From 0487631bac361bbbb9162a436309500f7271ef1d Mon Sep 17 00:00:00 2001
From: autonomic-bot <maxf.account@proton.me>
Date: Sat, 30 May 2026 00:20:48 +0100
Subject: [PATCH] =?UTF-8?q?claim(Q3.5):=20immich=20full=20lifecycle=20GREE?=
 =?UTF-8?q?N=20=E2=80=94=20P4=20fixed=20via=20recipe-PR=20recipe-maintaine?=
 =?UTF-8?q?rs/immich#1=20(recipe=20backed=20up=20NO=20database);=205=20tie?=
 =?UTF-8?q?rs=20+=203=20custom=20pass,=20deploy-count=3D1,=20clean=20teard?=
 =?UTF-8?q?own?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 machine-docs/STATUS-2.md | 81 ++++++++++++++++++++++++++++++----------
 1 file changed, 61 insertions(+), 20 deletions(-)

diff --git a/machine-docs/STATUS-2.md b/machine-docs/STATUS-2.md
index 6344590..f74b293 100644
--- a/machine-docs/STATUS-2.md
+++ b/machine-docs/STATUS-2.md
@@ -49,26 +49,10 @@ tree must carry:
 - **Q5** — Completeness + docs; flip `## DONE`.
 
 ## In flight
-**Q3.5 immich — P4 restore RED → fixing via recipe-PR (postgres backup) @2026-05-29T22:42Z.**
-Adversary (REVIEW-2 `af94708`) confirms immich P4 restore is RED + unsigned. Root cause (verified on
-cc-ci): immich's published recipe backs up NO DB — `backupbot.backup` is only on `app` (its sole
-volume `uploads` is excluded), and the `database`/postgres service has no backup label/pg_dump hook.
-DECISION: recipe-PR adds a `database`-service postgres backup (matrix-synapse `/pg_backup.sh`
-config-mount + backupbot pre/restore-hook pattern), NOT a §7.1 N/A (immich is the large-volume/data
-D10 recipe; data survival is its whole point).
-- **Mechanism VALIDATED** empirically on a live immich `database` container: seed ci_marker →
-  `/pg_backup.sh backup` (pg_dump|gzip→backup.sql, 16.7MB) → drop → `/pg_backup.sh restore`
-  (terminate conns + DROP DATABASE FORCE + createdb + reimport) → **ci_marker=original survives,
-  vchord+vector extensions intact (2/2), immich-server reconnects + serves /api/server/version**.
-- **Recipe-PR opened:** `recipe-maintainers/immich#1` (mirror created + synced from upstream
-  coop-cloud/immich main@7eb3937a + all 14 tags), branch `ci/pg-backup`, head
-  `a846cf38dc14430d0d1b95553ce9c3c42e3b348a`. Adds `pg_backup.sh`, `abra.sh`
-  (PG_BACKUP_VERSION=v1), and `compose.yml` database-service backupbot hooks + config-mount.
-- **Full-lifecycle run IN FLIGHT** against the PR head:
-  `RECIPE=immich PR=1 REF=a846cf38… SRC=recipe-maintainers/immich` → `/root/ccci-immich-prbackup.log`.
-  EXPECTED: install/upgrade/backup/restore/custom all pass; restore tier `test_restore_returns_state`
-  now GREEN (ci_marker survives the recipe's real backup→restore). NOT yet claimed.
-Inbox consumed (`9b2ce09`): removed forgotten drone smoke stack+volume — node clean.
+**Q3.5 immich — ✅ FULL LIFECYCLE GREEN @2026-05-30 — CLAIMED (see ## Gate Q3.5), awaiting Adversary.**
+P4 restore gap (recipe backed up NO DB) fixed via recipe-PR `recipe-maintainers/immich#1`; all 5 tiers
++ 3 custom green, deploy-count=1, clean teardown; log `/root/ccci-immich-prfull.log`. Inbox consumed
+(`9b2ce09`): removed forgotten drone smoke stack+volume — node clean.
 
 **Q4.6 discourse — BLOCKED/DEFERRED @2026-05-29.** Upstream recipe pins `bitnami/discourse:*` images
 that Docker Hub no longer serves (manifest unknown; swarm task Rejected "No such image"). Image exists
@@ -210,6 +194,63 @@ SKIP no longer yields a GREEN `!testme`.
 
 ## Gate
 
+**Gate: Q3.5 immich — CLAIMED @2026-05-30, awaiting Adversary.**
+
+**WHAT.** immich (D10 object-storage / large-volume photo+video manager; self-contained: app +
+machine-learning + redis + postgres) runs its **full lifecycle GREEN** — install + upgrade (real
+prev→PR-head crossover) + backup + restore + custom — with the **P4 data-integrity gap fixed via
+recipe-PR `recipe-maintainers/immich#1`**.
+- **P4 (headline):** the *published* immich recipe backs up **NO database** (`backupbot.backup` only
+  on the `app` service, all its volumes excluded; the `database`/postgres service unlabeled, no
+  pg_dump hook) → a restore yielded an empty DB (silent total-metadata-loss bug). recipe-PR #1 adds a
+  `database`-service postgres backup (matrix-synapse `/pg_backup.sh` config-mount + backupbot
+  pre/restore hooks). With it the postgres `ci_marker` survives the recipe's real backup→restore:
+  `tests/immich/test_restore.py::test_restore_returns_state` **PASS (was RED)**. The VectorChord
+  (vchord+vector) extensions + all tables round-trip; immich-server reconnects after the FORCE-drop.
+- **P2 parity:** `health_check.py` → `functional/test_health_check.py`. `oidc_login.py` is
+  authentik-specific → documented non-port (PARITY.md; operator SSO policy: keycloak default, immich
+  OIDC optional, immich + the §4.3 asset flow work with a local admin and no SSO).
+- **P3 (≥2 SEPARATE recipe-specific functional tests):** `functional/test_asset_upload.py` (§4.3
+  create-an-object: upload asset `POST /api/assets` → read back `GET /api/assets/{id}` IMAGE →
+  thumbnail derivative `GET .../thumbnail`) + `functional/test_asset_processing.py` (a DISTINCT
+  microservice path: poll until metadata-extraction populates `exifInfo` 1x1 dims, then
+  `GET /api/assets/statistics` shows the asset catalogued — images/total≥1).
+- **P5/P6 N/A:** immich self-contained (no deps); characteristic behaviour covered functionally via
+  the API (upload/derivative/metadata/catalog), no browser-only UX owed.
+
+**HOW (Adversary, cold, on cc-ci):**
+```
+ssh cc-ci 'cd /root/<your-clone> && git pull && RECIPE=immich PR=1 \
+  REF=a846cf38dc14430d0d1b95553ce9c3c42e3b348a SRC=recipe-maintainers/immich \
+  cc-ci-run runner/run_recipe_ci.py'
+```
+(the private mirror clone authenticates via the bridge gitea token fallback
+`/run/secrets/bridge_gitea_token` — no GITEA_TOKEN env needed.)
+
+**EXPECTED:**
+- RUN SUMMARY: `deploy-count = 1 (expect 1)`; `install/upgrade/backup/restore/custom` **all pass**.
+- Upgrade: `upgrade→PR-head: head_ref=a846cf38 chaos-version=a846cf38 version=1.5.1+v2.6.3→
+  1.6.0+v2.7.5` (HC1, real crossover; head_ref==chaos-version).
+- Restore: `tests/immich/test_restore.py::test_restore_returns_state PASSED` (P4 — ci_marker survives
+  the recipe's DB backup→restore; without the recipe-PR this is RED).
+- Custom — **3 PASS**: `test_immich_processes_uploaded_asset_metadata_and_statistics`,
+  `test_immich_upload_asset_readback_and_thumbnail`, `test_immich_returns_200`.
+- Clean teardown: post-run no `immi-*` stack/volumes/secrets.
+- The fix is the recipe-PR diff: `recipe-maintainers/immich#1` (head a846cf38) adds `pg_backup.sh`,
+  `abra.sh` (PG_BACKUP_VERSION=v1), `compose.yml` database-service backupbot hooks + config-mount.
+  (Negative control: `RECIPE=immich PR=0` — published recipe, no fix — restore tier FAILs
+  `relation "ci_marker" does not exist`, the bug this PR repairs.)
+
+**WHERE.** recipe-PR `recipe-maintainers/immich#1`, branch `ci/pg-backup`, head
+`a846cf38dc14430d0d1b95553ce9c3c42e3b348a` (mirror synced from upstream coop-cloud/immich
+main@7eb3937a + 14 tags). cc-ci tests: `tests/immich/{recipe_meta.py,PARITY.md,ops.py,test_install.py,
+test_backup.py,test_restore.py,functional/{test_health_check.py,test_asset_upload.py,
+test_asset_processing.py}}`. cc-ci commit `ecd770b` (P3 2nd test + PARITY + DECISIONS). DECISIONS.md
+"immich postgres backup recipe-PR". Authoritative log `/root/ccci-immich-prfull.log` (all 5 tiers + 3
+custom green, deploy-count=1, clean teardown). Mechanism-validation detail in JOURNAL-2.
+
+---
+
 **Gate: Q4.9 mailu — ✅ Adversary PASS @2026-05-29 (REVIEW-2 `2958eb6`).** Cold first-hand full
 lifecycle GREEN ×2: deploy-count=1, real upgrade crossover 3.0.0→3.0.1 (head_ref==chaos-version),
 2 non-vacuous P3 (unique-mailbox create→read-back + unique-marker postfix→dovecot delivery), clean