docs: add v3.6.1 serving-multiversion-unpack content

styk-tv · styk-tv · commit a62e251b462a · 2026-04-06T12:06:54.000+01:00
- Add versioning.md: git model, tag prefixes, Git2PROV/DOAP
  provenance, .git-ref stamps, bare repo architecture
- Update operator.md: version materialisation section covering
  serving.json retirement, CK.Project spec.versions, deploy.materialise
  step, per-version PVs/HTTPRoutes, GC, backward compatibility
- Update introduction.md: v3.6.1 in release train, version-pinned
  design principle updated (CR replaces serving.json)
- Update changelog.md: full v3.6.1 entry with D1-D9 coverage
- Update config.mts: Versioning page in v3.6 sidebar
diff --git a/docs/.vitepress/config.mts b/docs/.vitepress/config.mts
@@ -112,6 +112,7 @@ export default withMermaid(defineConfig({
             { text: 'ConceptKernel CRD', link: '/v3.6/crd' },
             { text: 'Evidence-Based Proof', link: '/v3.6/proof' },
             { text: 'Reconciliation & Logging', link: '/v3.6/reconciliation' },
+            { text: 'Versioning', link: '/v3.6/versioning' },
           ]
         },
         {
diff --git a/docs/v3.6/changelog.md b/docs/v3.6/changelog.md
@@ -41,6 +41,59 @@ v3.5-alpha6 was the last deployed incremental release. v3.6 adds:
 
 ---
 
+## v3.6.1 -- serving-multiversion-unpack <Badge type="info" text="SPEC" />
+
+**Date:** 2026-04-06 | **Implements:** CK.Operator v1.3.0
+
+Version materialisation moves from `serving.json` on disk to the CK.Project custom resource. The CK volume becomes purely immutable -- no write-through exceptions.
+
+### What Changes
+
+- **serving.json retired** -- no longer exists on disk. The three problems it created (write-through hack, inert file, decorative git refs) are dissolved.
+- **CK.Project `spec.versions`** -- named versions with git commit ref and URL route prefix. Version state is in etcd, not the filesystem.
+- **`spec.repo`** -- upstream git URL. The operator clones to scratch space and runs `git archive` locally (FUSE mounts cannot host bare repos).
+- **`deploy.materialise` step** -- new reconciliation step between `deploy.namespace` and `deploy.storage`. Streams `git archive` output to filer at `/ck/v/{tag}/{kernel}/`.
+- **`.git-ref` stamp** -- each materialised directory contains the exact commit hash. Implements `prov:wasGeneratedBy` from Git2PROV.
+- **Per-version PVs** -- `ck-{project}-{kernel}-{tag}`, each pointing to `/ck/v/{tag}/{kernel}`. When a tag's ref changes, content updates without PV recreation.
+- **Per-version HTTPRoutes** -- longest-prefix-first routing. Each version gets its own deployment and route rule.
+- **Garbage collection** -- filer paths under `/ck/v/` not referenced by any CK.Project version are deleted after reconciliation.
+- **Shared kernel optimisation** -- identical tree hashes across versions share one filer copy.
+- **Backward compatible** -- no `spec.versions` means flat layout, existing projects unchanged.
+
+### Git Model (D9)
+
+- One repo per project. CK + TOOL in same repo, DATA never in git.
+- Tag prefix convention: `ck/{kernel}/vX.Y.Z`, `tool/{kernel}/vX.Y.Z` for independent loop versioning.
+- Per-loop overrides: `ck_ref` and `tool_ref` in version declarations for split CK/TOOL tags.
+- Ontological grounding: DOAP for repo metadata, Git2PROV (PROV-O) for commit provenance.
+
+### Deficiencies Resolved
+
+| Deficiency | Resolution |
+|-----------|-----------|
+| D1: No version materialisation | `git archive` from bare repo, commit-pinned |
+| D3: No serving.json write-through | serving.json retired, version state in CR |
+| D6: No git integration on filer | Bare repo on scratch, `.git-ref` traceability |
+
+### New CK.Project CRD Fields
+
+| Field | Type | Required | Description |
+|-------|------|----------|-------------|
+| `spec.repo` | string | MUST (if versions declared) | Upstream git URL |
+| `spec.versions` | array | SHOULD | Version declarations |
+| `spec.versions[].name` | string | MUST | Tag name (used in PV names, filer paths, routes) |
+| `spec.versions[].ref` | string | MUST | Git commit hash to materialise |
+| `spec.versions[].route` | string | MUST | URL path prefix |
+| `spec.versions[].ck_ref` | string | MAY | CK loop tag override |
+| `spec.versions[].tool_ref` | string | MAY | TOOL loop tag override |
+
+### New Ontology Classes
+
+- `VersionDeclaration` -- named version pinned to a git commit, mapped to a URL route
+- `GitRepoConfig` -- upstream git repository location
+
+---
+
 ## Incremental Versions (v3.5.x)
 
 All notable changes in the development increments that compose v3.6. Each version was an independently shippable increment. Versions marked DEPLOYED have running proof on the reference cluster.
diff --git a/docs/v3.6/introduction.md b/docs/v3.6/introduction.md
@@ -73,7 +73,7 @@ All inter-kernel communication MUST use NATS messaging. HTTP is for static web s
 
 ### 4. Version-Pinned
 
-Containers SHALL see only the versions declared in `serving.json`. No arbitrary version access. This prevents version drift and ensures reproducible behaviour across the fleet.
+Containers SHALL see only the versions declared in the CK.Project CR (`spec.versions`). No arbitrary version access. This prevents version drift and ensures reproducible behaviour across the fleet. Version state lives in the Kubernetes control plane, not on the filesystem.
 
 ### 5. Provenance-Mandatory
 
@@ -174,6 +174,11 @@ v3.5.15 Task execution engine                                    PLANNED
 v3.5.16 Agent Teams                                              PLANNED
 ---------------------------------------------------------------------
 v3.6    Full release -- sum of all above
+
+v3.6.1  serving-multiversion-unpack (CK.Operator v1.3.0)       SPEC
+        Version materialisation via CK.Project CR
+        serving.json retired, git archive -> filer pipeline
+        Per-version PVs, HTTPRoutes, garbage collection
 ```
 
 ### Why This Model
@@ -282,6 +287,7 @@ The v3.6 docs are organized by capability, not by version number. Each page expl
 | [Sessions](/v3.6/sessions) | Multi-user NATS sessions (v3.5.14, planned) |
 | [Task Engine](/v3.6/task-engine) | Consensus-driven headless execution (v3.5.15, planned) |
 | [Agent Teams](/v3.6/agent-teams) | Multi-kernel coordination (v3.5.16, planned) |
+| [Versioning](/v3.6/versioning) | Git model, tag prefixes, .git-ref provenance (v3.6.1) |
 | [Changelog](/v3.6/changelog) | Full version-by-version changelog |
 
 ::: info Logical Analysis Note
diff --git a/docs/v3.6/operator.md b/docs/v3.6/operator.md
@@ -78,6 +78,133 @@ The `project.deploy` action follows a deterministic 10-step sequence. Each step
 
 For the full step-by-step breakdown, see [Reconciliation Lifecycle](./reconciliation).
 
+## Version Materialisation (v3.6.1)
+
+::: info v3.6.1 -- serving-multiversion-unpack
+This section documents the version materialisation model introduced in v3.6.1, implemented in CK.Operator v1.3.0. See [Versioning](./versioning) for the full git model.
+:::
+
+### serving.json Is Retired
+
+Prior to v3.6.1, `serving.json` was the sole exception to the CK loop's read-only policy. It declared which version was active via `ck_ref` and `tool_ref` fields. This created three problems that could not be cleanly solved:
+
+1. **Write-through hack** -- the CK volume had to be writable for one file, breaking the separation axiom.
+2. **Inert file** -- `serving.json` existed on disk but was not enforced by the runtime, making it decorative.
+3. **Decorative refs** -- the git branch names in `serving.json` had no mechanism to resolve to actual commit hashes.
+
+v3.6.1 dissolves all three problems by moving version state from the filesystem to the Kubernetes control plane. `serving.json` no longer exists on disk. The CK volume is purely ReadOnlyMany with no exceptions.
+
+### Version State in CK.Project CR
+
+Version declarations live in the CK.Project custom resource:
+
+```yaml
+spec:
+  repo: https://github.com/ConceptKernel/kernels.git
+  versions:
+    - name: live
+      ref: abc123f
+      route: /
+    - name: staging
+      ref: def4567
+      route: /staging
+    - name: review-pr-42
+      ref: 789feda
+      route: /review/pr-42
+```
+
+The operator reads `spec.versions`, materialises each version from the git repository, and creates per-version PVs and HTTPRoute rules. A version promotion is a CK.Project resource update -- `kubectl patch`, NATS command, or operator API. Standard Kubernetes-native workflow with etcd history.
+
+### Materialisation Pipeline
+
+The reconciliation lifecycle gains a new step, `deploy.materialise`, inserted between `deploy.namespace` and `deploy.storage`:
+
+```
+Reconciliation lifecycle (v3.6.1):
+
+  1. deploy.namespace
+  2. deploy.materialise          -- NEW: git archive -> filer
+  3. deploy.storage.ck
+  4. deploy.storage.data
+  5. deploy.processors
+  6. deploy.web
+  7. deploy.routing
+  8. deploy.conceptkernels
+  9. deploy.auth
+  10. deploy.graph
+  11. deploy.endpoint
+```
+
+For each version in `spec.versions`, the materialise step:
+
+1. Checks if `/ck/v/{tag}/{kernel}/.git-ref` exists on filer
+2. If it exists and contains the same ref -- skip (already current)
+3. If missing or different ref:
+   - Runs `git archive {ref}:{kernel}/` from the bare repo
+   - Uploads the archive to filer at `/ck/v/{tag}/{kernel}/`
+   - Writes the commit hash to `/ck/v/{tag}/{kernel}/.git-ref`
+4. Ensures PV `ck-{project}-{kernel}-{tag}` exists pointing to `/ck/v/{tag}/{kernel}`
+5. Ensures PVC is bound
+
+### Per-Version PVs and HTTPRoutes
+
+Each declared version gets its own PersistentVolume and routing rule:
+
+```yaml
+# Per-version CK volume
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: ck-delvinator-core-live
+spec:
+  accessModes: [ReadOnlyMany]
+  capacity:
+    storage: 50Gi
+  csi:
+    driver: seaweedfs-csi-driver
+    volumeHandle: ck-delvinator-core-live
+    volumeAttributes:
+      path: "/ck/v/live/Delvinator.Core"
+```
+
+HTTPRoute rules are ordered longest-prefix first, so `/staging` matches before `/`:
+
+```yaml
+spec:
+  hostnames: [delvinator.tech.games]
+  rules:
+    - matches:
+        - path: { type: PathPrefix, value: /staging }
+      backendRefs:
+        - name: delvinator-staging
+    - matches:
+        - path: { type: PathPrefix, value: / }
+      backendRefs:
+        - name: delvinator-live
+```
+
+When a tag's ref changes, the PV is not recreated -- the filer path is stable (keyed by tag name). Content changes when the operator re-materialises. Pods pick up new content on rolling restart.
+
+### Version Lifecycle via CR
+
+| CR Change | Operator Action |
+|-----------|-----------------|
+| Add version | Materialise, create deployment + PV/PVC + route rule |
+| Change version ref | Re-materialise, roll pods |
+| Remove version | Delete deployment, PV/PVC, route rule, GC filer path |
+
+### Garbage Collection
+
+After reconciliation, the operator scans `/ck/v/` on the filer and deletes directories not referenced by any active version in any CK.Project resource. GC logs every deletion and never removes directories referenced by other projects.
+
+### Shared Kernel Optimisation
+
+When two versions reference the same git tree hash for a kernel (e.g., the CK loop has not changed between live and staging), the operator reuses one filer copy. The PV for the second version points to the first version's filer path -- no duplicate storage.
+
+### Backward Compatibility
+
+If `spec.versions` is absent from a CK.Project resource, the operator falls back to the current flat layout (`/ck/{KernelName}/`). Existing projects deployed without version declarations continue to work unchanged.
+
 ### What Each Step Creates
 
 **deploy.namespace**: Namespace `ck-{subdomain}`, ServiceAccount `ckp-runtime`, NetworkPolicies (default-deny, allow-nats, allow-dns, allow-gateway).
@@ -361,7 +488,7 @@ The v3.5.7 `patch` addition was necessary for idempotent updates. Without it, `k
 
 **Contradiction identified:** The v3.5.2 delta spec says "13 checks" for the initial deployment, but the v3.5.5 changelog says "13 infra + 2 auth" totaling 15. The v3.5.2 deployment output shows 13/13 checks passing (before auth existed). After v3.5.5, the count became 15/15. The documentation is consistent -- the count increased when auth was added. Not a contradiction, but worth noting for readers comparing version outputs.
 
-**Gap identified:** The operator does not currently support canary deployments. `serving.json` defines stable/canary/develop versions with weights, but the operator does not create weighted route rules. This is documented in the v3.5-alpha6 operator roadmap as a future version.
+**Gap resolved (v3.6.1):** The operator now supports multi-version deployments via `spec.versions` in the CK.Project CR. `serving.json` has been retired. Each named version gets its own deployment, PV, and HTTPRoute rule. Weighted canary routing is not yet supported -- versions are routed by URL path prefix, not traffic weight.
 :::
 
 ## Conformance Requirements
diff --git a/docs/v3.6/versioning.md b/docs/v3.6/versioning.md

Original file line number	Diff line number	Diff line change
`@@ -112,6 +112,7 @@ export default withMermaid(defineConfig({`
`112`	`112`	`{ text: 'ConceptKernel CRD', link: '/v3.6/crd' },`
`113`	`113`	`{ text: 'Evidence-Based Proof', link: '/v3.6/proof' },`
`114`	`114`	`{ text: 'Reconciliation & Logging', link: '/v3.6/reconciliation' },`
	`115`	`+ { text: 'Versioning', link: '/v3.6/versioning' },`
`115`	`116`	`]`
`116`	`117`	`},`
`117`	`118`	`{`