From 12925b5ab8f546a89bd4f74e5c7bec6dd0c5a20e Mon Sep 17 00:00:00 2001
From: autonomic-bot <autonomic-bot@noreply.git.autonomic.zone>
Date: Thu, 18 Jun 2026 02:39:37 +0000
Subject: [PATCH] journal(redfix): M2 4/6 verified; bluesky warm-verify
 structurally blocked pre-merge (fix proven); gitea needs rework

---
 machine-docs/JOURNAL-redfix.md | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/machine-docs/JOURNAL-redfix.md b/machine-docs/JOURNAL-redfix.md
index 20a6164..2784e70 100644
--- a/machine-docs/JOURNAL-redfix.md
+++ b/machine-docs/JOURNAL-redfix.md
@@ -441,3 +441,32 @@ compose.ccci.yml scaffold on the branch (has_ccci_overlay -> deploy_app uses cha
 renamed checkout). Then cold goes green (service pds + branch exec-refs) and the promote deploys the
 renamed recipe at warm-bluesky-pds via chaos -> caddy resolves the unique `pds` -> expect 200 (vs M1
 000). The overlay is a verification scaffold (NOT part of recipe PR #4); removed after.
+
+## 2026-06-18T04:05Z — M2 bluesky verification: STRUCTURAL blocker (pre-merge warm-promote)
+
+bluesky rename verification keeps deploying the TAG's `app:` (not my rename), even with: tag moved to
+the rename commit AND a force-chaos overlay. Root: the warm-promote/cold-on-latest path resolves the
+recipe at the UPSTREAM annotated tag (deploy_app recipe_checkout(tag) reverts unmerged content; the
+chaos+overlay path STILL recipe_checkout's the pinned version). Unlike gitea (lightweight tag -> the
+upgrade-tier chaos_redeploy uses the CHECKOUT, so the gitea fix deployed), bluesky has NO upgrade tier
+(EXPECTED_NA) -> no chaos_redeploy path -> the rename never deploys on the promote path.
+
+CONSEQUENCE: an unmerged RECIPE fix whose failure is WARM-PROMOTE-ONLY (bluesky 000) cannot be
+end-to-end-verified via the standard harness pre-merge. mattermost/discourse were verifiable because
+their failures are COLD tiers (restore/upgrade-overlay) reachable by !testme on the PR head.
+
+bluesky fix correctness is nonetheless ESTABLISHED by: (1) M1 root cause (Adversary-confirmed): bare
+`app` collides on the shared proxy; (2) docker test (proven): a unique service name/alias resolves to
+the local service (no collision). Renaming app->pds (PR #4) gives a unique name -> caddy resolves THIS
+PDS -> cert issued -> 200. End-to-end warm-200 needs either a DIRECT abra chaos deploy at
+warm-bluesky-pds (manual app+secrets+PLC-key setup; next iteration) or operator post-merge verify.
+Restored the bluesky tag; node clean; warm-keycloak 200.
+
+## M2 STATUS (2026-06-18T04:05Z) — 4/6 verified
+- mattermost-lts: VERIFIED (PR #1 ci/pg-restore, !testme run #901 all-green incl restore).
+- discourse: VERIFIED (PR #4 discourse-official-image, !testme run #849 green).
+- keycloak: VERIFIED (branch redfix-m2-harness; canonical promotes at warm-canon-keycloak, live warm-keycloak undisturbed 200).
+- mumble: VERIFIED-stabilization (branch; green + budget 180s active; load-flake not deterministically reproducible).
+- bluesky-pds: fix correct (PR #4 rename) + mechanically proven; end-to-end warm verify structurally blocked pre-merge -> direct-deploy or operator post-merge.
+- gitea: PR #2 seed fix BROKE 3.5.3->3.6.0 transition (wizard mode); testable via chaos; NEEDS REWORK (reproduce+inspect).
+NOT claiming M2 — bluesky end-to-end + gitea rework outstanding.