Skip to content

Auto-PR: docs(fleet): fleet operations design β€” 100s-scale updates, rings, observability guarantee, billing lifecycle#93

Merged
ncimino merged 1 commit into
mainfrom
docs/nik-fleet-operations-design
Jul 15, 2026
Merged

Auto-PR: docs(fleet): fleet operations design β€” 100s-scale updates, rings, observability guarantee, billing lifecycle#93
ncimino merged 1 commit into
mainfrom
docs/nik-fleet-operations-design

Conversation

@weown-bot

Copy link
Copy Markdown
Contributor

πŸ€– Automated Pull Request β€” authored by weown-bot (ecosystem service account)

Opened by: @ncimino
Last pushed by: @ncimino
Branch: docs/nik-fleet-operations-design β†’ main

Contributors on this branch:


πŸ“‹ Human Review Checklist β€” NIST CSF 2.0 Functions

Review per the 6 NIST CSF Functions. Frameworks referenced: NIST CSF 2.0, CIS Controls v8 IG1, CSA CCM v4, ISO/IEC 27001:2022, SOC 2, ISO/IEC 42001:2023. See docs/COMPLIANCE_ROADMAP.md.

πŸ›οΈ Govern (GV)

  • CODEOWNERS correct for affected paths (.github/CODEOWNERS)
  • ADR required/updated if an architectural decision is introduced
  • Policy impact considered and documented
  • All Copilot AI review comments addressed or explicitly deferred with rationale

πŸ” Identify (ID)

  • New assets inventoried (Helm values, container images, dependencies)
  • SBOM regenerated if dependencies changed
  • Risk register / threat model touched if threat surface changed (.github/SECURITY_ASSESSMENT.md)

πŸ›‘οΈ Protect (PR)

  • Least privilege: RBAC, ServiceAccounts, scoped PATs (NIST PR.AC, CIS 5/6, ISO A.5.15-A.5.18)
  • Secrets managed via Infisical (never --from-literal, never /tmp, always $(mktemp) β€” ISO A.8.24)
  • NetworkPolicy present for new deployments (NIST PR.AC-5, CIS 12, CSA IVS)
  • TLS 1.3 with strong cipher suites where applicable (NIST PR.DS-1, CIS 3)
  • Container security: non-root UID 1000+, Pod Security restricted (NIST PR.IP, CIS 4)

πŸ•΅οΈ Detect (DE)

  • Logs / metrics added for new components (NIST DE.CM, CIS 8/13)
  • Alert rules updated if thresholds change
  • Health checks (livenessProbe + readinessProbe) configured

🚨 Respond (RS)

  • Runbook updated if operational behavior changes (.github/INCIDENT_RESPONSE.md)
  • Incident response impact considered (escalation paths, on-call)

♻️ Recover (RC)

  • Backup strategy covers new persistent data (NIST RC.RP, CIS 11, ISO A.8.13)
  • Rollback procedure tested or documented
  • DR impact assessed for new critical components

πŸ“š Documentation & Versioning

  • Relevant CHANGELOG.md updated (per-directory or repo-level /CHANGELOG.md)
  • #WeOwnVer version bumped per docs/VERSIONING_WEOWNVER.md
  • READMEs / ADRs / inline comments updated

πŸ“ Recent Commits (full bodies for Copilot context)

4e365cb docs(fleet): fleet operations design β€” 100s-scale updates, rings, observability guarantee, billing lifecycle

Author: Nik
Date: Wed Jul 15 17:10:55 2026 -0600

Design baseline for operating 100s of single-tenant customer instances:
three-lever fleet updates (dashboard image / ALLM image / model pref β€” model
pref flagged as render-time GAP to move to Infisical), DO-tag ring rollouts
(canary->early->ga) with smoke gates + soak + pinned-tag rollback, deploy
auto-verification battery, no-customer-data observability guarantee (allowlist
telemetry, redaction on app logs), private weown-fleet repo + registry boundary
(rendered customer sites must NOT live in this public repo), billing lifecycle
state machine (ACTIVE->PAUSED->STOPPED->PURGED), and seven scale prerequisites.



πŸ” Copilot AI Review: Copilot is configured to auto-request review for bot-authored PRs. If an auto-created PR opens without an initial Copilot review, push a follow-up commit to the same open PR (review_on_push: true) to trigger review automatically.

πŸ‘₯ Required Reviewers: human approval enforced by branch protection + CODEOWNERS. @ncimino requested automatically.

πŸ“š Review Guidelines: .github/copilot-instructions.md (phase-aware compliance directives)

πŸ› οΈ Workflow Operations: .github/workflows/README.md

Auto-generated by .github/workflows/auto-pr-to-main.yml

…ervability guarantee, billing lifecycle

Design baseline for operating 100s of single-tenant customer instances:
three-lever fleet updates (dashboard image / ALLM image / model pref β€” model
pref flagged as render-time GAP to move to Infisical), DO-tag ring rollouts
(canary->early->ga) with smoke gates + soak + pinned-tag rollback, deploy
auto-verification battery, no-customer-data observability guarantee (allowlist
telemetry, redaction on app logs), private weown-fleet repo + registry boundary
(rendered customer sites must NOT live in this public repo), billing lifecycle
state machine (ACTIVE->PAUSED->STOPPED->PURGED), and seven scale prerequisites.
@weown-bot weown-bot requested a review from ncimino as a code owner July 15, 2026 23:11
@weown-bot weown-bot requested review from Copilot and removed request for Copilot July 15, 2026 23:11
@ncimino ncimino merged commit 8f07dca into main Jul 15, 2026
17 of 18 checks passed
@ncimino ncimino deleted the docs/nik-fleet-operations-design branch July 15, 2026 23:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants