docs: sync all doc areas with engineering-specs as-built behavior#220
docs: sync all doc areas with engineering-specs as-built behavior#220lucaiz wants to merge 4 commits into
Conversation
Full EN+ES audit of the 10 documented areas (cluster, domain, environment, project, provider, network, user, powered-ai, subscribe-using-aws, upgrades) against the as-built feature specs in engineering-specs/features/. Fixes stale claims (wrong defaults, removed features described as current, copy-paste rot between dependency engine pages), documents previously-missing customer-facing features (environment clone/export, addon import-export, pending-changes flow, S3 import, EKS upgrade drawer tab), removes two orphaned stale ES duplicate pages, and translates two ES pages that were still in English. Internal-only spec facts (FSM states, Celery/Pulumi internals, feature-flag plumbing, admin-only workflows) are deliberately excluded; the PR description lists each area's exclusions for review. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
…arity Review findings on #220: the dependency spec lists restore_database for aurora-postgresql too, so the same FAQ added to postgresql-aws.mdx now also exists on the Aurora page (EN+ES); the ES Validation Checklist description was missing "dependencias" vs the EN list. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Six independent verifiers re-checked the full PR diff against the specs, fixtures, and code (~180 claims). Fixes: - user/vpn: restore the 24-hour URI validity — the TTL is real (Pritunl key-link Mongo TTL index, 86400s default in the pinned version); the earlier removal was wrong. - vargroup/deployment: deletion always redeploys the projects that use the group (backend ignores the modal's deploy switch on destroy); restore the forced-deploy bullet and reword the delete FAQ. Reveal is account-scoped; mount path unique per project. - chart_dependencies: Edit updates values only (version is immutable in the drawer); last-dependency removal skips validation. - domain: alias certificate reuse requires the parent in the same account; deploy-toggle wording no longer promises a queued approval. - environment: domain change doesn't provision DNS zone/certificate on rename paths; provider (not account) base domain makes an env root; Change Domain is an edit button, clone destination "even" not "only" a different cluster/account. - powered-ai/dockertron: real empty-state prompt text vs creation-form banner; entry points land on the hub (no auto-open drawer); PR flag is platform-global. - volumes: deletion triggers an immediate redeploy by default. - project: Buildpacks builder image isn't auto-detected; arch change only queues a deployment if some exist; autodiagnostic covers Workers. - dependency: S3 KMS uses the AWS-managed aws/s3 key (none is created); DataSync role is customer-created via the CFN quick-create link; MSK client auth optional (defaults unauthorized, lowercase values); restore targets are PostgreSQL-family only; PITR/snapshot mutual exclusion on mysql/postgres too. - cluster: nodepool delete guard is the last non-internal pool; LokiV2 is self-service; provider suspended-account remedy is AWS Support. - style: ES voseo/tuteo/usted register normalized in new content; ES mistranslation "por vos" fixed; stray ES-only sentence removed. Full Docusaurus build green (onBrokenLinks: throw). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
|
Re-validación adversarial (segunda pasada, modelo distinto) — 6 verificadores independientes re-chequearon todo el diff del PR contra los specs, fixtures y código (~180 claims verificados). Resultado: ~12 errores confirmados, todos corregidos en Los dos hallazgos más importantes (reversiones de la primera pasada):
El resto: calificador de misma cuenta para la reutilización de certificados de alias, el cambio de dominio de un Environment no aprovisiona zona/certificado en renombres, Edit de chart-dependencies solo edita values, la clave KMS de S3 es la gestionada por AWS ( |
…ainst code
Third pass: three validators checked the doc areas the engineering-specs
don't describe, directly against console@main (Release 2.12.0),
core@main, and the chatbot repo.
Workloads (console forms + core serializers):
- terminationGracePeriod default is 120, not 30; Timeout Seconds row had
the Initial Delay description; 130% limit example rounds to 666Mi;
added missing Replicas rows (webservice default 2, worker default 1)
and dropped worker's copy-pasted "minimum of 2 replicas" claim.
- worker/cronjob/hook/job docs each skipped a real form step (Settings
with Grace Period) — steps added and renumbered; hooks offer exactly 4
events (pre/post upgrade, pre/post rollback); cron times are UTC;
added the Concurrency Policy row; job monitoring caps at 24 hours (not
~30 min) and marks the Job failed on timeout; jobs run, they don't
"deploy".
- Health-check failure unroutes traffic (readiness probe only); it does
not restart the pod.
Conversation / AI chat (chatbot repo + Lambda IAM):
- Live infrastructure access is gated (allowlist/flag, default off) —
most users get knowledge-base answers; removed an example promising
env-var access (secrets are blocked by IAM/RBAC construction); the
real guarantee is read-only execution (it cannot modify infra), not
"no commands, everything needs confirmation"; data scope is
account-wide read-only with K8s Secrets / Secrets Manager / KMS / SSM
explicitly denied.
Access flows (console + core):
- The "Get Access" drawer no longer exists — AWS access is an inline
dashboard card ("Get AWS and VPN Access") with an AWS Account Switcher
button; kubeconfig buttons are Download/Copy Kubeconfig; the Headlamp
tip keeps its no-Kubeconfig/Lens angle but now notes the VPN
requirement; Dockerfile path examples must start with "./" (except
GitLab) as the form enforces; build-args Textmode ignores spaces
around "=".
Full Docusaurus build green.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
|
Tercera pasada — validación code-first (core/console/chatbot → docs) en
Pendiente de captura (texto ya corregido): |
Full audit of docs.sleakops.com content against the as-built feature specs in
engineering-specs/features/(10 doc areas, EN + ES kept equivalent). Every fix is grounded in a spec claim or verified code behavior; facts that are real but internal-only were deliberately left out — listed at the bottom so the judgment calls are reviewable.109 files changed. Highlights per area:
Cluster
cluster/index.mdx: removed leaked AI-assistant chatter accidentally pasted into a live FAQ; rewrote the stale "how upgrades work" FAQ to point at the Upgrades panel; ES table wrongly listed NodePool fields (Max Memory/CPU) as Cluster-creation fields.addons/index.mdx: documented custom Helm-chart addons ("Add custom addon"), Export/Import (JSON + import-from-cluster), uninstall semantics, automatic dependency install; added KEDA + Headlamp to the optional list; fixed stale "Deploy" button wording → "Install".addons/loki.mdx: deprecation warning (lokiis deprecated,lokiv2is the successor).nodepools/*: added edit/delete guardrails (capacity edits can rotate nodes and are rejected below current usage; can't delete internal/build/last pool or one assigned to a Project Environment; no create/edit while provisioning or shut down).shutdown-cluster.mdx: manual Stop/Play requires Scheduled Shutdown to be configured first; node pools restored as-is on power-on.es/cluster/addons.mdx— orphaned legacy duplicate ofes/cluster/addons/index.mdx(same slug, stale content, unmaintained since the original i18n commit).Domain
index/delegation/setup.setup.mdx.Environment
Project (core / workloads / Dockertron)
access_config.mdx.access_config.mdx: 10-extra-policies cap; changes require Created/Error state.volumes.mdx: filesystem selection step, 1–1000 GB range, detach-on-next-deploy note.project/dockertron.mdx+powered-ai/dockertron.mdx: fixed the nonexistent "Projects > Configuration > Dockertron" menu claim (real entry points: "Dockertron IA" header button / empty-Projects prompt); PR delivery is conditional (flag defaults off) — file viewer is the always-available output; no in-place retry; removed a stale "Document version 1.0" footer.Project (build / chart)
build/build.mdx: fixed wrong defaults (Branch defaults to the Project's configured branch, not the environment name; Tag defaults to the commit hash, pluslatest); added Cache and Deploy? controls; documented the CLI's client-side 180-min--waitcutoff as independent of the server-side timeout.chart/*: documented the asynchelm templatevalidation flow (background validation → Error state + notification → auto-recovery), Deploy toggles, editing/removing dependencies, and the namespace-matching rule for extra templates; removed an unverifiable roadmap promise.es/project/build/index.mdx— stray stale duplicate ofbuild.mdx(no EN counterpart, same sidebar position, Kaniko-era content repeating the exact wrong defaults fixed above).Dependencies
Worst rot found in the audit — copy-paste between engine pages:
opensearch-aws.mdxhad SQS's entire config table;memcached-aws.mdxhad Redis text and the wrong default port (11121 → 11211);sqs-aws.mdx(ES) had OpenSearch fields appended and a Multi-AZ FAQ that doesn't apply.s3bucket-aws.mdx: added Versioning / Intelligent-Tiering / KMS fields, live name-availability check, and a new "Importing existing data" section (Import Bucket / DataSync) — previously undocumented.index.mdx: catalog was missing Aurora, MariaDB, Oracle, MSK, DocumentDB; guide list was missing 5 links; removed ~60 ES-only lines of unverifiable invented claims (automatic credential rotation, TLS-by-default).faqs.mdx: documented the pending-changes (awaiting approval) confirm/revert flow and dependency cloning — both core flows with zero prior docs.Deployment / Var Groups
vargroup/index.mdx: delete-modal deploy switch, replicated-environments warning, Dependency-owned groups not directly deletable, reveal-vs-write permissions, one-dedicated-vargroup-per-workload, same-cluster Replicate To constraint.Provider / Network / User
provider/*: org reuse on re-onboarding; Security account hidden from listings; two missing error cases in common-errors (account creation still processing / account suspended-closed); Initial-state providers deletable; deletion blocked by dependency deletion protection.network/index.mdx: added per-environment CIDR table (10.120/10.110/10.130); corrected peering to the real hub-and-spoke topology (Management ↔ Dev, Management ↔ Prod — Dev and Prod are NOT peered); dropped an unverified Transit Gateway claim; VPN described accurately (provisioned per account alongside its first cluster).user/index.mdx: no password field on the create form (set-password email instead); replaced an invented "users managed outside SleakOps" section with the real AWS/VPN-only member capability; documented Reset AWS Password / Get Pritunl Credentials, immutable fields, kubeconfig regeneration on role change.user/vpn.mdx: removed the false "24-hour URI validity" claim (code investigation: no TTL exists — profile URI is fetched fresh per request); replaced with credential-handling caution.es/user/aws_console_authentication.mdx: body was entirely untranslated English — translated.es/cluster/addons/otel.mdx: same — translated.Upgrades / Subscribe / Powered-AI
upgrades.mdx: documented the type-specific Upgrade tab for EKS Cluster Upgrades (target version + support window, downtime report, changelog, readiness-report CTA) that landed in the spec after the May alignment (docs(upgrades): align Upgrades page with feature spec #186).subscribe-using-aws.mdx: sidebar path is Settings > Billing > Subscription; button label fixed to the code-verified "Link AWS subscription with this account"; linking replaces the current subscription; documented that the new subscription requires SleakOps-side activation (no automatic path).powered-ai/autodiagnostic.mdx: corrected trigger list (Clusters/Services/Dependencies/Deployments/Builds — "Projects" doesn't exist); new FAQ scoping the Kubernetes-upgrade readiness check to EKS Cluster Upgrade migrations.powered-ai/index.mdx: Dockertron card no longer overclaims "fully deployed application".Deliberately left out (internal-only, per-spec facts with no customer surface)
HasAccessFeatureBySubscription,clone.environment,DOCKERTRON_PR_ENABLED, autodiagnostic flag names) — plan-dependent entitlement plumbing; docs state role restrictions in plain language only.external_idquirk).sleakops.com/managedlabel draft)./deployments/addunlinked route,restore-statusendpoint with no UI).Flagged for follow-up (not fixed here)
attach-to-sleakops.png(old button text) andsubscription-menu.png(pre-Billing-group sidebar) need retakes; several new sections carryTODO: screenshotmarkers.project/dockertron.mdxvspowered-ai/dockertron.mdxstill overlap in scope (factual contradictions fixed; consolidation is an IA decision).powered-ai/conversation.mdx) — page left as-is; chatbot has no as-built spec in engineering-specs yet./projects/presets/*) is substantial and completely undocumented (deliberately not squeezed into the Dockertron page since it's not an AI feature).content/tutorials/*/networking-vpc.mdxrepeats the removed Transit Gateway claim (tutorials were out of scope for this pass).build_resources.mdxfrontmattersidebar_labelstill says "Deploy Build Resources" vs the real console card "Deploy and Build Resources" (body fixed; renaming sidebar labels was out of scope).AUTODIAGNOSTIC_UNMANAGED_MANIFESTS_READINESS) may still be pending in Langfuse — the new FAQ documents intended behavior; worth confirming it's operational.🤖 Generated with Claude Code