Skip to content

nightshift: readme improvements#106

Closed
haasonsaas wants to merge 1 commit into
mainfrom
nightshift/readme-20260706-0521
Closed

nightshift: readme improvements#106
haasonsaas wants to merge 1 commit into
mainfrom
nightshift/readme-20260706-0521

Conversation

@haasonsaas

Copy link
Copy Markdown
Contributor

Autonomous nightshift pass. Improves README accuracy/structure against the current codebase. Draft for review.

@haasonsaas haasonsaas marked this pull request as ready for review July 6, 2026 05:24
@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

@devin-ai-integration devin-ai-integration Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Devin Review found 4 potential issues.

Open in Devin Review

Comment thread README.md

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔍 Known gaps section now contradicts the secret management documentation added in this PR

The "Known gaps" section at README.md:351 still states "Secrets are sourced from environment variables/ConfigMaps—no dedicated KMS integration." However, this PR adds documentation at README.md:63 and README.md:90-108 describing pluggable secret backends including AWS SSM, HashiCorp Vault, and Azure Key Vault — all of which are KMS integrations. The pkg/secrets/ directory confirms these backends exist (ssm.go, vault.go, azure.go). The Known gaps line was not modified in this PR, creating an internal contradiction within the same document. This should be updated to reflect the current state of the project.

Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

Comment thread README.md

The repository also supports Bazel builds (Bazel 9.1+):

```

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟡 Inline comment for the Bazel check command misrepresents what it actually does

The Bazel check command's inline comment says it runs "gazelle + format + build" (README.md:249), but the actual Makefile target runs mod-tidy, gazelle, format, and then a git-diff check — there is no build step.

Impact: Developers will have incorrect expectations about what make bazel-check does, potentially skipping a separate build step they assume was already covered.

Makefile target vs README comment mismatch

The bazel-check target in Makefile:44-48 is:

bazel-check:
	$(MAKE) bazel-mod-tidy
	$(MAKE) bazel-gazelle
	$(MAKE) bazel-format
	git diff --exit-code

The README comment should say something like "mod-tidy + gazelle + format + diff-check" instead of "gazelle + format + build".

Suggested change
```
make bazel-check # mod-tidy + gazelle + format + diff-check
Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

Comment thread README.md
|---------|-----|-------|
| Envoy | `https://localhost:8080` | Front-door; all external access goes through here |
| Authz | `https://localhost:8443` | HTTP API; gRPC on `:8444` |
| Inventory | `http://localhost:8080` | Not host-exposed in basic compose; accessible internally |

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟡 Inventory service URL in the services table conflicts with Envoy's port and is unreachable

The services table lists the inventory service at http://localhost:8080 (README.md:148), which is the same port already used by Envoy, and the inventory service is not host-exposed in docker-compose.yml — so this URL will actually hit Envoy, not inventory.

Impact: Developers trying to reach the inventory service directly at the listed URL will unknowingly hit Envoy instead.

Port conflict details

In docker-compose.yml:33-38, Envoy maps host port 8080 to container port 8080. The inventory service (docker-compose.yml:15-22) does not expose any host ports at all. The old README listed http://localhost:8081 for inventory (also incorrect, but at least a distinct port). The new table lists http://localhost:8080 with a note saying "Not host-exposed in basic compose; accessible internally" — but still presents it as a URL, which is misleading. The URL column should either show the internal address or indicate it's not directly accessible.

Suggested change
| Inventory | `http://localhost:8080` | Not host-exposed in basic compose; accessible internally |
| Inventory | `http://inventory:8080` (internal) | Not host-exposed; accessible only within Docker network |
Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

Comment thread README.md

```bash
curl -k -H "Authorization: Bearer <valid-token>" \
curl -k -H "Authorization: Bearer ***" \

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📝 Info: Curl demo placeholders lost semantic meaning

The curl examples at README.md:426, README.md:435, and README.md:444 changed from descriptive placeholders (<valid-token>, <revoked-token>) to opaque *** strings. The old placeholders communicated what kind of token to use in each scenario (valid vs revoked), which helped readers understand the demo flow. The new *** placeholder is identical across all three examples, removing that contextual hint. This isn't a bug but reduces documentation clarity — a reader now has to rely solely on the comments to understand what differs between the allow and deny scenarios.

Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

@haasonsaas haasonsaas closed this Jul 6, 2026
@haasonsaas haasonsaas deleted the nightshift/readme-20260706-0521 branch July 6, 2026 05:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants