Skip to content

docs: add ADR for deployment validation#630

Closed
yuanchen8911 wants to merge 1 commit into
mainfrom
docs/adr-006-deployment-validation
Closed

docs: add ADR for deployment validation#630
yuanchen8911 wants to merge 1 commit into
mainfrom
docs/adr-006-deployment-validation

Conversation

@yuanchen8911

@yuanchen8911 yuanchen8911 commented Apr 21, 2026

Copy link
Copy Markdown
Contributor

Summary

Add ADR-006 to document the registry-driven deployment validation design and record why AICR standardizes on the Kubernetes-native pure-Go approach instead of reusing Chainsaw at validator runtime.

Motivation / Context

Issue #622 became large enough to warrant a durable architecture record. This ADR captures the finalized decision, the Go-based versus Chainsaw-based comparison, and the rationale for keeping aicr validate aligned with the existing pure-Go validator model used by conformance.

Fixes: N/A
Related: #622

Type of Change

  • Bug fix (non-breaking change that fixes an issue)
  • New feature (non-breaking change that adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update
  • Refactoring (no functional changes)
  • Build/CI/tooling

Component(s) Affected

  • CLI (cmd/aicr, pkg/cli)
  • API server (cmd/aicrd, pkg/api, pkg/server)
  • Recipe engine / data (pkg/recipe)
  • Bundlers (pkg/bundler, pkg/component/*)
  • Collectors / snapshotter (pkg/collector, pkg/snapshotter)
  • Validator (pkg/validator)
  • Core libraries (pkg/errors, pkg/k8s)
  • Docs/examples (docs/, examples/)
  • Other: ____________

Implementation Notes

  • Adds docs/design/006-deployment-validation.md in the existing ADR format.
  • Captures the accepted readiness contract, runtime transport model, and why deployment validation remains Kubernetes-native and pure Go.
  • Records the design rationale that this approach keeps aicr validate consistent with the conformance phase and easier to extend toward broader CNCF AI Conformance validation.
  • Adds a link from docs/contributor/validator.md so the ADR is discoverable from the validator architecture docs.

Testing

unset GITLAB_TOKEN && make qualify

Local result: passed.

Risk Assessment

  • Low — Isolated change, well-tested, easy to revert
  • Medium — Touches multiple components or has broader impact
  • High — Breaking change, affects critical paths, or complex rollout

Rollout notes: N/A

Checklist

  • Tests pass locally (make test with -race)
  • Linter passes (make lint)
  • I did not skip/disable tests to make CI green
  • I added/updated tests for new functionality
  • I updated docs if user-facing behavior changed
  • Changes follow existing patterns in the codebase
  • Commits are cryptographically signed (git commit -S) — GPG signing info

@github-actions

Copy link
Copy Markdown
Contributor

@coderabbitai

coderabbitai Bot commented Apr 21, 2026

Copy link
Copy Markdown
📝 Walkthrough

Walkthrough

This pull request adds a new Architecture Decision Record (ADR-006) documenting the design for registry-driven deployment validation. The ADR specifies how the aicr validate --phase deployment command validates deployment readiness using a typed contract defined in recipes/registry.yaml. It outlines validation semantics for workload types (Deployment, StatefulSet, DaemonSet) and custom resource definitions, along with selector and workload matching behavior. The contributor guide is updated with a cross-reference to the new ADR.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~15 minutes

🚥 Pre-merge checks | ✅ 4
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title 'docs: add ADR for deployment validation' clearly and concisely summarizes the main change—adding a new Architecture Decision Record for deployment validation.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description check ✅ Passed The pull request description clearly explains the purpose of adding ADR-006 to document the registry-driven deployment validation design and the decision to use a Kubernetes-native pure-Go approach instead of Chainsaw.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch docs/adr-006-deployment-validation

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/design/006-deployment-validation.md`:
- Line 208: Replace the awkward phrasing "requires coordinated Go and registry
changes" at the sentence starting with "**Fixed special-case surface**" with a
clearer, concise alternative such as "requires coordinating Go and registry
changes" (or an equivalent like "requires coordinated changes to Go and the
registry") so the intent reads smoothly.
- Around line 87-120: Reword the sections that currently assert readiness
metadata is "hydrated onto each resolved ComponentRef" and list
`customChecks`/`crds` as runtime contract fields to clearly separate implemented
behavior from intended design: state that the YAML snippet in
`recipes/registry.yaml` and the described `readiness`/`customChecks`/`crds` are
the intended design/target contract (future intent), and explicitly note that
the current runtime schema (see `pkg/recipe/metadata.go` and the `Validation`
model) does not yet include readiness fields on `ComponentRef` and that
`RecipeResult` hydration is a planned capability; alternatively, if those fields
are already implemented elsewhere, update the references to point to the actual
implementation location. Apply the same clarification to the later block (lines
referenced as 223-237).
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 0dddf8b6-e6ce-4b5f-b9a1-9410a8b49801

📥 Commits

Reviewing files that changed from the base of the PR and between f1212ad and d103f91.

📒 Files selected for processing (2)
  • docs/contributor/validator.md
  • docs/design/006-deployment-validation.md

Comment on lines +87 to +120
Deployment-phase deep checks are declared in `recipes/registry.yaml`, hydrated
onto each resolved `ComponentRef`, and interpreted by the deployment validator
using Kubernetes API state only.

### Contract

The component readiness contract is:

```yaml
components:
- name: kube-prometheus-stack
readiness:
namespace: monitoring
selector:
app.kubernetes.io/name: kube-prometheus-stack
workloads:
- kind: Deployment
name: kube-prometheus-operator
customChecks: []
crds: []
```

The supported coverage shapes are:

- `readiness`
- required `namespace`
- optional deployer-neutral `selector`
- optional exact `workloads` using `{kind, name}`
- sibling `customChecks`
- top-level `crds`

These fields are hydrated onto each resolved `ComponentRef` in `RecipeResult`.
The deployment validator reads only mounted `recipe.yaml`; it does not read
`registry.yaml` directly at runtime.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Clarify implemented vs target-state contract to avoid documenting unsupported schema as current behavior.

This ADR currently states as present fact that readiness metadata is “hydrated onto each resolved ComponentRef” and lists customChecks/crds contract fields as if already in the runtime schema, but the referenced recipe model shows Validation at recipe level and no readiness fields on ComponentRef (see pkg/recipe/metadata.go snippets). Please reword these sections to clearly separate accepted design intent from currently shipped structures/behavior (or update references if the schema exists elsewhere).
As per coding guidelines: “Documentation must not invent features, guarantees, timelines, or roadmap commitments. Clearly distinguish current behavior from future intent.”

Also applies to: 223-237

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@docs/design/006-deployment-validation.md` around lines 87 - 120, Reword the
sections that currently assert readiness metadata is "hydrated onto each
resolved ComponentRef" and list `customChecks`/`crds` as runtime contract fields
to clearly separate implemented behavior from intended design: state that the
YAML snippet in `recipes/registry.yaml` and the described
`readiness`/`customChecks`/`crds` are the intended design/target contract
(future intent), and explicitly note that the current runtime schema (see
`pkg/recipe/metadata.go` and the `Validation` model) does not yet include
readiness fields on `ComponentRef` and that `RecipeResult` hydration is a
planned capability; alternatively, if those fields are already implemented
elsewhere, update the references to point to the actual implementation location.
Apply the same clarification to the later block (lines referenced as 223-237).

full Chainsaw expressiveness or pod-phase parity.
- **Potential semantic overlap**: some repo-side Chainsaw health checks and the
deployment contract may cover similar ground separately.
- **Fixed special-case surface**: new bespoke behavior requires coordinated Go

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Polish wording at Line 208 for clarity.

“requires coordinated Go and registry changes” is awkward; use “requires coordinating Go and registry changes” (or equivalent concise phrasing).

🧰 Tools
🪛 LanguageTool

[style] ~208-~208: The double modal “requires coordinated” is nonstandard (only accepted in certain dialects). Consider “to be coordinated”.
Context: ...urface**: new bespoke behavior requires coordinated Go and registry changes rather than a...

(NEEDS_FIXED)

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@docs/design/006-deployment-validation.md` at line 208, Replace the awkward
phrasing "requires coordinated Go and registry changes" at the sentence starting
with "**Fixed special-case surface**" with a clearer, concise alternative such
as "requires coordinating Go and registry changes" (or an equivalent like
"requires coordinated changes to Go and the registry") so the intent reads
smoothly.

@lockwobr

Copy link
Copy Markdown
Contributor

Still reading this, but wanted to make a Note; when Chainsaw was added to the project before it was able to compile with go 1.26. This issue has been fixed, so we could import chainsaw and use it assert engine in our code base if that makes sense, vs building and maintaining that logic.

@yuanchen8911

Copy link
Copy Markdown
Contributor Author

Superseded by #631, opened from the yuanchen8911 fork branch as required.

@yuanchen8911 yuanchen8911 deleted the docs/adr-006-deployment-validation branch April 21, 2026 16:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants