diff --git a/docs/FRICTION.md b/docs/FRICTION.md index e98ffdb..fdbd5f7 100644 --- a/docs/FRICTION.md +++ b/docs/FRICTION.md @@ -22,6 +22,17 @@ earning its keep. _(append new raw signals here; the next kaizen review consumes them)_ +- `[friction]` **Image push to the Forgejo registry fails with `no basic auth + credentials`** (2026-06-15): `make caddy-image-push` (and `molecule-image-push`) fail + unless the Docker daemon on ubongo has an interactive `docker login + forgejo.nyumbani.baobab.band` session — and those creds are **not in vault** (only + `gandi` + `hetzner` are), so an agent can't complete a push non-interactively. The + build half is fully automatable; the push half silently requires a human. → candidate: + document the `docker login` step in `docs/runbooks/claude-code-setup.md`, **or** store + a scoped Forgejo registry token in vault + a `make registry-login` target (login via + `--password-stdin`, `no_log`) so pushes are agent-completable like every other + vault-backed action. + - `[recurring]` **ADRs claim cross-doc reconciliation they didn't actually perform** (2026-06-14): ADR-024's Status + Consequences asserted "ADR-017 prose that mentioned Traefik is updated to read Caddy" — but ADR-008/017/019 + CAPABILITIES still said