Tags

Tags give the ability to mark specific points in history as being important

  • v0.5.0

    protected
    e9b0ced1 · chore: bump catalog includes to @2.0.3 (cosign auth fix) ·
    Release: bairn v0.5.0 
    v0.5.0 - rebase onto pipeline 2.0.3 catalog overhaul

Switches all catalog includes to the v2.0.x catalog overhaul.
Container build collapses to a thin runtime layer over UBI micro
9.6 with the cosign-signed binary COPYd from go-release-binary's
dist/ output (provable byte-for-byte parity).

Multi-arch binary set: linux/amd64, linux/arm64, darwin/arm64.
Per-binary .sha256 sidecars. Container image is single-arch in
v0.5.0; multi-arch container in v0.5.1 once storr qemu support is
verified.

Lint hygiene: three hits previously masked by the v1.x catalog
docker.io/golangci-lint allow_failure pattern, all fixed.

CI: workflow:auto_cancel for MR pushes; smoke-immich and
drift-gate-immich moved off tag rules to web/api triggers only
(local make pre-tag-check is the actual tag-time gate for the
operator).

No user-facing CLI changes. The binary, archive format, and flags
are identical to v0.4.6.

See CHANGELOG.md for full notes.

  • v0.4.6

    protected
    1eec1f6a · chore: bump version to 0.4.6 ·
    Release: bairn v0.4.6 
    v0.4.6 - bairn smoke immich + write-side contract gate

Adds a real round-trip Immich smoke that verifies the upload
contract end-to-end: login, mint ephemeral API key, upload tiny
JPEG via the production sink/immich code path, assert created,
delete asset, delete API key. ~5 HTTP calls per run, ~250ms.

Catches what a vendored OpenAPI spec or an upstream zod schema
cannot: controller-layer wire-contract enforcement (the
deviceId / deviceAssetId class-validator decorators that produce
HTTP 400 on Immich >= v2.7.5 when omitted). v0.4.3 + v0.4.4
shipped without this gate and broke uploads; both have been
pulled. v0.4.6 is the first release with the gate.

Local invocation: `make pre-tag-check` runs unit tests + the
live smoke against an operator-configured Immich. CI runs the
same smoke as a job (allow_failure: true until the runner can
reliably reach the configured Immich host).

Reads IMMICH_BAIRN_HOST / IMMICH_BAIRN_USER / IMMICH_BAIRN_PASSWORD
or falls back to IMMICH_BASE_URL / IMMICH_API_KEY.

  • v0.4.5

    protected
    d9660c2e · fix: restore deviceId/deviceAssetId; vendored spec lies (v0.4.5) ·
    Release: bairn v0.4.5 
    v0.4.5 - restore deviceId/deviceAssetId for live Immich (v2.7.5+)

Reverts v0.4.3's drop of deviceId / deviceAssetId on the Immich
upload. Andrew DeJong reproduced v0.4.3 failing on his actual
Immich v2.7.5 (MR !2): the live server enforces both fields even
though they are absent from the vendored OpenAPI spec.

The vendored spec at api/immich/openapi.json (sourced from
immich-app/immich/main) does not model AssetMediaBase and lists
neither field on AssetMediaCreateDto. The server enforces them
anyway. v0.4.3 trusted the spec; this release trusts the server.

Lesson logged in the commit body: the spec is not the source of
truth for write-side contracts. v0.4.6 will add a write-side smoke
test against a live Immich (in CI when IMMICH_BASE_URL +
IMMICH_API_KEY are set; locally otherwise) so the next contract
drift fails the release pipeline before binaries ship.

Apologies for the v0.4.0 add -> v0.4.3 remove -> v0.4.5 re-add
cycle. The smoke is the durable answer.

  • v0.4.2

    protected
    47abd9a1 · fix: UX guardrails for silent zero-result traps (v0.4.2) ·
    Release: bairn v0.4.2 
    v0.4.2 - dep bumps + UX guardrails for silent zero-result traps

Two strands rolled together:

Renovate dep bumps (auto-merged into main via MR !3):
- catalog v1.6.0 -> v1.7.0 across 7 includes (claude-drift-triage,
  go-audit, go-build, go-release-binary, go-sbom, slsa-attest,
  release-create)
- github.com/BurntSushi/toml v1.3.2 -> v1.6.0
- golang.org/x/sys v0.43.0 -> v0.44.0
- golang.org/x/term v0.42.0 -> v0.43.0

UX guardrails - five Andy-shaped traps fixed:
- Trap A: --source=tagged|liked with empty children/logins now
  errors with exit 2 instead of running the fetch and saving zero.
- Trap B: bairn drift --diff <empty dir> now exits 2 with a
  seeding hint instead of looking like a healthy gate that's
  actually a passthrough.
- Trap C: source-matching images inside system-generated posts
  count toward Result.SystemPostsFiltered; visible in the
  fetch-complete log so operators see what --include-system-posts
  would unlock.
- Trap D: a filtered source (tagged|liked) that walked pages but
  matched nothing now logs an explicit warn with a hint at the
  most likely cause (--max-pages too low).
- Trap E: bairn login displays the email used to authenticate
  when me.Email comes back empty.

Audit triggered by Andrew DeJong's MRs !1+!2 surfacing the
--feed-all default-true / --feed-tagged silent-override trap. The
--source enum that replaced it (v0.4.0) is the same shape of fix
applied estate-wide.

  • v0.4.1

    protected
    e7ecbd53 · fix: allow main-immich/ baseline dir + README through nested .gitignore ·
    Release: bairn v0.4.1 
    v0.4.1 - Immich drift gate (multi-vendor)

Mirrors the Famly drift design against the operator's Immich
server. Tag-push only, manifest + baseline committed, anonymize
for cardinality, struct-allowlist when Immich endpoints get bound
to typed structs (currently full-shape; see drift_schemas.go).

New: discovery/probe/manifest-immich.toml, discovery/baselines/
main-immich/, drift-gate-immich CI job (allow_failure: true so
forkers without IMMICH_BASE_URL/IMMICH_API_KEY are not blocked).

Drift command made vendor-agnostic: env-expanded base_url, per-
vendor token resolution keyed off m.AuthEnv, validation moved
into Probe and runDrift's vendor branches.

Operator next steps:
  1. Set IMMICH_BASE_URL + IMMICH_API_KEY as masked + protected
     CI variables on dunn.dev/bairn.
  2. Locally seed the baseline:
     bairn drift --anonymize \\
       --manifest discovery/probe/manifest-immich.toml \\
       --out-dir discovery/baselines/main-immich
  3. Commit + push the seeded shapes; the next tag pipeline gates
     on them.

  • v0.3.1

    protected
    f0b94174 · chore: bump catalog includes to v1.6.0; consume ci-go image ·
    Release: bairn v0.3.1 
    v0.3.1 - catalog v1.6.0 / ci-go consumer

Behavioral change: none. Routine bump consuming the catalog's new
ci-go pre-baked builder image. Verifies ci-go end-to-end:
- go-build (branch jobs): pulls ci-go for cross-compile
- go-release-binary (tag): pulls ci-go for cross-compile + cosign sign
- go-audit (lint stage): pulls ci-go, govulncheck pre-installed
- go-sbom (tag): pulls ci-go, syft pre-installed
- slsa-attest (tag): pulls ci-go, cosign pre-installed
- bairn-side test + drift-gate: also flipped to ci-go

Authenticated pull from registry.gitlab.com replaces v0.3.0's
mirror.gcr.io stopgap.

  • v0.3.0

    protected
    df64352c · ci: bump catalog includes v1.5.2 -> v1.5.3 (mirror.gcr.io defaults) ·
    Release: bairn v0.3.0 
    v0.3.0 - drift signatures scoped to bairn's typed decode surface (re-tagged at same SHA to verify catalog v1.5.3 release-create + upload-release-assets upsert PUT paths; release contents identical to first push)

  • v0.2.5

    protected
    6c0c701d · discovery: seed bairn drift baseline; drop relations from manifest (v0.2.5) ·
    Release: bairn v0.2.5 
    v0.2.5 - drift baseline seeded; manifest scoped to no-param endpoints

Commits the first real bairn drift baseline at
discovery/baselines/main/ (me + feed-page1, anonymized
keys-only signatures). The drift-gate stage in CI now diffs
against this baseline on every tag and fails the pipeline if
Famly's response shapes have moved.

Drops /api/v2/relations from the drift manifest: it requires
operator-private ?childId param. Relation shape continues to be
covered by the typed unmarshal in api/famly/me.go on every real
fetch.

No binary behaviour change beyond version reporting.

Posture and conditions of use unchanged: NOTICE.md.

  • v0.2.4

    protected
    55607cf3 · feat: bairn drift --anonymize masks array cardinality (v0.2.4) ·
    Release: bairn v0.2.4 
    v0.2.4 - drift --anonymize masks array cardinality

Adds an --anonymize flag to bairn drift that replaces "<n=N>"
markers with "<n=*>" in shape signatures, so household-side
cardinality (number of relations, roles) does not leak into
committed baselines. Default stays unchanged; bairn's drift-gate
opts in via .gitlab-ci.yml.

Posture and conditions of use unchanged: NOTICE.md.

  • v0.2.3

    protected
    e1a99e9f · chore: bump catalog includes to dunn.dev/pipeline@v1.5.2 + version 0.2.3 ·
    Release: bairn v0.2.3 
    v0.2.3 - upsert release behavior via dunn.dev/pipeline@v1.5.2

Bumps the catalog includes to v1.5.2 so release-create upserts
the release record and asset links on every fire instead of
skipping when present. Re-tags and duplicate-pipeline-fires now
converge cleanly.

No binary behavior change beyond version reporting.

Posture and conditions of use unchanged: NOTICE.md.

  • v0.2.2

    protected
    49bbef51 · chore: bump version to v0.2.2 ·
    Release: bairn v0.2.2 
    v0.2.2 - drift validation hardening

Folds in the validation fix that surfaced while wiring v0.2.1's
drift-gate end-to-end:

- Validate("drift") now accepts FAMLY_EMAIL+FAMLY_PASSWORD
  (recommended for CI; refreshing token) in addition to the
  static FAMLY_ACCESS_TOKEN. Matches Validate("fetch")'s logic.
- runDrift now calls Validate("drift") and fails fast when the
  resolved token is empty, with an error message that names the
  protected-variable / protected-ref mismatch as a likely cause.

No behaviour change for the binary's hot path; this lands the
clearer error messages and the corrected validation gate.

Posture and conditions of use unchanged: NOTICE.md.

  • v0.2.1

    protected
    cb6c8768 · chore: bump version to v0.2.1 ·
    Release: bairn v0.2.1 
    v0.2.1 - drift gate as pre-release verification

Adds a tag-triggered drift gate to bairn's CI: each tag pipeline
builds bairn, hits Famly's parent-side surface using the operator's
own refreshing credentials, and diffs response shapes against the
committed baseline at discovery/baselines/main/. The gate fails
the tag pipeline (and blocks the binary from shipping) when drift
is detected.

Companion docs (NOTICE.md, discovery/PROTOCOL.md, ADR 0007) name
the trigger model explicitly: tag push is a human action; this is
not a recurring schedule against Famly's surface.

No behaviour change in the binary itself beyond version reporting.

Posture and conditions of use unchanged: NOTICE.md.

  • v0.2.0

    protected
    0285186e · feat: native Go bairn drift subcommand (v0.2.0) ·
    Release: bairn v0.2.0 
    v0.2.0 - native drift detection

bairn drift is now a native Go subcommand. Loads a TOML manifest,
hits each endpoint with auth + paced delay, computes JSON-key-only
shape signatures, optionally diffs against a prior baseline.
Surfaces vendor schema changes before they break a fetch.

Exit codes: 0 = no drift, 1 = drift found, 2 = config or transport
error. Wires cleanly into the claude-drift-triage component in
dunn.dev/pipeline so the LLM triage fires only on real changes.

The Python prototype (discovery/probe/shape.py) stays in the repo
as documentation of the methodology. Signature format is
byte-compatible.

Posture and conditions of use unchanged: NOTICE.md.

  • v0.1.0

    protected
    8ed20c93 · ci: full supply-chain release flow via dunn.dev/pipeline ·
    Release: bairn v0.1.0 
    v0.1.0 - initial release

Personal photo archive for Famly-using households. Pull images and
videos to disk with full EXIF and XMP metadata embedded. Optional
Immich upload (alpha; matures in v0.2.0).

Each binary ships with a sha256 checksum, a keyless cosign
signature, a CycloneDX SBOM, and a SLSA v1.0 provenance
attestation. Verification recipes in SECURITY.md.

Posture and conditions of use: NOTICE.md.