Skip to content

feat: docs, delivery RBAC, and session/policy metrics (gaps 6-9)#39

Merged
tgarciai merged 1 commit intomainfrom
feat/docs-rbac-metrics
Mar 18, 2026
Merged

feat: docs, delivery RBAC, and session/policy metrics (gaps 6-9)#39
tgarciai merged 1 commit intomainfrom
feat/docs-rbac-metrics

Conversation

@tgarciai
Copy link
Member

@tgarciai tgarciai commented Mar 18, 2026

Summary

Closes 4 gaps in a single PR — docs, Helm, and metrics.

Gap 6: Configuration Reference

  • docs/CONFIGURATION.md — 80+ env vars across 13 sections
  • Covers: core, TLS (HTTP/Valkey/NATS), stores, event bus, artifacts, telemetry, K8s backend, auth, Docker

Gap 7: TLS Deployment Guide

  • docs/DEPLOYMENT-TLS.md — step-by-step for all 5 transports
  • Cert generation, K8s secrets, Helm values, verification, troubleshooting (10 scenarios)
  • Full example values file enabling TLS on all transports simultaneously

Gap 8: Delivery RBAC

  • charts/templates/rbac-delivery.yaml — separate SA + Role + RoleBinding
  • Least-privilege: pods, deployments, services, configmaps, replicasets, rollouts
  • Gated by kubernetesBackend.deliveryTools.enabled

Gap 9: Session/Policy Metrics

  • 4 new Prometheus counters on /metrics:
    • workspace_sessions_created_total
    • workspace_sessions_closed_total
    • workspace_discovery_requests_total
    • workspace_invocations_denied_total{reason="..."}
  • 7 new tests in kpi_metrics_test.go

Test plan

  • go build ./... — clean
  • go vet ./... — clean
  • go test ./... — 16 packages pass
  • helm lint — clean
  • helm template --set kubernetesBackend.deliveryTools.enabled=true — delivery SA + Role renders

🤖 Generated with Claude Code

@tgarciai @claude
feat: docs, delivery RBAC, and session/policy metrics (gaps 6-9)
896b338 
Gap 6 — docs/CONFIGURATION.md:
  Complete env var reference (80+ vars across 13 sections)

Gap 7 — docs/DEPLOYMENT-TLS.md:
  Step-by-step TLS setup guide (cert generation, Helm values,
  verification, troubleshooting) for all 5 transports

Gap 8 — Helm delivery RBAC:
  Separate ServiceAccount + Role + RoleBinding for K8s delivery tools
  (gated by kubernetesBackend.deliveryTools.enabled)

Gap 9 — Session/policy Prometheus metrics:
  workspace_sessions_created_total, workspace_sessions_closed_total,
  workspace_discovery_requests_total, workspace_invocations_denied_total{reason}
  Added to existing KPIMetrics system, emitted on /metrics endpoint

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 18, 2026

Quality Gate Failed Quality Gate failed

Failed conditions
70.8% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud

@tgarciai tgarciai merged commit f438a21 into main Mar 18, 2026
10 of 11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tgarciai