MSG-42 Post-VENUSINF systemd-client bearer sweep: applog-pull/listen + errscan inject LLMMSG_HUB_BEARER (hubPost hardcoded bearerless, applog-pull.ts:121) + per-instance bearer env across hosts - restores fleet alerting (applog-pull@pluto unauthorized live)

MSG-42 · llmmsg-srv

Post-VENUSINF systemd-client bearer sweep: applog-pull/listen + errscan inject LLMMSG_HUB_BEARER (hubPost hardcoded bearerless, applog-pull.ts:121) + per-instance bearer env across hosts - restores fleet alerting (applog-pull@pluto unauthorized live)

Ref: MSG-42 (#1070)
Project: llmmsg-srv
Status: done
Priority: high
Type: task
Assigned: nw-venus-cc
Created by: wi-cli-whey
Created: 2026-06-14T14:48:38.202Z
Updated: 2026-06-14T14:57:59.408Z
Closed: 2026-06-14T14:57:59.408Z

Sub-items

No sub-items.

+ Add sub-item

Questions

No questions.

Event log

2026-06-14T14:48:38.202Z · created · wi-cli-whey
2026-06-14T14:49:47.658Z · statusChanged · wi-cli-whey

status=inProgress
2026-06-14T14:49:47.688Z · decision · wi-cli-whey

Hub-auth ruling (hub-llmmsgsrv, VENUSINF-4): bearer-on-ALL-clients, NO hub change, loopback exemption DECLINED (Caddy collapses external->loopback at hub = naive exempt is public auth bypass; XFF-discriminator variant is silent-bypass footgun for zero secret reduction). SWEEP: applog-pull/listen x3 (pluto LIVE-broken FIRST, mars/venus latent) + errscan@pluto/@venus (venus) + errscan@mars (WHEY); all bearerless hubPost (applog-pull.ts:121). evolutiva-backup EXEMPT (DB-only). OWNERSHIP: nw-venus=shared code change (inject LLMMSG_HUB_BEARER->Authorization:Bearer, propagates to whey via shared checkout) + venus-instance env+restart; nw-whey/bin-whey=whey errscan@mars env+restart+LLMMSG_HUB_URL repoint (mars.env defaults whey hub, pm-mars on venus). Verify each: test app-error DMs its PM. Driver: applog-pull@pluto unauthorized live, Elazar watching alert health.
2026-06-14T14:51:09.910Z · note · wi-cli-whey

OWNERSHIP CORRECTION (nw-whey caught conflation): TWO separate codebases. (1) applog-pull.ts = venus TS checkout, nw-venus owns code (one edit propagates) + applog x3 env+restart, PLUTO FIRST (live). (2) evolutiva-errscan.sh = bash, /home/rob/.local/bin/, bin-whey owns, distributed via sh.git - NOT the applog checkout, nw-venus's applog edit does NOT touch it. errscan code change (add -H Authorization:Bearer to hub_send+hub_register +version bump) = BIN-WHEY, pushed to sh.git, NOT gated on nw-venus. DAG: bin-whey errscan.sh code->sh.git push-> [whey errscan@mars: bin-whey env(LLMMSG_HUB_URL=hub-t edge since whey->venus remote, +bearer)+restart] + [venus errscan@pluto/@venus: nw-venus pulls sh.git + env+restart, gated on bin-whey push]. nw-whey=read-only verify all errscan instances (test alert DMs PM). applog track independent + priority (pluto live).
2026-06-14T14:56:49.885Z · verified · wi-cli-whey

WHEY errscan@mars leg HARD-CLOSED, observed end-to-end: pm-mars-cc confirmed receipt on VENUS inbox of synthetic errscan DM (tag scrp-evolutiva_errscan-whey-mqdwotz894ag, kind=task, aro:mars). errscan.sh v1.9 (bearer header) + mars.env repoint hub-t+bearer+restart -> transport+bearer-auth+routing-to-venus all GREEN observed. Coverage caveat (honest): watermark-rollback infeasible (vAppAlertsRecent 0 rows, last mars error ~59h ago); bin-whey exercised errscan's EXACT hub_send transport directly (same endpoint/payload/bearer). NOT exercised: digest-building (VISIBLE_COUNT/MESSAGE assembly) - transport-independent, unchanged by bearer edit, not the migration-at-risk leg. Migration-broken leg (wrong hub+no bearer) fully fixed+proven. REMAINING: venus applog x3 + errscan@pluto/@venus pending nw-venus land + nw-whey observed-send verify.
2026-06-14T14:57:59.386Z · verified · wi-cli-whey

errscan topology confirmed by bin-whey (owner): errscan is MARS-ONLY + whey-resident. No pluto/venus units ever existed - nw-whey's bundle assumed a symmetry that doesn't exist. So MSG-42 errscan scope = errscan@mars ONLY (hard-closed E2E). nw-venus correctly had nothing to do on errscan. APPLOG complete: all 3 bearerized; pluto pull RESTORED+live-verified (real WARN digest->pm-pluto, authed); mars/venus pull authed-clean; listen@pluto enabled (parity gap fixed); listen@venus/mars armed+authed+connected, unexercised (reader-only DSN, acceptable). FLEET ALERTING SAFETY NET RESTORED.
2026-06-14T14:57:59.408Z · completed · wi-cli-whey

Post-VENUSINF systemd-client bearer sweep COMPLETE. applog x3 bearerized+live (pluto restored+verified, mars/venus authed); errscan@mars (only instance) hard-closed E2E. Hub gate untouched (bearer-everywhere, Option B). Fleet alerting restored. errscan@pluto/@venus do not exist = out of scope (see follow-up proposal).
2026-06-14T15:02:09.277Z · verified · wi-cli-whey

FINAL CLOSE - all recipient-observed where exercised. applog-pluto GREEN E2E on REAL event: nw-venus journal correlation decisive (pulls 401'd cursor-stuck through 14:50; first authed pull 14:52 DM'd + advanced cursor to event 13:46:35.43205Z/b9b30341 = exact page_not_found pm-pluto confirmed receiving; NOT a drain, pre-restore sends failed never queued). errscan@mars GREEN E2E (synthetic transport DM rx by pm-mars, tag ...894ag). applog venus/mars pull authed+clean, listen connected, strictly-fresh-event unexercised (reader-only DSN, accepted gap, closes next organic warn). errscan@pluto/@venus DROPPED (phantom, never existed).