Skip to content

CNTRLPLANE-3718: Add Agentic SDLC context files#363

Open
sanchezl wants to merge 5 commits into
openshift:mainfrom
sanchezl:contextification-docs
Open

CNTRLPLANE-3718: Add Agentic SDLC context files#363
sanchezl wants to merge 5 commits into
openshift:mainfrom
sanchezl:contextification-docs

Conversation

@sanchezl

@sanchezl sanchezl commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Migrate CLAUDE.md to AGENTS.md with symlink (Claude Code still discovers it automatically)
  • Add CONTRIBUTING.md with development workflow, testing, commit conventions, and OWNERS structure
  • Rewrite README.md with concise quick-start, OTE examples, and doc links
  • Add ARCHITECTURE.md with component overview, CA rotation lifecycle, design decisions grounded in work-log research

Details

All four files are cross-referenced and consistent. AGENTS.md links to ARCHITECTURE.md for detailed architecture rather than duplicating it.

Design Decisions in ARCHITECTURE.md are sourced from code analysis, git history, and internal research notes — not just inferred from code structure.

Test plan

  • Verify CLAUDE.md symlink resolves: readlink CLAUDE.mdAGENTS.md
  • Verify all cross-references between docs resolve
  • Verify build commands in docs match Makefile: make build, make test-unit, make verify

Summary by CodeRabbit

  • Documentation
    • Added new repository guidance covering architecture, contribution workflow, and AI agent instructions.
    • Expanded the README with a Quick Start section, build/test commands, and streamlined test framework usage.
    • Added a detailed architecture overview for the operator’s design, reconciliation flow, CA rotation, and supported platform scenarios.
    • Removed an older assistant guidance document.

sanchezl added 5 commits June 24, 2026 17:48
Rename CLAUDE.md to AGENTS.md and add quick-reference sections
(critical rules, key patterns, prohibitions, repository layout).
CLAUDE.md is now a symlink to AGENTS.md so Claude Code continues
to discover it automatically.
- Add ARCHITECTURE.md link to README.md and AGENTS.md
- Replace duplicated Architecture section in AGENTS.md with link
  to ARCHITECTURE.md
- Standardize single-test example to TestName across all docs
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Jun 24, 2026
@openshift-ci-robot

openshift-ci-robot commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

@sanchezl: This pull request references CNTRLPLANE-3718 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Summary

  • Migrate CLAUDE.md to AGENTS.md with symlink (Claude Code still discovers it automatically)
  • Add CONTRIBUTING.md with development workflow, testing, commit conventions, and OWNERS structure
  • Rewrite README.md with concise quick-start, OTE examples, and doc links
  • Add ARCHITECTURE.md with component overview, CA rotation lifecycle, design decisions grounded in work-log research

Details

All four files are cross-referenced and consistent. AGENTS.md links to ARCHITECTURE.md for detailed architecture rather than duplicating it.

Design Decisions in ARCHITECTURE.md are sourced from code analysis, git history, and internal research notes — not just inferred from code structure.

Test plan

  • Verify CLAUDE.md symlink resolves: readlink CLAUDE.mdAGENTS.md
  • Verify all cross-references between docs resolve
  • Verify build commands in docs match Makefile: make build, make test-unit, make verify

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci

openshift-ci Bot commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign atiratree for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@coderabbitai

coderabbitai Bot commented Jun 24, 2026

Copy link
Copy Markdown

Walkthrough

The PR adds and revises repository documentation for agent instructions, contributing workflow, architecture reference material, and README onboarding/test guidance. It also removes the previous CLAUDE guidance content.

Changes

Repository Documentation Refresh

Layer / File(s) Summary
Agent and contributor instructions
AGENTS.md, CONTRIBUTING.md
AGENTS.md adds repository-wide AI instructions, CONTRIBUTING.md adds prerequisites, workflow, testing, PR, commit, and review guidance, and the prior CLAUDE.md guidance is removed.
Architecture reference
ARCHITECTURE.md
Adds scope, component responsibilities, reconciliation flow, CA rotation, resource management, platform-specific behavior, and design-decision details.
README onboarding and test guide
README.md
Replaces the long controller overview with a shorter summary and reorganizes quick start, OTE testing, documentation, and related-repository sections.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 15
✅ Passed checks (15 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the documentation-focused addition of agentic SDLC context files.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed PR only changes AGENTS.md and README.md; no changed file uses Ginkgo DSL, and the only test example is the static TestName.
Test Structure And Quality ✅ Passed PASS: The PR only adds/edits documentation files; no Ginkgo test code was changed, so the test-quality check is not applicable.
Microshift Test Compatibility ✅ Passed The PR diff only changes markdown docs (AGENTS.md, README.md); no new Ginkgo e2e tests or MicroShift-unsupported APIs/features were added.
Single Node Openshift (Sno) Test Compatibility ✅ Passed PR only updates markdown docs; no new Ginkgo e2e specs or SNO-sensitive test logic were added.
Topology-Aware Scheduling Compatibility ✅ Passed Only docs changed (AGENTS/ARCHITECTURE/CONTRIBUTING/README), with no manifests/controllers touched; CLAUDE.md is just a symlink to AGENTS.md.
Ote Binary Stdout Contract ✅ Passed Only documentation files changed (AGENTS/ARCHITECTURE/CLAUDE/CONTRIBUTING/README); no process-level code or stdout writes were introduced.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed This PR only adds/updates docs and a CLAUDE.md symlink; no new Ginkgo e2e tests or network code were added, so the IPv6/disconnected check is not applicable.
No-Weak-Crypto ✅ Passed Only docs changed; exact scans of AGENTS/ARCHITECTURE/CONTRIBUTING/README found no weak algorithms, custom crypto, or non-constant-time secret/token compares.
Container-Privileges ✅ Passed Scanned the PR’s deployment manifests and repo YAML; found no privileged:true, hostPID/hostNetwork/hostIPC, allowPrivilegeEscalation:true, SYS_ADMIN, or runAsUser:0.
No-Sensitive-Data-In-Logs ✅ Passed Docs-only PR; scanned AGENTS/ARCHITECTURE/CONTRIBUTING/README for secrets, PII, hostnames, and log-like leaks, and found none.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@ARCHITECTURE.md`:
- Around line 29-37: The controller package paths in the architecture table are
inconsistent with the repo layout and should be normalized. Update the Package
column entries to use the actual controller paths from the codebase, especially
the serving cert controller path referenced by starter.go, so the table matches
the navigable package structure. Keep the same controller names, but correct
each package reference to the real `pkg/controller/...` locations used in the
repository.
- Around line 57-65: The CA rotation timeline example is internally inconsistent
because the automated rotation trigger does not line up with the 26-month
lifetime and the “remaining < 13m” condition. Update the timeline in
ARCHITECTURE.md so the rotation point referenced by the example is consistent
with the trigger logic in the signing CA lifetime explanation, either by
changing the trigger threshold or adjusting the T+13m event to reflect when the
condition actually becomes true.

In `@README.md`:
- Line 34: The README link is pointing to the wrong location because the
`enhancements/` path segment is missing from the GitHub URL. Update the existing
documentation link in README so it matches the adjacent link pattern and points
to the correct `openshift/enhancements` path for the “Testing a
ClusterOperator/Operand image in a cluster” section.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 6902ad55-1fe2-40cc-a076-0323fe97b2b5

📥 Commits

Reviewing files that changed from the base of the PR and between 35cf518 and aa84198.

📒 Files selected for processing (6)
  • AGENTS.md
  • ARCHITECTURE.md
  • CLAUDE.md
  • CLAUDE.md
  • CONTRIBUTING.md
  • README.md

Comment thread ARCHITECTURE.md
Comment on lines +29 to +37
| Controller | Package | Watches | Reconciles |
|-----------|---------|---------|------------|
| Serving Cert Signer | `servingcert/controller/` | Services, Secrets | Creates TLS Secrets for annotated Services |
| Serving Cert Updater | `servingcert/controller/` | Services, Secrets | Refreshes certs approaching expiry |
| ConfigMap CA Injector | `cabundleinjector/configmap.go` | ConfigMaps | Injects CA bundle into annotated ConfigMaps |
| APIService CA Injector | `cabundleinjector/apiservice.go` | APIServices | Sets `spec.caBundle` on annotated APIServices |
| Webhook CA Injectors | `cabundleinjector/admissionwebhook.go` | Mutating/ValidatingWebhookConfigs | Sets `caBundle` on annotated webhooks |
| CRD CA Injector | `cabundleinjector/crd.go` | CRDs | Sets conversion webhook `caBundle` |
| Legacy Vulnerable Injector | `cabundleinjector/configmap.go` | ConfigMaps named `openshift-service-ca.crt` | Injects legacy bundle for pre-4.7 upgraded clusters |

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Normalize the controller paths.

The package column drops pkg/controller/, and servingcert/controller/ does not match the repo layout. That makes the table harder to use as a navigation aid.

Based on the repo layout in AGENTS.md and pkg/controller/servingcert/starter/starter.go.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ARCHITECTURE.md` around lines 29 - 37, The controller package paths in the
architecture table are inconsistent with the repo layout and should be
normalized. Update the Package column entries to use the actual controller paths
from the codebase, especially the serving cert controller path referenced by
starter.go, so the table matches the navigable package structure. Keep the same
controller names, but correct each package reference to the real
`pkg/controller/...` locations used in the repository.

Comment thread ARCHITECTURE.md
Comment on lines +57 to +65
The signing CA has a 26-month lifetime, designed around the 12-month maximum upgrade interval:

```
T+0m CA-1 created (or rotated)
T+12m Cluster upgraded, all pods restarted
T+13m Automated rotation: CA-1 remaining < 13m → CA-2 created
T+24m Cluster upgraded again, all pods restarted
T+26m CA-1 expires (no impact — pods already restarted)
```

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Make the rotation example internally consistent.

T+13m conflicts with the preceding remaining < 13m trigger on a 26-month CA. At exactly 13 months remaining, the condition is still false, so the example reads as off by one.

Based on the CA rotation timeline in this file.

🧰 Tools
🪛 markdownlint-cli2 (0.22.1)

[warning] 59-59: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ARCHITECTURE.md` around lines 57 - 65, The CA rotation timeline example is
internally inconsistent because the automated rotation trigger does not line up
with the 26-month lifetime and the “remaining < 13m” condition. Update the
timeline in ARCHITECTURE.md so the rotation point referenced by the example is
consistent with the trigger logic in the signing CA lifetime explanation, either
by changing the trigger threshold or adjusting the T+13m event to reflect when
the condition actually becomes true.

Comment thread README.md
### Running in a Cluster

### Building the test binary
See [Testing a ClusterOperator/Operand image in a cluster](https://github.com/openshift/enhancements/blob/master/dev-guide/operators.md#how-can-i-test-changes-to-an-openshift-operatoroperandrelease-component).

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Fix the documentation link.

The URL is missing the enhancements/ path segment, so it points to the wrong location in the openshift/enhancements repo.

Based on the adjacent link pattern in this README.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@README.md` at line 34, The README link is pointing to the wrong location
because the `enhancements/` path segment is missing from the GitHub URL. Update
the existing documentation link in README so it matches the adjacent link
pattern and points to the correct `openshift/enhancements` path for the “Testing
a ClusterOperator/Operand image in a cluster” section.

@openshift-ci

openshift-ci Bot commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

@sanchezl: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@openshift-ci openshift-ci Bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jun 28, 2026
@openshift-ci

openshift-ci Bot commented Jun 28, 2026

Copy link
Copy Markdown
Contributor

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants