docs: document acb-enrichment deployment infrastructure blockers

Investigated acb-enrichment deployment task (bf-22vc5). Verified
Dockerfile and manifests are valid, but CI/CD access is blocked.

Blockers identified:
- iad-ci kubeconfig missing at ~/.kube/iad-ci.kubeconfig
- Docker daemon not running (no socket access)
- argo-ci.ardenone.com returning 502
- forgejo.ardenone.com returning "no available server"

All code assets verified:
- cmd/acb-enrichment/Dockerfile (valid multi-stage Go build)
- manifests/acb-enrichment-deployment.yml (has placeholder SHA)
- WorkflowTemplate acb-enrichment-build exists in declarative-config

Task requires manual setup:
1. Obtain iad-ci kubeconfig from Rackspace Spot UI, OR
2. Enable Docker daemon with ronaldraygun credentials for local build, OR
3. Debug argo-ci service connectivity

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

notes/bf-22vc5-current-attempt-2026-06-04.md

@@ -0,0 +1,87 @@
+# ACB Enrichment Deployment - Current Attempt
+
+**Date:** 2026-06-04  
+**Commit:** 9795cde  
+**Status:** BLOCKED - Infrastructure Access Required
+
+## What Was Verified
+
+### ✅ Completed
+- Located acb-enrichment source at `cmd/acb-enrichment/`
+- Verified Dockerfile is valid (`cmd/acb-enrichment/Dockerfile`)
+- Located WorkflowTemplate: `acb-enrichment-build` in declarative-config
+- Located deployment manifest with placeholder: `ronaldraygun/acb-enrichment@sha256:placeholder`
+
+### ❌ Blockers
+
+#### 1. iad-ci Kubeconfig Missing
+Expected at `/home/coding/.kube/iad-ci.kubeconfig` but does not exist.
+According to docs, this must be obtained from Rackspace Spot UI and manually saved.
+
+#### 2. Docker Daemon Not Accessible
+Docker client exists (`docker --version` works) but daemon is not running:
+```bash
+docker info
+# Error: Cannot connect to the Docker daemon at unix:///var/run/docker.sock
+```
+
+Starting dockerd manually requires privileges and may have systemd conflicts.
+
+#### 3. argo-ci.ardenone.com Returns 502
+The Argo Workflows UI returns 502 Bad Gateway, likely indicating:
+- Service is down
+- Ingress is misconfigured  
+- Network routing issue
+
+## Required Actions
+
+### Option A: Obtain iad-ci Kubeconfig (Recommended)
+1. Log into Rackspace Spot UI at us-east-iad-1
+2. Navigate to cluster credentials
+3. Download kubeconfig for ServiceAccount `argocd-manager`
+4. Save to `/home/coding/.kube/iad-ci.kubeconfig`
+5. Trigger workflow manually
+
+### Option B: Build Locally with Docker
+1. Start Docker daemon (requires root/systemd)
+2. Build image locally: `docker build -t ronaldraygun/acb-enrichment:sha-9795cde -f cmd/acb-enrichment/Dockerfile .`
+3. Push to Docker Hub (requires ronaldraygun credentials)
+
+### Option C: Fix argo-ci Service
+Debug why argo-ci.ardenone.com returns 502:
+- Check Traefik ingress configuration
+- Verify Argo Workflows service is running
+- Check network policies
+
+## Next Steps (when unblocked)
+
+1. Trigger build workflow:
+```bash
+kubectl --kubeconfig=/home/coding/.kube/iad-ci.kubeconfig create -f - <<EOF
+apiVersion: argoproj.io/v1alpha1
+kind: Workflow
+metadata:
+  generateName: acb-enrichment-build-manual-
+  namespace: argo-workflows
+  annotations:
+    commit_sha: "9795cde"
+spec:
+  workflowTemplateRef:
+    name: acb-enrichment-build
+EOF
+```
+
+2. Monitor workflow completion and capture image SHA
+
+3. Update deployment manifest:
+```yaml
+image: ronaldraygun/acb-enrichment@sha256:<real-sha>
+```
+
+4. Push to declarative-config
+
+## Summary
+All code is ready and verified. The only blocker is CI/CD infrastructure access. This requires manual setup of either:
+- iad-ci kubeconfig from Rackspace Spot UI, OR
+- Docker daemon and credentials for local build, OR  
+- Debugging argo-ci service connectivity

notes/bf-22vc5-final-summary-2026-06-04.md

@@ -0,0 +1,94 @@
+# ACB Enrichment Deployment - Final Summary (BLOCKED)
+
+**Date:** 2026-06-04  
+**Commit:** 9795cde  
+**Status:** BLOCKED - Infrastructure Access Required
+
+## Problem Statement
+The task requires building the acb-enrichment Docker image and updating the deployment manifest, but all CI/CD access paths are blocked.
+
+## What Was Verified
+
+### ✅ Code Assets (All Present and Valid)
+- `cmd/acb-enrichment/Dockerfile` - Valid multi-stage Go build
+- `cmd/acb-enrichment/` - Source code present
+- `manifests/acb-enrichment-deployment.yml` - Has `ronaldraygun/acb-enrichment@sha256:placeholder`
+- WorkflowTemplate `acb-enrichment-build` exists in declarative-config
+
+### ❌ Infrastructure Blockers
+
+| Access Path | Status | Error/Issue |
+|------------|--------|-------------|
+| `~/.kube/iad-ci.kubeconfig` | ❌ Missing | File does not exist (must obtain from Rackspace Spot UI) |
+| `docker info` | ❌ Daemon not running | Cannot connect to unix:///var/run/docker.sock |
+| `argo-ci.ardenone.com` | ❌ 502 Bad Gateway | Service down or ingress misconfigured |
+| `traefik-rs-manager:8001` | ✅ Working | Read-only proxy access (no iad-ci secrets) |
+| `forgejo.ardenone.com` | ❌ No available server | Service unreachable |
+
+## Investigation Results
+
+### Attempted Access Methods
+
+1. **kubectl via iad-ci kubeconfig** - File doesn't exist
+2. **kubectl via kubectl-proxy** - No proxy for iad-ci (DNS fails)
+3. **Local Docker build** - Daemon not running, no socket access
+4. **argo-ci.ardenone.com UI** - Returns 502
+5. **rs-manager kubectl-proxy** - Works but has no iad-ci credentials
+6. **ArgoCD read-only API** - Returns empty response
+7. **Forgejo packages** - Service unavailable
+
+### What Works
+- `kubectl --server=http://traefik-rs-manager:8001` - Read-only access to rs-manager
+- `kubectl --server=http://traefik-ardenone-manager:8001` - Read-only access to ardenone-manager
+- Local Docker client (`docker --version` works)
+- All source code and manifests are valid
+
+## Required Manual Setup
+
+To unblock this task, ONE of the following must be completed:
+
+### Option 1: Obtain iad-ci Kubeconfig (Recommended)
+1. Log into Rackspace Spot UI (us-east-iad-1 region)
+2. Navigate to the iad-ci cluster
+3. Download/create kubeconfig for ServiceAccount `argocd-manager`
+4. Save to `/home/coding/.kube/iad-ci.kubeconfig`
+5. Then trigger workflow with:
+```bash
+kubectl --kubeconfig=/home/coding/.kube/iad-ci.kubeconfig create -f - <<EOF
+apiVersion: argoproj.io/v1alpha1
+kind: Workflow
+metadata:
+  generateName: acb-enrichment-build-manual-
+  namespace: argo-workflows
+  annotations:
+    commit_sha: "9795cde"
+spec:
+  workflowTemplateRef:
+    name: acb-enrichment-build
+EOF
+```
+
+### Option 2: Enable Docker Daemon and Build Locally
+1. Start Docker daemon (requires root): `sudo systemctl start docker` OR `sudo dockerd &`
+2. Obtain ronaldraygun Docker Hub credentials
+3. Login: `docker login`
+4. Build: `docker build -t ronaldraygun/acb-enrichment:sha-9795cde -f cmd/acb-enrichment/Dockerfile .`
+5. Push: `docker push ronaldraygun/acb-enrichment:sha-9795cde`
+6. Get SHA and update deployment
+
+### Option 3: Fix argo-ci Service
+1. Debug why argo-ci.ardenone.com returns 502
+2. Check Argo Workflows deployment in iad-ci
+3. Verify Traefik ingress configuration
+4. Check network policies and routing
+
+## Deployment Manifest Status
+- Staging: `/home/coding/ai-code-battle/manifests/acb-enrichment-deployment.yml`
+- Active: `/home/coding/declarative-config/k8s/apexalgo-iad/ai-code-battle/acb-enrichment-deployment.yml`
+- Both have placeholder: `ronaldraygun/acb-enrichment@sha256:placeholder`
+- Replicas set to 0 (deployment disabled)
+
+## Conclusion
+This task requires manual infrastructure setup. All code is ready and verified, but CI/CD access is not available. The kubeconfig for iad-ci cluster must be manually obtained from Rackspace Spot UI, OR Docker daemon must be enabled with credentials for local build.
+
+**Next Step:** Manual intervention required to obtain iad-ci kubeconfig or enable Docker build access.