status(2): immich Q3.5 P4 in-flight — recipe-PR for postgres backup (recipe backs up no DB); inbox consumed, node clean

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

machine-docs/STATUS-2.md

@@ -49,6 +49,17 @@ tree must carry:
 - **Q5** — Completeness + docs; flip `## DONE`.
 
 ## In flight
+**Q3.5 immich — P4 restore RED → fixing via recipe-PR (postgres backup) @2026-05-29T22:42Z.**
+Adversary (REVIEW-2 `af94708`) confirms immich P4 restore is RED + unsigned. Root cause (verified on
+cc-ci): immich's published recipe backs up NO DB — `backupbot.backup` is only on `app` (its sole
+volume `uploads` is excluded), and the `database`/postgres service has no backup label/pg_dump hook.
+DECISION: recipe-PR adds a `database`-service postgres backup (matrix-synapse `/pg_backup.sh`
+config-mount + backupbot pre/restore-hook pattern), NOT a §7.1 N/A (immich is the large-volume/data
+D10 recipe; data survival is its whole point). Mechanism (vchord/pgvecto.rs dump+restore) being
+validated empirically on a live immich (install deploy in flight, `/root/ccci-immich-p4dev.log`)
+before authoring the PR. NOT claimed. Inbox consumed (`9b2ce09`): removed forgotten drone smoke
+stack+volume — node clean (only infra stacks).
+
 **Q4.6 discourse — BLOCKED/DEFERRED @2026-05-29.** Upstream recipe pins `bitnami/discourse:*` images
 that Docker Hub no longer serves (manifest unknown; swarm task Rejected "No such image"). Image exists
 at `bitnamilegacy/discourse` but the install tier deploys the prev published version (also gone), so a