Feature/filter no faces

[damongolding]

Summary by CodeRabbit

• New Features

  • Added a "no faces" filter option to hide images that contain detected faces.

• Chores

  • Improved frontend build/packaging for more reproducible asset generation.
  • Updated .gitignore to exclude new build/output artifacts.
  • Bumped several frontend dev dependency versions for maintenance.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds .gitignore patterns for result artifacts, pins and builds frontend dependencies/assets in Nix (flake.nix), introduces a boolean FilterExcludeFaces config option, and updates asset validation to apply the "exclude faces" filter before date-range checks.

Changes

Cohort / File(s)	Summary
VCS / Ignore \.gitignore	Adds ignore patterns: result and result-*.
Nix build / Packaging flake.nix	Pins frontend deps; adds fixed-output node_modules derivation (runs bun install); builds frontend assets in Nix and exposes public/assets; copies assets into Go preBuild; embeds main.version via ldflags and replaces earlier vendor/embed placeholders with concrete hashes and asset-copy pipeline.
Configuration internal/config/config.go	Adds exported boolean FilterExcludeFaces to Config with JSON/YAML/mapstructure/query/form tags and default false.
Asset validation / Go logic internal/immich/immich_helpers.go	(*Asset).isValidAsset now invokes hasValidFilterExcludeFaces (may call CheckForFaces and requires no faces when enabled) before the renamed hasValidFilterDate date validation.
Frontend deps frontend/package.json	Bumps devDependency versions: @biomejs/biome -> ^2.4.13, choices.js -> ^11.2.3, postcss -> ^8.5.12 (devDependencies only).

Sequence Diagram

sequenceDiagram
    participant Client
    participant AssetValidator as Asset Validator
    participant FaceService as Face Detection Service
    participant DateValidator as Date Validator

    Client->>AssetValidator: Request asset validation
    AssetValidator->>AssetValidator: Check FilterExcludeFaces flag
    alt FilterExcludeFaces enabled
        AssetValidator->>FaceService: Request faces for asset (if People/Unassigned empty)
        FaceService-->>AssetValidator: Return face data
        AssetValidator->>AssetValidator: Fail if any faces/unassigned faces present
    else FilterExcludeFaces disabled
        AssetValidator->>AssetValidator: Skip face check (pass)
    end
    AssetValidator->>DateValidator: Validate date range / buckets
    DateValidator-->>AssetValidator: Date valid / invalid
    AssetValidator-->>Client: Return overall validation result

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• add nix #642: Related changes to flake.nix and Nix packaging / frontend asset handling.
• deps #422: Related frontend devDependency version bumps in frontend/package.json.

Suggested labels

maintenance

Poem

🐇 I hopped through builds and tucked assets tight,
I nudged out faces if the config says "no",
I pinned the bundles and copied them right,
A tidy flake, a binary to show —
Tiny paws, big commits, and a carrot-glow. 🍃

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'Feature/filter no faces' directly corresponds to the main feature addition: a new FilterExcludeFaces configuration option that enables excluding assets with detected faces.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/filter-no-faces

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@flake.nix`:
- Around line 50-54: The Nix derivation is skipping the package's TypeScript
type-check because it runs individual scripts (bun run css/js/url-builder);
change buildPhase to invoke the package's top-level build script (e.g., run "bun
run build" or otherwise run the same pre-build/typecheck command the package
uses) before emitting assets so the TypeScript check in the package's build
pipeline (referenced by the build script and the buildPhase block) is executed;
ensure you either replace the three bun run lines with the single bun run build
or prepend the type-check command the package build uses so type errors fail the
build.
- Around line 75-80: The preBuild step currently copies the entire assets
directory into frontend/public/assets which can create
frontend/public/assets/assets and break go:embed paths; update the cp invocation
in the preBuild block to copy the contents instead of the directory (e.g., use
cp -r ${frontend}/assets/. frontend/public/assets or copy into
frontend/public/), or use a content-preserving tool like rsync -a
${frontend}/assets/ frontend/public/assets, ensuring mkdir -p frontend/public
remains and the final paths match the original assets layout expected by the Go
embed.
- Around line 14-36: The fixed-output derivation "node_modules" uses a single
outputHash which only matches the system it was generated on; change it to
produce per-system hashes by keying the fixed-output by ${system} — update the
"node_modules" derivation to replace the single shared outputHash usage with a
system-keyed hash (e.g. add an outputHashKey that includes ${system} or
otherwise make the hash lookup vary by ${system}) and keep
outputHash/outputHashAlgo/outputHashMode tied to that key so each platform
(darwin-arm64, linux-x64, etc.) can have its own correct vendored bun/esbuild
hash.

In `@internal/immich/immich_helpers.go`:
- Around line 739-741: The no-faces filter currently calls CheckForFaces when
either a.People or a.UnassignedFaces is empty, causing unnecessary API lookups;
change the condition in the block that inspects a.People and a.UnassignedFaces
to require both to be empty (use logical AND) so CheckForFaces(requestID,
deviceID) is only invoked when neither collection has been populated,
referencing the a.People, a.UnassignedFaces variables and the CheckForFaces
method to locate the change.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: d247fe1c-77e2-47f2-a8b1-0f5256717e53

📥 Commits

Reviewing files that changed from the base of the PR and between 09a1461 and bab7e4a.

⛔ Files ignored due to path filters (1)

• flake.lock is excluded by !**/*.lock

📒 Files selected for processing (5)

• .gitignore
• flake.nix
• immich-kiosk
• internal/config/config.go
• internal/immich/immich_helpers.go

[coderabbitai]

♻️ Duplicate comments (3)

flake.nix (3)

57-61: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Run the package build script here too.

This derivation still invokes the individual asset scripts, so the package-level TypeScript/typecheck step remains skipped.

Suggested change

-            bun run css
-            bun run js
-            bun run url-builder
+            bun run build

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@flake.nix` around lines 57 - 61, The buildPhase currently runs only the
individual asset scripts (bun run css, bun run js, bun run url-builder) which
skips the package-level TypeScript/typecheck step; update the buildPhase (the
buildPhase block with those bun run commands) to also invoke the package build
script (e.g., add the package-level command such as "bun run build" or the
repository's package build script name) so the TypeScript/typecheck runs as part
of the derivation and preserves the existing asset steps.

---

13-43: ⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Populate the real per-system hashes before merging.

pkgs.lib.fakeHash keeps every fixed-output derivation unresolved, so nix build will fail on all supported systems until the actual hashes are filled in.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@flake.nix` around lines 13 - 43, Replace the placeholder pkgs.lib.fakeHash
entries in nodeModulesHashes with the real fixed-output hashes for each platform
so the node_modules derivation can validate output; to do this, build or
evaluate the node_modules derivation (the derivation named node_modules using
outputHash = nodeModulesHashes.${system}) on each target system (or use
nix-prefetch / nix build to obtain the expected sha256) and copy the computed
sha256 values into the corresponding keys ("x86_64-linux", "aarch64-linux",
"x86_64-darwin", "aarch64-darwin") so outputHash no longer points to fakeHash
and the derivation can succeed.

---

84-86: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Copy the asset contents, not the directory.

cp -r ${frontend}/assets frontend/public/assets will create frontend/public/assets/assets, which breaks the expected go:embed frontend/public layout.

Suggested change

-              cp -r ${frontend}/assets frontend/public/assets
+              cp -r ${frontend}/assets/. frontend/public/assets/

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@flake.nix` around lines 84 - 86, The current copy step uses "cp -r
${frontend}/assets frontend/public/assets" which creates a nested assets/assets
directory and breaks go:embed; change the copy to copy the contents into the
target directory instead (e.g. replace the cp invocation so it copies
${frontend}/assets/. or ${frontend}/assets/* into frontend/public/assets/) while
keeping the existing mkdir -p frontend/public/assets line, so the
frontend/public/assets layout contains the asset files at its root.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@flake.nix`:
- Around line 57-61: The buildPhase currently runs only the individual asset
scripts (bun run css, bun run js, bun run url-builder) which skips the
package-level TypeScript/typecheck step; update the buildPhase (the buildPhase
block with those bun run commands) to also invoke the package build script
(e.g., add the package-level command such as "bun run build" or the repository's
package build script name) so the TypeScript/typecheck runs as part of the
derivation and preserves the existing asset steps.
- Around line 13-43: Replace the placeholder pkgs.lib.fakeHash entries in
nodeModulesHashes with the real fixed-output hashes for each platform so the
node_modules derivation can validate output; to do this, build or evaluate the
node_modules derivation (the derivation named node_modules using outputHash =
nodeModulesHashes.${system}) on each target system (or use nix-prefetch / nix
build to obtain the expected sha256) and copy the computed sha256 values into
the corresponding keys ("x86_64-linux", "aarch64-linux", "x86_64-darwin",
"aarch64-darwin") so outputHash no longer points to fakeHash and the derivation
can succeed.
- Around line 84-86: The current copy step uses "cp -r ${frontend}/assets
frontend/public/assets" which creates a nested assets/assets directory and
breaks go:embed; change the copy to copy the contents into the target directory
instead (e.g. replace the cp invocation so it copies ${frontend}/assets/. or
${frontend}/assets/* into frontend/public/assets/) while keeping the existing
mkdir -p frontend/public/assets line, so the frontend/public/assets layout
contains the asset files at its root.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 89b748b5-5354-4659-88c9-5cdd50533f88

📥 Commits

Reviewing files that changed from the base of the PR and between e4ca6aa and e9411f7.

📒 Files selected for processing (1)

• flake.nix

[coderabbitai]

♻️ Duplicate comments (1)

internal/immich/immich_helpers.go (1)

734-744: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Avoid the redundant CheckForFaces call.

CheckForFaces only populates People, so the || still forces a face lookup whenever either slice is empty. That means assets that already have one populated face collection still pay for an unnecessary Immich round trip.

🔧 Suggested fix

-	if len(a.People) == 0 || len(a.UnassignedFaces) == 0 {
+	if len(a.People) == 0 && len(a.UnassignedFaces) == 0 {
 		a.CheckForFaces(requestID, deviceID)
 	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@internal/immich/immich_helpers.go` around lines 734 - 744, The
hasValidFilterExcludeFaces function currently calls CheckForFaces when either
a.People or a.UnassignedFaces is empty, causing unnecessary Immich lookups
because CheckForFaces only populates People; change the logic so
CheckForFaces(requestID, deviceID) is invoked only when len(a.People) == 0
(i.e., People is empty), keep the final return as len(a.People) == 0 &&
len(a.UnassignedFaces) == 0, and update the conditional in
hasValidFilterExcludeFaces to reference a.People and a.UnassignedFaces
accordingly to avoid redundant calls.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@internal/immich/immich_helpers.go`:
- Around line 734-744: The hasValidFilterExcludeFaces function currently calls
CheckForFaces when either a.People or a.UnassignedFaces is empty, causing
unnecessary Immich lookups because CheckForFaces only populates People; change
the logic so CheckForFaces(requestID, deviceID) is invoked only when
len(a.People) == 0 (i.e., People is empty), keep the final return as
len(a.People) == 0 && len(a.UnassignedFaces) == 0, and update the conditional in
hasValidFilterExcludeFaces to reference a.People and a.UnassignedFaces
accordingly to avoid redundant calls.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 4f037cbc-928f-4874-93ac-66fd180014c6

📥 Commits

Reviewing files that changed from the base of the PR and between e9411f7 and 6ea115f.

📒 Files selected for processing (2)

• internal/config/config.go
• internal/immich/immich_helpers.go

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@flake.nix`:
- Around line 13-18: The nodeModulesHashes map currently uses pkgs.lib.fakeHash
for "x86_64-linux", "aarch64-linux", and "x86_64-darwin", causing the
fixed-output derivation for node_modules to fail on those platforms; replace
each pkgs.lib.fakeHash entry in the nodeModulesHashes attribute with the actual
fixed-output hash computed on that platform (e.g., build the derivation or run
nix hash --base32 --type=sha256 on the produced tarball) or remove the
unsupported platform keys entirely so they are not advertised as supported for
the immich-kiosk target; update the "x86_64-linux", "aarch64-linux", and
"x86_64-darwin" entries accordingly in the nodeModulesHashes map.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 5da5b9d1-9e79-40a9-b37a-a876a6b8adf9

📥 Commits

Reviewing files that changed from the base of the PR and between 6ea115f and 545341f.

📒 Files selected for processing (1)

• flake.nix