Skip to content

Commit cc2114e

Browse files
authored
docs(architecture): reset subsystem docs (#1184)
1 parent fe41d67 commit cc2114e

39 files changed

Lines changed: 891 additions & 10984 deletions

.agents/skills/build-from-issue/SKILL.md

Lines changed: 6 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -185,7 +185,7 @@ gh issue comment <id> --body "$(cat <<'EOF'
185185
- <risk or unknown that may need human input>
186186
187187
### Documentation Impact
188-
- <which architecture/ docs will need updating, or "None expected">
188+
- <docs expected per AGENTS.md, or "None expected">
189189
190190
---
191191
*Revision 1 — initial plan*
@@ -431,18 +431,9 @@ Do not proceed to PR creation if E2E verification is not green.
431431

432432
### Step 11: Update Documentation
433433

434-
Use the `arch-doc-writer` sub-agent to update architecture documentation. Use the Task tool:
435-
436-
```
437-
Task tool with subagent_type="arch-doc-writer"
438-
```
439-
440-
In the prompt, provide:
441-
- Which files were changed and why (from the plan + any deviations)
442-
- The issue context (what was built/fixed)
443-
- Which architecture docs in `architecture/` are likely affected
444-
445-
Launch one `arch-doc-writer` instance per documentation file that needs updating. If no documentation changes are needed, the `arch-doc-writer` will make that determination.
434+
Review the documentation requirements in `AGENTS.md` and update any affected
435+
docs as part of the implementation. Keep documentation changes scoped to the
436+
behavior or subsystem that changed.
446437

447438
### Step 12: Commit and Push
448439

@@ -502,10 +493,9 @@ Closes #<issue-id>
502493
## Checklist
503494
- [x] Follows Conventional Commits
504495
- [x] Commits are signed off (DCO)
505-
- [x] Architecture docs updated (if applicable)
506496
507497
**Documentation updated:**
508-
- `<architecture/doc.md>`: <what was updated>
498+
- `<doc path>`: <what was updated, or "None needed">
509499
EOF
510500
)"
511501
```
@@ -537,7 +527,7 @@ PR: [#<pr-number>](https://github.com/OWNER/REPO/pull/<pr-number>)
537527
- E2E: <count or N/A>
538528
539529
### Docs updated
540-
- <list of updated architecture docs, or "None needed">
530+
- <list of updated docs, or "None needed">
541531
542532
The issue will auto-close when the PR is merged.
543533
EOF
@@ -691,7 +681,6 @@ User says: "Build issue #42"
691681
7. Add unit tests for pagination logic, integration tests for both endpoints
692682
8. `mise run pre-commit` passes on first attempt
693683
9. E2E tests skipped (no changes under `e2e/`)
694-
10. `arch-doc-writer` updates `architecture/gateway.md` with pagination details
695684
10. Commit, push, create PR with `Closes #42`
696685
11. Post summary comment on issue with PR link
697686
12. Update labels: remove `state:in-progress` + `state:review-ready`, add `state:pr-opened`

.agents/skills/create-github-pr/SKILL.md

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -158,7 +158,6 @@ PR descriptions must follow the project's [PR template](.github/PULL_REQUEST_TEM
158158
## Checklist
159159
- [ ] Follows Conventional Commits
160160
- [ ] Commits are signed off (DCO)
161-
- [ ] Architecture docs updated (if applicable)
162161
```
163162

164163
Populate the testing checklist based on what was actually run. Check boxes for steps that were completed.
@@ -193,7 +192,6 @@ Closes #456
193192
194193
- [x] Follows Conventional Commits
195194
- [x] Commits are signed off (DCO)
196-
- [ ] Architecture docs updated (if applicable)
197195
EOF
198196
)"
199197
```

.agents/skills/fix-security-issue/SKILL.md

Lines changed: 7 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -157,24 +157,10 @@ If the review identified a specific exploit scenario, verify that it is no longe
157157

158158
## Step 7: Update Documentation
159159

160-
Use the `arch-doc-writer` sub-agent to update any architecture documentation affected by the fix. Use the Task tool:
161-
162-
```
163-
Task tool with subagent_type="arch-doc-writer"
164-
```
165-
166-
In the prompt, provide:
167-
- Which files were changed and why
168-
- The security context (what vulnerability was fixed)
169-
- Which architecture docs in `architecture/` are likely affected
170-
171-
The `arch-doc-writer` will determine which docs need updating and make the changes. Common cases include:
172-
- A new validation layer or middleware was added
173-
- An API contract changed (new required headers, changed error responses, etc.)
174-
- Access control or authentication flow was modified
175-
- Network or infrastructure security boundaries changed
176-
177-
If the fix is purely internal (e.g., switching to parameterized queries with no external behavior change), documentation updates may not be needed -- let the `arch-doc-writer` make that determination.
160+
Review the documentation requirements in `AGENTS.md` and update any affected
161+
docs as part of the security fix. If the fix is purely internal, such as
162+
switching to parameterized queries with no external behavior change,
163+
documentation updates may not be needed.
178164

179165
## Step 8: Commit, Push, and Open PR
180166

@@ -232,7 +218,7 @@ Closes #<issue-id>
232218
- **Integration/E2E:** <test file and what it covers, or "N/A" if not applicable>
233219
234220
### Documentation Updated
235-
- `<architecture/doc.md>`: <what was updated>
221+
- `<doc path>`: <what was updated, or "None needed">
236222
237223
### Verification
238224
<how the fix was verified -- tests passed, exploit scenario tested, etc.>
@@ -281,7 +267,7 @@ User says: "Fix security issue #42"
281267
4. Create branch `fix/security-42-input-sanitization`
282268
5. Implement the fix
283269
6. Add unit tests for the sanitization function and an integration test for the endpoint
284-
7. Run `arch-doc-writer` to update `architecture/sandbox.md` with the new input validation layer
270+
7. Update affected documentation per `AGENTS.md`, if needed
285271
8. Commit, push, and open PR with `Closes #42`
286272
9. Report the PR link and changes to the user
287273

@@ -294,7 +280,7 @@ User says: "Fix any ready security issues"
294280
3. Fetch the review comment -- determination is "Legitimate concern"
295281
4. Implement parameterized queries
296282
5. Add `test_rejects_sql_injection_in_search_query` unit test and e2e test for the search endpoint
297-
6. `arch-doc-writer` updates API docs to note the query parameter validation
283+
6. Update affected documentation per `AGENTS.md`, if needed
298284
7. Commit, push, open PR with `Closes #78`, report to user
299285

300286
### Issue with non-actionable review

.agents/skills/generate-sandbox-policy/SKILL.md

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -155,19 +155,19 @@ You may need to go back and forth a few times. Keep the loop tight:
155155
Read the full policy schema reference:
156156

157157
```
158-
Read architecture/security-policy.md
158+
Read docs/reference/policy-schema.mdx
159159
```
160160

161161
Key sections to reference:
162-
- **Full YAML Policy Schema** — top-level structure
162+
- **Policy Schema Reference** — top-level structure
163163
- **`network_policies`** — rule structure
164164
- **`NetworkEndpoint`** fields — host, port, protocol, tls, enforcement, access, rules, allowed_ips
165165
- **`L7Rule` / `L7Allow`** — method + path matching
166166
- **Access Presets**`read-only`, `read-write`, `full`
167167
- **Private IP Access via `allowed_ips`** — CIDR allowlist for private IP space
168168
- **Validation Rules** — what combinations are valid/invalid
169169

170-
Also read the example policy for real-world patterns. The default policy is baked into the community base image (`ghcr.io/nvidia/openshell-community/sandboxes/base:latest`). For reference, consult the policy schema documentation:
170+
Also read the architecture overview for enforcement context. The default policy is baked into the community base image (`ghcr.io/nvidia/openshell-community/sandboxes/base:latest`). For reference, consult:
171171

172172
```
173173
Read architecture/security-policy.md
@@ -567,7 +567,8 @@ private_services:
567567
568568
## Additional Resources
569569
570-
- Full policy schema: [architecture/security-policy.md](../../../architecture/security-policy.md)
570+
- Full policy schema: [docs/reference/policy-schema.mdx](../../../docs/reference/policy-schema.mdx)
571+
- Enforcement overview: [architecture/security-policy.md](../../../architecture/security-policy.md)
571572
- Default policy: baked into the community base image (`ghcr.io/nvidia/openshell-community/sandboxes/base:latest`)
572573
- Rego evaluation rules: [sandbox-policy.rego](../../../crates/openshell-sandbox/data/sandbox-policy.rego)
573574
- For translation examples from real API docs, see [examples.md](examples.md)

AGENTS.md

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -196,6 +196,17 @@ ocsf_emit!(event);
196196
- Fern PR previews run through `.github/workflows/branch-docs.yml`, and production publish runs through the `publish-fern-docs` job in `.github/workflows/release-tag.yml`.
197197
- Use the `update-docs` skill to scan recent commits and draft doc updates.
198198

199+
### Architecture Docs
200+
201+
- Architecture docs are short canonical subsystem overviews, not exhaustive implementation notes.
202+
- Update one of the existing top-level architecture docs before adding a new file.
203+
- Put useful crate-specific details in the relevant crate `README.md`.
204+
- Add a new top-level architecture doc only when explicitly requested or when an RFC-level design needs a stable home.
205+
- Keep architecture docs focused on stable boundaries, data/control flow, invariants, and operational constraints.
206+
- Remove stale detail instead of preserving it by default.
207+
- Do not include testing transcripts, historical debugging notes, long source-file inventories, or field-by-field schema references.
208+
- Put user-facing instructions in `docs/`, broad design proposals in `rfc/`, and temporary plans in ignored `architecture/plans/`.
209+
199210
## Security
200211

201212
- Never commit secrets, API keys, or credentials. If a file looks like it contains secrets (`.env`, `credentials.json`, etc.), do not stage it.

0 commit comments

Comments
 (0)