journal(shot): plausible root-cause story + P4 proof-run kickoff

JOURNAL-shot.md

@@ -38,3 +38,19 @@ painted body, then screenshot; then a blank-detect (PNG < ~6KB or near-uniform)
 a longer settle. Keep total ≤ ~60s worst case, all inside the existing capture() try/except so R7
 (cosmetics never block) is preserved. Unit tests: blank-detector pure function + retry logic with
 a fake page. Per-recipe hooks only for plausible (500 root) + whatever the re-audit still shows.
+
+## 2026-06-11 ~05:45-06:00Z — plausible root cause was a 62-char SECRET_KEY_BASE; M1 PASSed meanwhile
+
+M1 PASS (ae10b55) with a watch-list. P3 done in two commits: ce50f64 (harness settle+blank-retry,
+6 unit tests, 205 pass, lint PASS) and b98a471 (plausible fix). The plausible story changed under
+probing: three live probes (shot-probe{,2,3}-plausible) showed / and every HTML route 302→/register
+which 500s; app logs gave the smoking gun: `(ArgumentError) cookie store expects conn.secret_key_base
+to be at least 64 bytes`. Our EXTRA_ENV value — comment claimed "64-char" — measures 62. So every
+page render 500'd while /api/* (no cookie store) passed all tiers. NOT auth_controller/DISABLE_AUTH
+as the old comments claimed; corrected both stale comments. Fix = 68-char value; verified
+shot-fix-plausible run: install pass, screenshot.png 64132B = real registration page (empty fields,
+placeholders only — same safe shape the Adversary blessed for n8n/uptime-kuma). No hook needed.
+
+P4 started: !testme posted 05:56:32Z on immich#2 + plausible#3 (drone builds 370+371 running,
+concurrent). Manual full proof run keycloak launched (shot-proof-keycloak). Remaining queue:
+mattermost-lts, cryptpad, lasuite-meet, lasuite-docs, lasuite-drive, n8n, mumble.