M6: D4 recipe-local discovery + recipe #2 (keycloak, DB-backed) enrolled; M6 CLAIMED

D4 snapshots recipe-shipped tests/ and runs them against the live app. abra -C -o
everywhere + token clone for private mirror PRs. keycloak install green with no
harness surgery (D5). docs/enroll-recipe.md.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

DECISIONS.md

@@ -100,6 +100,15 @@ Architecture decisions and dead-ends. One line of rationale each. (§0, §8)
   unique per run, collision-safe across recipes (full recipe in the hash). Human-readable recipe/PR/
   ref context lives in the Drone build params + the PR comment, not the (ephemeral) domain.
 
+- **abra recipe checkout is volatile — harness uses chaos+offline + a tests/ snapshot (M6).** Many
+  abra commands (`app ls`, `secret generate` without flags, version resolution) silently
+  `git checkout <version-tag>` in `~/.abra/recipes/<recipe>`, discarding a PR branch's files. To
+  test the *PR head code* (not a re-resolved tag): (1) `fetch_recipe` clones the mirror branch/ref
+  (private → bot token via per-command `http.extraHeader`, never persisted/logged); (2) all harness
+  abra calls that touch the recipe pass `-C` (chaos: use current checkout) `-o` (offline: no remote
+  fetch); (3) recipe-shipped `tests/` (D4) are **snapshotted to a temp dir right after fetch**, since
+  later abra commands still reset the checkout — the recipe-local stage runs from the snapshot.
+
 ## Risks
 
 - **Disk — RESOLVED 2026-05-26.** Original 8.9 GiB root had only ~3.8 GiB free *and* a hard