
      "advanced_configuration": "Advanced configuration",
@@ -99,9 +100,9 @@
    "camera": {
      "camera": "Camera",
      "description_camera": "Camera settings are required to make a connection to your camera of choice.",
-      "only_h264": "Currently only H264 RTSP streams are supported.",
+      "only_h264": "Currently only H264/H265 RTSP streams are supported.",
      "rtsp_url": "RTSP url",
-      "rtsp_h264": "A H264 RTSP connection to your camera.",
+      "rtsp_h264": "A H264/H265 RTSP connection to your camera.",
      "sub_rtsp_url": "Sub RTSP url (used for livestreaming)",
      "sub_rtsp_h264": "A secondary RTSP connection to the low resolution of your camera.",
      "onvif": "ONVIF",
@@ -145,6 +146,8 @@
      "turn_server": "TURN server",
      "turn_username": "Username",
      "turn_password": "Password",
+      "force_turn": "Force TURN",
+      "force_turn_description": "Force TURN usage, even when STUN is available.",
      "stun_turn_forward": "Forwarding and transcoding",
      "stun_turn_description_forward": "Optimisations and enhancements for TURN/STUN communication.",
      "stun_turn_webrtc": "Forwarding to WebRTC broker",
@@ -185,6 +188,8 @@
      "description_persistence": "Having the ability to store your recordings is the beginning of everything. You can choose between our",
      "description2_persistence": ", or a 3rd party provider",
      "select_persistence": "Select a persistence",
+      "kerberoshub_encryption": "Encryption",
+      "kerberoshub_encryption_description": "All traffic from/to Kerberos Hub will encrypted using AES-256.",
      "kerberoshub_proxyurl": "Kerberos Hub Proxy URL",
      "kerberoshub_description_proxyurl": "The Proxy endpoint for uploading your recordings.",
      "kerberoshub_apiurl": "Kerberos Hub API URL",
--- a/ui/public/locales/fr/translation.json
+++ b/ui/public/locales/fr/translation.json
@@ -79,6 +79,7 @@
      "description_general": "Paramètres généraux pour votre Agent Kerberos",
      "key": "Clé",
      "camera_name": "Nom de la caméra",
+      "camera_friendly_name": "Nom convivial de la caméra",
      "timezone": "Fuseau horaire",
      "select_timezone": "Sélectionner un fuseau horaire",
      "advanced_configuration": "Configuration avancée",
@@ -98,9 +99,9 @@
    "camera": {
      "camera": "Caméra",
      "description_camera": "Les paramètres de la caméra sont requis pour établir une connexion à la caméra de votre choix.",
-      "only_h264": "Actuellement, seuls les flux RTSP H264 sont pris en charge.",
+      "only_h264": "Actuellement, seuls les flux RTSP H264/H265 sont pris en charge.",
      "rtsp_url": "URL RTSP",
-      "rtsp_h264": "Une connexion RTSP H264 à votre caméra.",
+      "rtsp_h264": "Une connexion RTSP H264/H265 à votre caméra.",
      "sub_rtsp_url": "URL RTSP secondaire (utilisé pour le direct)",
      "sub_rtsp_h264": "Une connexion RTSP secondaire vers le flux basse résolution de votre caméra.",
      "onvif": "ONVIF",
@@ -144,6 +145,8 @@
      "turn_server": "Serveur TURN",
      "turn_username": "Nom d'utilisateur",
      "turn_password": "Mot de passe",
+      "force_turn": "Forcer l'utilisation de TURN",
+      "force_turn_description": "Forcer l'utilisation de TURN au lieu de STUN",
      "stun_turn_forward": "Redirection et transcodage",
      "stun_turn_description_forward": "Optimisations et améliorations pour la communication TURN/STUN.",
      "stun_turn_webrtc": "Redirection pour l'agent WebRTC",
@@ -184,6 +187,8 @@
      "description_persistence": "Avoir la possibilité de stocker vos enregistrements est le commencement de tout. Vous pouvez choisir entre notre",
      "description2_persistence": " ou auprès d'un fournisseur tiers",
      "select_persistence": "Sélectionner une persistance",
+      "kerberoshub_encryption": "Encryption",
+      "kerberoshub_encryption_description": "All traffic from/to Kerberos Hub will encrypted using AES-256.",
      "kerberoshub_proxyurl": "URL du proxy Kerberos Hub",
      "kerberoshub_description_proxyurl": "Le point de terminaison du proxy pour téléverser vos enregistrements.",
      "kerberoshub_apiurl": "URL de l'API Kerberos Hub",
--- a/ui/public/locales/hi/translation.json
+++ b/ui/public/locales/hi/translation.json
@@ -80,6 +80,7 @@
      "description_general": "आपके Kerberos एजेंट के लिए सामान्य सेटिंग्स",
      "key": "की",
      "camera_name": "कैमरे का नाम",
+      "camera_friendly_name": "कैमरे का नाम",
      "timezone": "समय क्षेत्र",
      "select_timezone": "समयक्षेत्र चुनें",
      "advanced_configuration": "एडवांस कॉन्फ़िगरेशन",
@@ -99,9 +100,9 @@
    "camera": {
      "camera": "कैमरा",
      "description_camera": "आपकी पसंद के कैमरे से कनेक्शन बनाने के लिए कैमरा सेटिंग्स की आवश्यकता होती है।",
-      "only_h264": "वर्तमान में केवल H264 RTSP स्ट्रीम समर्थित हैं।",
+      "only_h264": "वर्तमान में केवल H264/H265 RTSP स्ट्रीम समर्थित हैं।",
      "rtsp_url": "RTSP  URL",
-      "rtsp_h264": "आपके कैमरे से H264 RTSP कनेक्शन।",
+      "rtsp_h264": "आपके कैमरे से H264/H265 RTSP कनेक्शन।",
      "sub_rtsp_url": "दुसरी RTSP URL (लाइवस्ट्रीमिंग के लिए प्रयुक्त)",
      "sub_rtsp_h264": "आपके कैमरे के कम रिज़ॉल्यूशन के लिए एक दुसरी RTSP कनेक्शन।",
      "onvif": "ONVIF",
@@ -145,6 +146,8 @@
      "turn_server": "TURN server",
      "turn_username": "उपयोगकर्ता नाम",
      "turn_password": "पासवर्ड",
+      "force_turn": "Force TURN",
+      "force_turn_description": "Force TURN usage, even when STUN is available.",
      "stun_turn_forward": "फोरवर्डींग और ट्रांसकोडिंग",
      "stun_turn_description_forward": "TURN/STUN संचार के लिए अनुकूलन और संवर्द्धन।",
      "stun_turn_webrtc": "WebRTC ब्रोकर को फोरवर्डींग किया जा रहा है",
@@ -185,6 +188,8 @@
      "description_persistence": "अपनी रिकॉर्डिंग संग्रहीत करने की क्षमता होना हर चीज़ की शुरुआत है। ",
      "description2_persistence": ", या कोई तृतीय पक्ष प्रदाता",
      "select_persistence": "एक दृढ़ता का चयन करें",
+      "kerberoshub_encryption": "Encryption",
+      "kerberoshub_encryption_description": "All traffic from/to Kerberos Hub will encrypted using AES-256.",
      "kerberoshub_proxyurl": "Kerberos हब प्रॉक्सी  URL",
      "kerberoshub_description_proxyurl": "आपकी रिकॉर्डिंग अपलोड करने के लिए प्रॉक्सी एंडपॉइंट।",
      "kerberoshub_apiurl": "Kerberos हब API  URL",
--- a/ui/public/locales/it/translation.json
+++ b/ui/public/locales/it/translation.json
@@ -80,6 +80,7 @@
      "description_general": "Impostazioni generali del Kerberos Agent",
      "key": "Chiave",
      "camera_name": "Nome videocamera",
+      "camera_friendly_name": "Nome amichevole videocamera",
      "timezone": "Fuso orario",
      "select_timezone": "Seleziona un fuso orario",
      "advanced_configuration": "Configurazione avanzata",
@@ -99,9 +100,9 @@
    "camera": {
      "camera": "Videocamera",
      "description_camera": "Le impostazioni della fotocamera sono necessarie per stabilire una connessione con la videocamera scelta.",
-      "only_h264": "Al momento sono supportati solo streams RTSP H264.",
+      "only_h264": "Al momento sono supportati solo streams RTSP H264/H265.",
      "rtsp_url": "Url RTSP",
-      "rtsp_h264": "Connessione RTSP H264 alla videocamera.",
+      "rtsp_h264": "Connessione RTSP H264/H265 alla videocamera.",
      "sub_rtsp_url": "Sub-url RTSP (per lo streaming in diretta)",
      "sub_rtsp_h264": "URL RTSP supplementare della videocamera con risoluzione inferiore per lo streaming in diretta.",
      "onvif": "ONVIF",
@@ -145,6 +146,8 @@
      "turn_server": "TURN server",
      "turn_username": "Username",
      "turn_password": "Password",
+      "force_turn": "Forza TURN",
+      "force_turn_description": "Forza l'uso di TURN per lo streaming in diretta.",
      "stun_turn_forward": "Inoltro e transcodifica",
      "stun_turn_description_forward": "Ottimizzazioni e miglioramenti per la comunicazione TURN/STUN.",
      "stun_turn_webrtc": "Inoltro al broker WebRTC",
@@ -185,6 +188,8 @@
      "description_persistence": "La possibilità di poter salvare le tue registrazioni rappresenta l'inizio di tutto. Puoi scegliere tra il nostro",
      "description2_persistence": ", oppure un provider di terze parti",
      "select_persistence": "Seleziona una persistenza",
+      "kerberoshub_encryption": "Encryption",
+      "kerberoshub_encryption_description": "All traffic from/to Kerberos Hub will encrypted using AES-256.",
      "kerberoshub_proxyurl": "URL Proxy Kerberos Hub",
      "kerberoshub_description_proxyurl": "Endpoint del Proxy per l'upload delle registrazioni.",
      "kerberoshub_apiurl": "API URL Kerberos Hub",
--- a/ui/public/locales/ja/translation.json
+++ b/ui/public/locales/ja/translation.json
@@ -80,6 +80,7 @@
      "description_general": "Kerberos エージェントの一般設定",
      "key": "鍵",
      "camera_name": "カメラ名",
+      "camera_friendly_name": "カメラのフレンドリー名",
      "timezone": "タイムゾーン",
      "select_timezone": "タイムゾーンを選択",
      "advanced_configuration": "詳細設定",
@@ -99,9 +100,9 @@
    "camera": {
      "camera": "カメラ",
      "description_camera": "選択したカメラに接続するには、カメラの設定が必要です。",
-      "only_h264": "現在、H264 RTSP ストリームのみがサポートされています。",
+      "only_h264": "現在、H264/H265 RTSP ストリームのみがサポートされています。",
      "rtsp_url": "RTSP URL",
-      "rtsp_h264": "カメラへの H264 RTSP 接続。",
+      "rtsp_h264": "カメラへの H264/H265 RTSP 接続。",
      "sub_rtsp_url": "Sub RTSP url (ライブストリーミングに使用)",
      "sub_rtsp_h264": "カメラの低解像度へのセカンダリ RTSP 接続。",
      "onvif": "ONVIF",
@@ -145,6 +146,8 @@
      "turn_server": "TURNサーバー",
      "turn_username": "ユーザー名",
      "turn_password": "パスワード",
+      "force_turn": "Force TURN",
+      "force_turn_description": "Force TURN usage, even when STUN is available.",
      "stun_turn_forward": "転送とトランスコーディング",
      "stun_turn_description_forward": "TURN/STUN 通信の最適化と機能強化。",
      "stun_turn_webrtc": "WebRTC ブローカーへの転送",
@@ -185,6 +188,8 @@
      "description_persistence": "録音を保存する機能を持つことは、すべての始まりです。",
      "description2_persistence": "、またはサードパーティのプロバイダ",
      "select_persistence": "永続性を選択",
+      "kerberoshub_encryption": "Encryption",
+      "kerberoshub_encryption_description": "All traffic from/to Kerberos Hub will encrypted using AES-256.",
      "kerberoshub_proxyurl": "Kerberos ハブ プロキシ URL",
      "kerberoshub_description_proxyurl": "記録をアップロードするためのプロキシ エンドポイント。",
      "kerberoshub_apiurl": "ケルベロス ハブ API URL",
--- a/ui/public/locales/nl/translation.json
+++ b/ui/public/locales/nl/translation.json
@@ -80,6 +80,7 @@
      "description_general": "Algemene instellingen voor jouw Kerberos Agent",
      "key": "Key",
      "camera_name": "Camera naam",
+      "camera_friendly_name": "Camera vriendelijke naam",
      "timezone": "Tijdzone",
      "select_timezone": "Selecteer uw tijdzone",
      "advanced_configuration": "Geavanceerde instellingen",
@@ -99,9 +100,9 @@
    "camera": {
      "camera": "Camera",
      "description_camera": "Camera settings are required to make a connection to your camera of choice.",
-      "only_h264": "Momenteel worden enkel H264 RTSP streams gesupporteerd",
+      "only_h264": "Momenteel worden enkel H264/H265 RTSP streams gesupporteerd",
      "rtsp_url": "RTSP url",
-      "rtsp_h264": "Een H264 RTSP connectie met jouw camera.",
+      "rtsp_h264": "Een H264/H265 RTSP connectie met jouw camera.",
      "sub_rtsp_url": "Sub RTSP url (used for livestreaming)",
      "sub_rtsp_h264": "A secondary RTSP connection to the low resolution of your camera.",
      "onvif": "ONVIF",
@@ -146,6 +147,8 @@
      "turn_server": "TURN server",
      "turn_username": "Gebruikersnaam",
      "turn_password": "Wachtwoord",
+      "force_turn": "Verplicht TURN",
+      "force_turn_description": "Verplicht TURN connectie, ook al is er een STUN connectie mogelijk.",
      "stun_turn_forward": "Doorsturen en transcoden",
      "stun_turn_description_forward": "Optimalisatie en verbetering voor TURN/STUN communicatie.",
      "stun_turn_webrtc": "Doorsturen naar een WebRTC broker",
@@ -186,6 +189,8 @@
      "description_persistence": "De mogelijkheid om jouw opnames op te slaan is het begin van alles. Je kan kiezen tussen ons",
      "description2_persistence": ", of een 3rd party provider",
      "select_persistence": "Selecteer een opslagmethode",
+      "kerberoshub_encryption": "Encryption",
+      "kerberoshub_encryption_description": "All traffic from/to Kerberos Hub will encrypted using AES-256.",
      "kerberoshub_proxyurl": "Kerberos Hub Proxy URL",
      "kerberoshub_description_proxyurl": "De Proxy url voor het opladen van jouw opnames.",
      "kerberoshub_apiurl": "Kerberos Hub API URL",
--- a/ui/public/locales/pl/translation.json
+++ b/ui/public/locales/pl/translation.json
@@ -80,6 +80,7 @@
      "description_general": "General settings for your Kerberos Agent",
      "key": "Key",
      "camera_name": "Camera name",
+      "camera_friendly_name": "Camera friendly name",
      "timezone": "Timezone",
      "select_timezone": "Select a timezone",
      "advanced_configuration": "Advanced configuration",
@@ -99,9 +100,9 @@
    "camera": {
      "camera": "Camera",
      "description_camera": "Camera settings are required to make a connection to your camera of choice.",
-      "only_h264": "Currently only H264 RTSP streams are supported.",
+      "only_h264": "Currently only H264/H265 RTSP streams are supported.",
      "rtsp_url": "RTSP url",
-      "rtsp_h264": "A H264 RTSP connection to your camera.",
+      "rtsp_h264": "A /H265 RTSP connection to your camera.",
      "sub_rtsp_url": "Sub RTSP url (used for livestreaming)",
      "sub_rtsp_h264": "A secondary RTSP connection to the low resolution of your camera.",
      "onvif": "ONVIF",
@@ -145,6 +146,8 @@
      "turn_server": "TURN server",
      "turn_username": "Username",
      "turn_password": "Password",
+      "force_turn": "Force TURN",
+      "force_turn_description": "Force TURN usage, even when STUN is available.",
      "stun_turn_forward": "Forwarding and transcoding",
      "stun_turn_description_forward": "Optimisations and enhancements for TURN/STUN communication.",
      "stun_turn_webrtc": "Forwarding to WebRTC broker",
@@ -185,6 +188,8 @@
      "description_persistence": "Having the ability to store your recordings is the beginning of everything. You can choose between our",
      "description2_persistence": ", or a 3rd party provider",
      "select_persistence": "Select a persistence",
+      "kerberoshub_encryption": "Encryption",
+      "kerberoshub_encryption_description": "All traffic from/to Kerberos Hub will encrypted using AES-256.",
      "kerberoshub_proxyurl": "Kerberos Hub Proxy URL",
      "kerberoshub_description_proxyurl": "The Proxy endpoint for uploading your recordings.",
      "kerberoshub_apiurl": "Kerberos Hub API URL",
--- a/ui/public/locales/pt/translation.json
+++ b/ui/public/locales/pt/translation.json
@@ -80,6 +80,7 @@
      "description_general": "Configurações gerais para seu agente Kerberos",
      "key": "Chave",
      "camera_name": "Nome da câmera",
+      "camera_friendly_name": "Nome amigável da câmera",
      "timezone": "Fuso horário",
      "select_timezone": "Selecione a timezone",
      "advanced_configuration": "Configurações avançadas",
@@ -99,9 +100,9 @@
    "camera": {
      "camera": "Câmera",
      "description_camera": "As configurações da câmera são necessárias para fazer uma conexão com a câmera de sua escolha.",
-      "only_h264": "Atualmente, apenas streams H264 RTSP são suportados.",
+      "only_h264": "Atualmente, apenas streams H264/H265 RTSP são suportados.",
      "rtsp_url": "Url RTSP",
-      "rtsp_h264": "Uma conexão H264 RTSP para sua câmera.",
+      "rtsp_h264": "Uma conexão H264/H265 RTSP para sua câmera.",
      "sub_rtsp_url": "Sub RTSP URL(usado para transmissão ao vivo)",
      "sub_rtsp_h264": "Uma conexão RTSP secundária para a baixa resolução de sua câmera.",
      "onvif": "ONVIF",
@@ -145,6 +146,8 @@
      "turn_server": "Servidor TURN",
      "turn_username": "Usuario",
      "turn_password": "Senha",
+      "force_turn": "Forçar TURN",
+      "force_turn_description": "Forçar o uso de TURN em vez de STUN.",
      "stun_turn_forward": "Encaminhamento e transcodificação",
      "stun_turn_description_forward": "Otimizações e melhorias para a comunicação TURN/STUN.",
      "stun_turn_webrtc": "Encaminhamento para broker WebRTC",
@@ -185,6 +188,8 @@
      "description_persistence": "Ter a capacidade de armazenar suas gravações é o começo de tudo. Você pode escolher entre nossos",
      "description2_persistence": ", ou um provedor terceirizado",
      "select_persistence": "Selecione um provedor de armazenamento",
+      "kerberoshub_encryption": "Encryption",
+      "kerberoshub_encryption_description": "All traffic from/to Kerberos Hub will encrypted using AES-256.",
      "kerberoshub_proxyurl": "Url proxy para Kerberos Hub",
      "kerberoshub_description_proxyurl": "O endpoint Proxy para enviar suas gravações.",
      "kerberoshub_apiurl": "Url de API do Kerberos Hub",
--- a/ui/public/locales/ro/translation.json
+++ b/ui/public/locales/ro/translation.json
@@ -0,0 +1,234 @@
+{
+  "breadcrumb": {
+    "watch_recordings": "Vizionează înregistrări",
+    "configure": "Configurează"
+  },
+  "buttons": {
+    "save": "Salvează",
+    "verify_connection": "Verifică conexiunea"
+  },
+  "navigation": {
+    "profile": "Profil",
+    "admin": "admin",
+    "management": "Management",
+    "dashboard": "Tablou de bord",
+    "recordings": "Înregistrări",
+    "settings": "Setări",
+    "help_support": "Ajutor & Suport",
+    "swagger": "Swagger API",
+    "documentation": "Documentație",
+    "ui_library": "Bibliotecă UI",
+    "layout": "Limbă și aspect",
+    "choose_language": "Alege limba"
+  },
+  "dashboard": {
+    "title": "Tablou de bord",
+    "heading": "Prezentare generală a supravegherii video",
+    "number_of_days": "Număr de zile",
+    "total_recordings": "Înregistrări totale",
+    "connected": "Conectat",
+    "not_connected": "Neconectat",
+    "offline_mode": "Mod offline",
+    "latest_events": "Evenimente recente",
+    "configure_connection": "Configurează conexiunea",
+    "no_events": "Niciun eveniment",
+    "no_events_description": "Nu au fost găsite înregistrări, asigurați-vă că agentul dvs. Kerberos este configurat corect.",
+    "motion_detected": "Mișcare detectată",
+    "live_view": "Vizualizare live",
+    "loading_live_view": "Se încarcă vizualizarea live",
+    "loading_live_view_description": "Așteptați, încărcăm vizualizarea dvs. live. Dacă nu ați configurat conexiunea camerei, actualizați-o în paginile de setări.",
+    "time": "Timp",
+    "description": "Descriere",
+    "name": "Nume"
+  },
+  "recordings": {
+    "title": "Înregistrări",
+    "heading": "Toate înregistrările tale într-un singur loc",
+    "search_media": "Caută media"
+  },
+  "settings": {
+    "title": "Setări",
+    "heading": "Prezentare generală a setărilor camerei și agentului",
+    "submenu": {
+      "all": "Toate",
+      "overview": "General",
+      "camera": "Camera",
+      "recording": "Înregistrare",
+      "streaming": "Streaming",
+      "conditions": "Condiții",
+      "persistence": "Persistență"
+    },
+    "info": {
+      "kerberos_hub_demo": "Aruncă o privire asupra mediului nostru de demonstrație Kerberos Hub, pentru a vedea Kerberos Hub în acțiune!",
+      "configuration_updated_success": "Configurarea ta a fost actualizată cu succes.",
+      "configuration_updated_error": "Ceva a mers prost în timpul salvării.",
+      "verify_hub": "Verificarea setărilor tale Kerberos Hub.",
+      "verify_hub_success": "Setările Kerberos Hub au fost verificate cu succes.",
+      "verify_hub_error": "Ceva a mers prost în timpul verificării Kerberos Hub.",
+      "verify_persistence": "Verificarea setărilor tale de persistență.",
+      "verify_persistence_success": "Setările de persistență au fost verificate cu succes.",
+      "verify_persistence_error": "Ceva a mers prost în timpul verificării persistenței.",
+      "verify_camera": "Verificarea setărilor tale pentru cameră.",
+      "verify_camera_success": "Setările pentru cameră au fost verificate cu succes.",
+      "verify_camera_error": "Ceva a mers prost în timpul verificării setărilor pentru cameră.",
+      "verify_onvif": "Verificarea setărilor tale ONVIF.",
+      "verify_onvif_success": "Setările ONVIF au fost verificate cu succes.",
+      "verify_onvif_error": "Ceva a mers prost în timpul verificării setărilor ONVIF."
+    },
+    "overview": {
+      "general": "General",
+      "description_general": "Setări generale pentru Agentul tău Kerberos",
+      "key": "Cheie",
+      "camera_name": "Numele camerei",
+      "camera_friendly_name": "Nume prietenos",
+      "timezone": "Fus orar",
+      "select_timezone": "Selectează un fus orar",
+      "advanced_configuration": "Configurare avansată",
+      "description_advanced_configuration": "Opțiuni detaliate de configurare pentru activarea sau dezactivarea anumitor părți ale Agentului Kerberos",
+      "offline_mode": "Mod offline",
+      "description_offline_mode": "Dezactivează tot traficul ieșit",
+      "encryption": "Criptare",
+      "description_encryption": "Activează criptarea pentru tot traficul ieșit. Mesajele MQTT și/sau înregistrările vor fi criptate folosind AES-256. O cheie privată este utilizată pentru semnare.",
+      "encryption_enabled": "Activează criptarea MQTT",
+      "description_encryption_enabled": "Activează criptarea pentru toate mesajele MQTT.",
+      "encryption_recordings_enabled": "Activează criptarea înregistrărilor",
+      "description_encryption_recordings_enabled": "Activează criptarea pentru toate înregistrările.",
+      "encryption_fingerprint": "Amprentă",
+      "encryption_privatekey": "Cheie privată",
+      "encryption_symmetrickey": "Cheie simetrică"
+    },
+    "camera": {
+      "camera": "Camera",
+      "description_camera": "Setările camerei sunt necesare pentru a face o conexiune cu camera aleasă de tine.",
+      "only_h264": "În prezent sunt suportate doar fluxurile RTSP H264/H265.",
+      "rtsp_url": "URL RTSP",
+      "rtsp_h264": "O conexiune RTSP H264/H265 la camera ta.",
+      "sub_rtsp_url": "URL RTSP secundar (folosit pentru transmisie live)",
+      "sub_rtsp_h264": "O conexiune RTSP secundară la rezoluția redusă a camerei tale.",
+      "onvif": "ONVIF",
+      "description_onvif": "Credențiale pentru comunicarea cu capabilitățile ONVIF. Acestea sunt folosite pentru funcții PTZ sau alte capabilități oferite de cameră.",
+      "onvif_xaddr": "Adresă ONVIF",
+      "onvif_username": "Nume utilizator ONVIF",
+      "onvif_password": "Parolă ONVIF",
+      "verify_connection": "Verifică conexiunea",
+      "verify_sub_connection": "Verifică conexiunea secundară"
+    },
+    "recording": {
+      "recording": "Înregistrare",
+      "description_recording": "Specificați cum doriți să realizați înregistrări. Puteți avea o configurație continuă 24/7 sau înregistrări bazate pe mișcare.",
+      "continuous_recording": "Înregistrare continuă",
+      "description_continuous_recording": "Realizați înregistrări 24/7 sau bazate pe mișcare.",
+      "max_duration": "durata maximă a videoclipului (secunde)",
+      "description_max_duration": "Durata maximă a unei înregistrări.",
+      "pre_recording": "pre-înregistrare (cadre cheie tamponate)",
+      "description_pre_recording": "Secunde înainte de producerea unui eveniment.",
+      "post_recording": "post-înregistrare (secunde)",
+      "description_post_recording": "Secunde după producerea unui eveniment.",
+      "threshold": "Prag de înregistrare (pixeli)",
+      "description_threshold": "Numărul de pixeli modificați pentru a înregistra.",
+      "autoclean": "Curățare automată",
+      "description_autoclean": "Specificați dacă Agentul Kerberos poate curăța automat înregistrările când se atinge o anumită capacitate de stocare (MB). Se vor șterge cele mai vechi înregistrări când se atinge capacitatea specificată.",
+      "autoclean_enable": "Activează curățarea automată",
+      "autoclean_description_enable": "Șterge cele mai vechi înregistrări când capacitatea este atinsă.",
+      "autoclean_max_directory_size": "Dimensiunea maximă a directorului (MB)",
+      "autoclean_description_max_directory_size": "Maximum de MB stocați în înregistrări.",
+      "fragmentedrecordings": "Înregistrări fragmentate",
+      "description_fragmentedrecordings": "Când înregistrările sunt fragmentate, sunt potrivite pentru un flux HLS. Când este activat, containerul MP4 va arăta puțin diferit.",
+      "fragmentedrecordings_enable": "Activează fragmentarea",
+      "fragmentedrecordings_description_enable": "Înregistrările fragmentate sunt necesare pentru HLS.",
+      "fragmentedrecordings_duration": "durata fragmentului",
+      "fragmentedrecordings_description_duration": "Durata unui singur fragment."
+    },
+    "streaming": {
+      "stun_turn": "STUN/TURN pentru WebRTC",
+      "description_stun_turn": "Pentru transmisii live la rezoluție completă folosim conceptul WebRTC. Una dintre capabilitățile cheie este funcționalitatea ICE-candidate, care permite traversarea NAT folosind conceptele STUN/TURN.",
+      "stun_server": "Server STUN",
+      "turn_server": "Server TURN",
+      "turn_username": "Nume utilizator",
+      "turn_password": "Parolă",
+      "force_turn": "Forțează TURN",
+      "force_turn_description": "Utilizează TURN în mod forțat, chiar și atunci când STUN este disponibil.",
+      "stun_turn_forward": "Redirecționare și transcodare",
+      "stun_turn_description_forward": "Optimizări și îmbunătățiri pentru comunicarea TURN/STUN.",
+      "stun_turn_webrtc": "Redirecționare către broker WebRTC",
+      "stun_turn_description_webrtc": "Redirecționare flux h264 prin MQTT",
+      "stun_turn_transcode": "Transcodare flux",
+      "stun_turn_description_transcode": "Convertire flux la o rezoluție mai mică",
+      "stun_turn_downscale": "Scădere rezoluție (în % din rezoluția originală)",
+      "mqtt": "MQTT",
+      "description_mqtt": "Un broker MQTT este utilizat pentru comunicare de la",
+      "description2_mqtt": "către Agentul Kerberos, pentru a realiza, de exemplu, transmisiuni live sau capabilități ONVIF (PTZ).",
+      "mqtt_brokeruri": "URI broker MQTT",
+      "mqtt_username": "Nume utilizator",
+      "mqtt_password": "Parolă",
+      "realtimeprocessing": "Procesare în timp real",
+      "description_realtimeprocessing": "Prin activarea procesării în timp real, veți primi cadre cheie video în timp real prin conexiunea MQTT specificată mai sus.",
+      "realtimeprocessing_topic": "Topic pentru publicare",
+      "realtimeprocessing_enabled": "Activează procesarea în timp real",
+      "description_realtimeprocessing_enabled": "Trimite cadre video în timp real prin MQTT."
+    },
+    "conditions": {
+      "timeofinterest": "Timpul de Interes",
+      "description_timeofinterest": "Realizează înregistrări doar între intervale de timp specifice (bazate pe fusul orar).",
+      "timeofinterest_enabled": "Activat",
+      "timeofinterest_description_enabled": "Dacă este activat, puteți specifica intervale de timp",
+      "sunday": "Duminică",
+      "monday": "Luni",
+      "tuesday": "Marți",
+      "wednesday": "Miercuri",
+      "thursday": "Joi",
+      "friday": "Vineri",
+      "saturday": "Sâmbătă",
+      "externalcondition": "Condiție Externă",
+      "description_externalcondition": "În funcție de un serviciu web extern, înregistrarea poate fi activată sau dezactivată.",
+      "regionofinterest": "Regiunea de Interes",
+      "description_regionofinterest": "Prin definirea unei sau mai multor regiuni, mișcarea va fi urmărită doar în regiunile pe care le-ați definit."
+    },
+    "persistence": {
+      "kerberoshub": "Kerberos Hub",
+      "description_kerberoshub": "Agenta Kerberos poate trimite semnale de puls către o",
+      "description2_kerberoshub": "instalație centrală. Semnalele de puls și alte informații relevante sunt sincronizate cu Kerberos Hub pentru a afișa informații în timp real despre peisajul video.",
+      "persistence": "Persistență",
+      "saasoffering": "Kerberos Hub (ofertă SAAS)",
+      "description_persistence": "Capacitatea de a stoca înregistrările este începutul fiecărei",
+      "description2_persistence": ", sau de la un furnizor terț",
+      "select_persistence": "Selectați o persistență",
+      "kerberoshub_encryption": "Criptare",
+      "kerberoshub_encryption_description": "Tot traficul de la/spre Kerberos Hub va fi criptat folosind AES-256.",
+      "kerberoshub_proxyurl": "URL Proxy Kerberos Hub",
+      "kerberoshub_description_proxyurl": "Punctul final Proxy pentru încărcarea înregistrărilor tale.",
+      "kerberoshub_apiurl": "URL API Kerberos Hub",
+      "kerberoshub_description_apiurl": "Punctul final API pentru încărcarea înregistrărilor tale.",
+      "kerberoshub_publickey": "Cheie publică",
+      "kerberoshub_description_publickey": "Cheia publică acordată contului tău Kerberos Hub.",
+      "kerberoshub_privatekey": "Cheie privată",
+      "kerberoshub_description_privatekey": "Cheia privată acordată contului tău Kerberos Hub.",
+      "kerberoshub_site": "Site",
+      "kerberoshub_description_site": "ID-ul site-ului la care aparțin Agenta Kerberos în Kerberos Hub.",
+      "kerberoshub_region": "Regiune",
+      "kerberoshub_description_region": "Regiunea în care sunt stocate înregistrările noastre.",
+      "kerberoshub_bucket": "Bucket",
+      "kerberoshub_description_bucket": "Bucket-ul în care sunt stocate înregistrările noastre.",
+      "kerberoshub_username": "Nume utilizator/Director (trebuie să se potrivească cu numele de utilizator Kerberos Hub)",
+      "kerberoshub_description_username": "Numele de utilizator al contului tău Kerberos Hub.",
+      "kerberosvault_apiurl": "URL API Kerberos Vault",
+      "kerberosvault_description_apiurl": "API-ul Kerberos Vault",
+      "kerberosvault_provider": "Furnizor",
+      "kerberosvault_description_provider": "Furnizorul către care vor fi trimise înregistrările tale.",
+      "kerberosvault_directory": "Director (trebuie să se potrivească cu numele de utilizator Kerberos Hub)",
+      "kerberosvault_description_directory": "Subdirectorul în care vor fi stocate înregistrările la furnizorul tău.",
+      "kerberosvault_accesskey": "Cheie de acces",
+      "kerberosvault_description_accesskey": "Cheia de acces a contului tău Kerberos Vault.",
+      "kerberosvault_secretkey": "Cheie secretă",
+      "kerberosvault_description_secretkey": "Cheia secretă a contului tău Kerberos Vault.",
+      "dropbox_directory": "Director",
+      "dropbox_description_directory": "Subdirectorul în care vor fi stocate înregistrările în contul tău Dropbox.",
+      "dropbox_accesstoken": "Token de acces",
+      "dropbox_description_accesstoken": "Tokenul de acces al contului/aplicației tale Dropbox.",
+      "verify_connection": "Verifică conexiunea",
+      "remove_after_upload": "Odată ce înregistrările sunt încărcate într-o persistență, este posibil să doriți să le ștergeți de pe Agenta Kerberos locală.",
+      "remove_after_upload_description": "Ștergeți înregistrările după ce sunt încărcate cu succes.",
+      "remove_after_upload_enabled": "Ștergere activată la încărcare"
+    }
+  }
+}
--- a/ui/public/locales/ru/translation.json
+++ b/ui/public/locales/ru/translation.json
@@ -80,6 +80,7 @@
      "description_general": "Общие настройки Kerberos Agent",
      "key": "Ключ",
      "camera_name": "Название камеры",
+      "camera_friendly_name": "Дружественное название камеры",
      "timezone": "Часовой пояс",
      "select_timezone": "Выберите часовой пояс",
      "advanced_configuration": "Расширенные настройки",
@@ -99,9 +100,9 @@
    "camera": {
      "camera": "Камера",
      "description_camera": "Настройки камеры необходимы для установки соединения с выбранной камерой.",
-      "only_h264": "В настоящее время поддерживаются только потоки H264 RTSP.",
+      "only_h264": "В настоящее время поддерживаются только потоки H264/H265 RTSP.",
      "rtsp_url": "Адрес основного потока RTSP",
-      "rtsp_h264": "Подключение к камере по протоколу H264 RTSP.",
+      "rtsp_h264": "Подключение к камере по протоколу H264/H265 RTSP.",
      "sub_rtsp_url": "Адрес дополнительного потока RTSP (используется для прямой трансляции)",
      "sub_rtsp_h264": "Дополнительное RTSP-соединение с низким разрешением камеры.",
      "onvif": "ONVIF",
@@ -145,6 +146,8 @@
      "turn_server": "TURN сервер",
      "turn_username": "Имя пользователя",
      "turn_password": "Пароль",
+      "force_turn": "Force TURN",
+      "force_turn_description": "Force TURN usage, even when STUN is available.",
      "stun_turn_forward": "Переадресация и транскодирование",
      "stun_turn_description_forward": "Оптимизация и усовершенствование связи TURN/STUN.",
      "stun_turn_webrtc": "Переадресация на WebRTC-брокера",
@@ -185,6 +188,8 @@
      "description_persistence": "Возможность хранения записей - это начало всего. Вы можете выбрать один из наших вариантов",
      "description2_persistence": ", или стороннего провайдера",
      "select_persistence": "Выберите хранилище",
+      "kerberoshub_encryption": "Encryption",
+      "kerberoshub_encryption_description": "All traffic from/to Kerberos Hub will encrypted using AES-256.",
      "kerberoshub_proxyurl": "Kerberos Hub Proxy URL",
      "kerberoshub_description_proxyurl": "Конечная точка Proxy для загрузки записей.",
      "kerberoshub_apiurl": "Kerberos Hub API URL",
--- a/ui/public/locales/zh/translation.json
+++ b/ui/public/locales/zh/translation.json
@@ -80,6 +80,7 @@
      "description_general": "Kerberos Agent 常规设置",
      "key": "Key",
      "camera_name": "相机名称",
+      "camera_friendly_name": "相机友好名称",
      "timezone": "时区",
      "select_timezone": "选择时区",
      "advanced_configuration": "高级配置",
@@ -99,9 +100,9 @@
    "camera": {
      "camera": "相机",
      "description_camera": "需要相机设置才能连接到您选择的相机。",
-      "only_h264": "目前仅支持 H264 RTSP 流。",
+      "only_h264": "目前仅支持 H264/H265 RTSP 流。",
      "rtsp_url": "RTSP 网址",
-      "rtsp_h264": "与摄像机的 H264 RTSP 连接。",
+      "rtsp_h264": "与摄像机的 H264/H265 RTSP 连接。",
      "sub_rtsp_url": "子 RTSP 网址（用于直播）",
      "sub_rtsp_h264": "与低分辨率相机的辅助 RTSP 连接。",
      "onvif": "ONVIF",
@@ -145,6 +146,8 @@
      "turn_server": "TURN 服务",
      "turn_username": "账户",
      "turn_password": "密码",
+      "force_turn": "Force TURN",
+      "force_turn_description": "Force TURN usage, even when STUN is available.",
      "stun_turn_forward": "转发和转码",
      "stun_turn_description_forward": "TURN/STUN 通信的优化和增强。",
      "stun_turn_webrtc": "转发到 WebRTC 代理",
@@ -185,6 +188,8 @@
      "description_persistence": "能够存储您的录像是一切的开始。您可以在我们的",
      "description2_persistence": ", 或第三方提供商之间进行选择。",
      "select_persistence": "选择持久化存储",
+      "kerberoshub_encryption": "Encryption",
+      "kerberoshub_encryption_description": "All traffic from/to Kerberos Hub will encrypted using AES-256.",
      "kerberoshub_proxyurl": "Kerberos Hub 代理 URL",
      "kerberoshub_description_proxyurl": "用于上传您录像的代理端点",
      "kerberoshub_apiurl": "Kerberos Hub API URL",
--- a/ui/src/App.jsx
+++ b/ui/src/App.jsx
@@ -100,7 +100,7 @@ class App extends React.Component {
          </div>
        )}
        <div id="page-root">
-          <Sidebar logo={logo} title="Kerberos Agent" version="v1-beta" mobile>
+          <Sidebar logo={logo} title="Kerberos Agent" version="v3.1.8" mobile>
            <Profilebar
              username={username}
              email="support@kerberos.io"
--- a/ui/src/actions/agent.js
+++ b/ui/src/actions/agent.js
@@ -53,9 +53,9 @@ export const verifyOnvif = (config, onSuccess, onError) => {
        }
      },
      (error) => {
-        const { message } = error;
+        const { data } = error;
        if (onError) {
-          onError(message);
+          onError(data);
        }
      }
    );
--- a/ui/src/api/agent.js
+++ b/ui/src/api/agent.js
@@ -92,7 +92,7 @@ export function doVerifyHub(config, onSuccess, onError) {
 }

 export function doVerifyOnvif(config, onSuccess, onError) {
-  const endpoint = API.post(`onvif/verify`, {
+  const endpoint = API.post(`camera/onvif/verify`, {
    ...config,
  });
  endpoint
--- a/ui/src/components/ImageCanvas/ImageCanvas.jsx
+++ b/ui/src/components/ImageCanvas/ImageCanvas.jsx
@@ -7,6 +7,9 @@ import './ImageCanvas.css';

 class ImageCanvas extends React.Component {
  componentDidMount() {
+    this.width = 0;
+    this.height = 0;
+
    this.loadImage = this.loadImage.bind(this);
    this.generateRandomTagsDescriptor =
      this.generateRandomTagsDescriptor.bind(this);
@@ -55,14 +58,27 @@ class ImageCanvas extends React.Component {

    const { image } = this.props;
    this.loadImage(image, (img) => {
-      this.loadData(img);
+      if (this.width !== img.width || this.height !== img.height) {
+        this.width = img.width;
+        this.height = img.height;
+        this.loadData(img);
+      } else {
+        this.editor.addContentSource(img);
+      }
    });
  }

  componentDidUpdate() {
    const { image } = this.props;
    this.loadImage(image, (img) => {
-      this.loadData(img);
+      if (this.width !== img.width || this.height !== img.height) {
+        this.width = img.width;
+        this.height = img.height;
+        this.loadData(img);
+      } else {
+        // alert('ok');
+        this.editor.addContentSource(img);
+      }
    });
  }

--- a/ui/src/components/LanguageSelect/LanguageSelect.jsx
+++ b/ui/src/components/LanguageSelect/LanguageSelect.jsx
@@ -26,6 +26,7 @@ const LanguageSelect = () => {
    ja: { label: '日本', dir: 'rlt', active: false },
    hi: { label: 'हिंदी', dir: 'ltr', active: false },
    ru: { label: 'Русский', dir: 'ltr', active: false },
+    ro: { label: 'Română', dir: 'ltr', active: false },
  };

  if (!languageMap[selected]) {
--- a/ui/src/i18n.js
+++ b/ui/src/i18n.js
@@ -14,7 +14,7 @@ i18n
      escapeValue: false,
    },
    load: 'languageOnly',
-    whitelist: ['de', 'en', 'nl', 'fr', 'pl', 'es', 'pt', 'ja', 'ru'],
+    whitelist: ['de', 'en', 'nl', 'fr', 'pl', 'es', 'pt', 'ja', 'ru', 'ro'],
  });

 export default i18n;
--- a/Show More
+++ b/Show More