docs: document single-binary rollout #133

jwilger · 2026-05-07T11:04:41-07:00

jwilger commented

2026-05-07 11:04:41 -07:00

Summary

Update operator, systemd, quickstart, threat-model, and release announcement docs for container-first production deployment, embedded OCI default startup, and explicit bare opt-out language.
Clarify direct binary/systemd use as a custom VM/container-image path, document existing Nix flake package/image outputs, and track first-class NixOS support in #135.
Remove the docs wording contract test, tighten TDD guidance against deterministic docs-only wording tests, and track repository-wide cleanup in #134.
Clarify binary release assets/provenance as future #121 scope without claiming they are already published.

Verification

nix develop -c cargo nextest run -p ar-gateway --no-tests=pass
nix develop -c cargo fmt --all -- --check
git diff --check

Closes #120

## Summary - Update operator, systemd, quickstart, threat-model, and release announcement docs for container-first production deployment, embedded OCI default startup, and explicit bare opt-out language. - Clarify direct binary/systemd use as a custom VM/container-image path, document existing Nix flake package/image outputs, and track first-class NixOS support in #135. - Remove the docs wording contract test, tighten TDD guidance against deterministic docs-only wording tests, and track repository-wide cleanup in #134. - Clarify binary release assets/provenance as future #121 scope without claiming they are already published. ## Verification - nix develop -c cargo nextest run -p ar-gateway --no-tests=pass - nix develop -c cargo fmt --all -- --check - git diff --check Closes #120

jwilger added 1 commit

2026-05-07 11:04:41 -07:00

docs: document single-binary rollout

CI / Nix flake check (pull_request) Failing after 1m32s

Details

CI / auto_review semantic review (pull_request) Has been skipped

Details

68376772ea

jwilger added 1 commit

2026-05-07 11:11:58 -07:00

fix(ci): include rollout docs in Nix source

CI / Nix flake check (pull_request) Successful in 3m23s

Details

CI / auto_review semantic review (pull_request) Successful in 1s

Details

auto_review auto_review: no findings

88f0c0dac2

auto-review approved these changes

2026-05-07 11:15:47 -07:00

Dismissed

auto-review left a comment

The PR introduces documentation updates and a new test to ensure the single-binary OCI rollout is accurately described. The changes appear safe to merge, with minor notes on improving clarity and error diagnostics.

jwilger reviewed

2026-05-07 11:33:40 -07:00

crates/ar-gateway/tests/single_binary_rollout_docs_contract.rs Outdated

					
				@ -0,0 +1,130 @@

				const OPERATIONS: &str = include_str!("../../../docs/OPERATIONS.md");

These kinds of tests with deterministic checks for language in documentation are completely worthless. Remove this and create a follow-up issue to remove all such tests from the repository and add the necessary guardrails and review guidance to prevent this in the future. We write tests to cover production code and sometimes to cover developer utility scripts if they are essential to have correct. Otherwise...use better judgement.

These kinds of tests with deterministic checks for language in documentation are completely worthless. Remove this and create a follow-up issue to remove *all* such tests from the repository and add the necessary guardrails and review guidance to prevent this in the future. We write tests to cover production code and sometimes to cover developer utility scripts if they are essential to have correct. Otherwise...use better judgement.

Reflection: I treated documentation wording as something that needed deterministic test pressure instead of recognizing this was docs-only prose that should be reviewed directly. Classification: guardrail-gap; the existing TDD guidance exempted docs-only work but did not explicitly forbid docs wording tests.

Remediation: removed single_binary_rollout_docs_contract.rs, removed its now-unneeded flake source inclusions, tightened the TDD guidance to say docs-only wording should not get deterministic tests, and opened follow-up #134 to inventory/remove any remaining docs wording tests.

Reflection: I treated documentation wording as something that needed deterministic test pressure instead of recognizing this was docs-only prose that should be reviewed directly. Classification: guardrail-gap; the existing TDD guidance exempted docs-only work but did not explicitly forbid docs wording tests. Remediation: removed `single_binary_rollout_docs_contract.rs`, removed its now-unneeded flake source inclusions, tightened the TDD guidance to say docs-only wording should not get deterministic tests, and opened follow-up #134 to inventory/remove any remaining docs wording tests.

jwilger marked this conversation as resolved

deploy/systemd/README.md Outdated

					
				@ -5,12 +5,19 @@ For self-hosters who run the gateway directly on a Linux host

				[`docker-compose.yml`](../docker-compose.yml) as the third

				deploy option.

				The Docker/OCI image is still the recommended production deployment because it

For both this and the bare command without systemd, it would be worth noting that the reason these are provided is for people who want to build the program into their own, custom container images or VMs.

Also, we should provide capability and instructions for using this program in Nix/NixOS via our flake.nix if we don't already. It should support deploying containerized, deploying via systemd, or just installing the program.

For both this and the bare command without systemd, it would be worth noting that the *reason* these are provided is for people who want to build the program into their own, custom container images or VMs. Also, we should provide capability and instructions for using this program in Nix/NixOS via our flake.nix if we don't already. It should support deploying containerized, deploying via systemd, or just installing the program.

Reflection: I documented bare/systemd mechanics without explaining the intended operator use case for those paths, and I did not separate existing flake capabilities from missing NixOS deployment support. Classification: one-off for the wording gap; the NixOS module support is new scope tracked separately.

Remediation: clarified that bare/systemd direct-binary paths exist for operators building custom VM/container images, added the same context to the bare quickstart path, documented the existing flake package/image outputs, and opened follow-up #135 for first-class NixOS module/deployment support.

Reflection: I documented bare/systemd mechanics without explaining the intended operator use case for those paths, and I did not separate existing flake capabilities from missing NixOS deployment support. Classification: one-off for the wording gap; the NixOS module support is new scope tracked separately. Remediation: clarified that bare/systemd direct-binary paths exist for operators building custom VM/container images, added the same context to the bare quickstart path, documented the existing flake package/image outputs, and opened follow-up #135 for first-class NixOS module/deployment support.

jwilger marked this conversation as resolved

jwilger referenced this pull request

2026-05-07 11:44:28 -07:00

Remove deterministic docs wording tests and tighten test guidance #134

jwilger referenced this pull request

2026-05-07 11:44:28 -07:00

Add first-class NixOS deployment support #135

jwilger added 1 commit

2026-05-07 11:47:14 -07:00

docs: address rollout review feedback

CI / Nix flake check (pull_request) Successful in 3m20s

Details

CI / auto_review semantic review (pull_request) Successful in 2s

Details

auto_review auto_review: no findings

Publish release / release-publish (pull_request) Has been skipped

Details

d87378d6f2

jwilger dismissed auto-review's review

2026-05-07 11:47:14 -07:00

Reason:

New commits pushed, approval review dismissed automatically according to repository settings

auto-review approved these changes

2026-05-07 11:51:35 -07:00

auto-review left a comment

This PR updates documentation to clarify deployment options and testing guidance, particularly around the use of deterministic tests for documentation wording. The changes align with the project's focus on container-first deployment and human review for docs-only changes.

Walkthrough

Δ since `88f0c0d`:

Documentation Updates:
- Clarified the use of bare mode for local evaluation and custom VM/container images in QUICKSTART.md and OPERATIONS.md.
- Updated systemd/README.md to specify its use for custom deployments.
- Removed deterministic tests for documentation wording, aligning with new TDD guidance.
Nix Flake:
- Documented the Nix flake outputs for building binaries and OCI images, aiding Nix users in deployment.

This PR updates documentation to clarify deployment options and testing guidance, particularly around the use of deterministic tests for documentation wording. The changes align with the project's focus on container-first deployment and human review for docs-only changes. ## Walkthrough ### Δ since 88f0c0d: - **Documentation Updates**: - Clarified the use of bare mode for local evaluation and custom VM/container images in `QUICKSTART.md` and `OPERATIONS.md`. - Updated `systemd/README.md` to specify its use for custom deployments. - Removed deterministic tests for documentation wording, aligning with new TDD guidance. - **Nix Flake**: - Documented the Nix flake outputs for building binaries and OCI images, aiding Nix users in deployment.

jwilger merged commit 0cbd567162 into main

2026-05-07 11:51:55 -07:00

jwilger referenced this pull request from a commit

2026-05-07 11:51:57 -07:00

docs: document single-binary rollout (#133)

Sign in to join this conversation.

No reviewers