From 65fe47feeafbf13cbc1cf89ac670ae4a25363774 Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Thu, 18 Jun 2026 00:25:57 +0000 Subject: [PATCH] =?UTF-8?q?journal(redfix):=20M2=20prep=20=E2=80=94=20blue?= =?UTF-8?q?sky=20fix=20refinement=20(unique=20internal=20alias,=20not=20se?= =?UTF-8?q?rvice=20rename)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- machine-docs/JOURNAL-redfix.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/machine-docs/JOURNAL-redfix.md b/machine-docs/JOURNAL-redfix.md index 7cf44a6..efeeeab 100644 --- a/machine-docs/JOURNAL-redfix.md +++ b/machine-docs/JOURNAL-redfix.md @@ -244,3 +244,14 @@ structurally in code. Node clean: warm-gitea idle@3.5.3 (volumes retained), orphaned warm-bluesky removed, only live warm-keycloak up (healthy 200). Claiming M1; will start M2 fix design while awaiting the Adversary verdict (keep an unblocked item in hand). + +## 2026-06-18T00:25Z — M2 prep (gated on M1 PASS): bluesky fix refinement + +While parked at the M1 gate (no node deploys — Adversary cold-verifying), refined the bluesky fix: +cc-ci's bluesky tests probe via HTTP (/xrpc/_health), but the GENERIC harness defaults to +`service="app"` (deployed_identity/_app_container). So RENAMING the recipe's `app` service → `pds` +could break generic harness assumptions. Cleaner fix: keep the service named `app` but give it a +UNIQUE network ALIAS on the internal net (e.g. `aliases: [pds-internal]`) and point caddy at +`pds-internal:3000` (reverse_proxy + on_demand_tls ask). A unique alias has no collision on the shared +proxy (only the bare `app` alias collides), and the service name stays `app` → zero cc-ci-side +breakage. Will validate this exact approach in M2 after M1 PASS.