Skip to content

docs: session meta + guide truthfulness fixes (2026-06-25 review)#680

Merged
remyluslosius merged 4 commits into
mainfrom
docs/session-meta-2026-06-25
Jun 25, 2026
Merged

docs: session meta + guide truthfulness fixes (2026-06-25 review)#680
remyluslosius merged 4 commits into
mainfrom
docs/session-meta-2026-06-25

Conversation

@remyluslosius

Copy link
Copy Markdown
Contributor

Output of the 2026-06-25 quality/security review + docs pass.

Meta-docs

Guide truthfulness fixes (verified against code)

  • --config is a global flag (Go flag parsing stops at the first non-flag arg) — openwatch migrate --config X silently ignored --config. Moved it before the subcommand in UPGRADE/QUICKSTART/ENVIRONMENT/MONITORING.
  • COMPLIANCE_CONTROLS: removed the invented analyst role + "three-tier" (real: 5 roles) and the fabricated rate-limit numbers (real: per-IP sliding window on auth endpoints).
  • API_GUIDE: the "not yet in the API" section was almost entirely false — scans/remediation/exceptions/posture/audit-export/rules all ship. Rewrote to the live surface + only genuinely-absent /metrics//security-info; added ops_lead to the role table.
  • Version sweep rc.13 → rc.14; Last Updated → 2026-06-25 on edited guides.

Security/quality review (two independent agents, findings verified)

⚠️ The audit's "538→539" suggestion is a false positive — rc.14 bundles Kensa v0.6.0 = 538 (live-scan confirmed); guides correctly say 538. Flagged in DOC-3 so it is not 'corrected' back.

Remaining guide items (SCANNING dead-endpoint appendix, USER_ROLES matrix, INSTALLATION PG-dep, DATABASE_MIGRATIONS fake output, style sweep) are tracked in DOC-3.

Document the 2026-06-25 session's in-flight work (PKG-3 #673, AUTH-1 #675/#678,
notifications Slice 1 #679, avg-compliance #676): CHANGELOG [Unreleased]
entries, a SESSION_LOG handoff entry, and a new STATUS.md one-page snapshot.
BACKLOG findings from the security review land in a follow-up commit.
…DOC-3

High-impact, verified guide defects fixed:
- UPGRADE/QUICKSTART/ENVIRONMENT/MONITORING: --config is a GLOBAL flag (Go flag
  parsing stops at the first non-flag arg), so 'openwatch migrate --config X'
  silently ignored --config. Moved --config before the subcommand everywhere.
- COMPLIANCE_CONTROLS: removed the invented 'analyst' role + 'three-tier role
  model' (real: 5 roles — viewer/auditor/ops_lead/security_admin/admin) and the
  fabricated '100/min per user, 1000/min per IP' rate-limit (real: per-IP
  sliding window on the auth endpoints).
- API_GUIDE: the 'not yet in the API' section was almost entirely false (scans,
  remediation, exceptions, posture/drift, audit export, rule browser all ship);
  rewrote it to list the live surface + only the genuinely-absent /metrics and
  /security-info. Added the missing ops_lead role to the role table.
- Version sweep rc.13 -> rc.14; bumped Last Updated to 2026-06-25 on edited guides.

BACKLOG DOC-3 captures the remaining audit items (SCANNING dead-endpoint
appendix, USER_ROLES matrix, INSTALLATION PG-dep, DATABASE_MIGRATIONS fake
output, style sweep) and flags the audit's '538->539' suggestion as a FALSE
POSITIVE — rc.14 bundles Kensa v0.6.0 = 538 (the guides correctly say 538).
@github-actions github-actions Bot added documentation Improvements or additions to documentation size/L labels Jun 25, 2026
… flake

It hard-asserts 2s and gated #676's CI under -race (passed on rerun); it missed
the 2026-06-21 perftest.Budgetf() migration the other perf tests got.
@remyluslosius remyluslosius merged commit 5d483ee into main Jun 25, 2026
13 checks passed
@remyluslosius remyluslosius deleted the docs/session-meta-2026-06-25 branch June 25, 2026 14:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

documentation Improvements or additions to documentation size/L

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant