Skip to content

docs: rollback workflow guide + abac access-control catalog drift#210

Open
coryodaniel wants to merge 1 commit into
mainfrom
worktree-abac-rollback-workflow
Open

docs: rollback workflow guide + abac access-control catalog drift#210
coryodaniel wants to merge 1 commit into
mainfrom
worktree-abac-rollback-workflow

Conversation

@coryodaniel
Copy link
Copy Markdown
Member

@coryodaniel coryodaniel commented May 26, 2026

Summary

Two related additions:

  1. New workflow guide: `/workflows/rollback` — modeled on the depth and shape of the existing fork / promote / preview guides. Covers what `rollbackDeployment` actually does (snapshot semantics, what gets carried forward vs. refreshed), the approval flow, why approval pins the package release pointer, authorization (`instance:propose` to author, `instance:deploy` to approve), and the cases where rollback is the wrong tool (down-migrations, secret reverts, one-shot deploys).

  2. Access-Control page drift fix — same content the in-repo `docs/guides/abac.md` got in massdriver#3284:

    • Adds `environment:deploy` and `environment:decommission` to the Environment table (already in the action catalog, missing from this page).
    • Calls out rollback proposals under the `instance:propose` description.
    • Tightens `environment:delete` description (empty environment required).
    • Updates the SRE common-pattern example to include `instance:propose` + env-level deploy/decommission — the pattern the rollback guide references when describing oncall "author + approve" flows.

Files

  • new: `docs/workflows/04-rollback.md`
  • modified: `docs/workflows/00-overview.md` — add rollback bullet to the section index
  • modified: `docs/platform-operations/security/02-access-control.md`

Test plan

  • Docusaurus build is clean (sidebar order, slug routing for `/workflows/rollback`)
  • Cross-references to `/platform-operations/security/access-control#instance` and `#sre-with-cross-cutting-production-access` resolve
  • Skim rollback guide for parity with fork / promote / preview tone
  • Confirm GraphQL examples reference real V2 fields (`rollbackOf`, `status`, `action`)

Out of scope (deliberate)

  • The `Organization` umbrella + 7 `organization:manage*` sub-actions listed on this page don't exist in the `actionCatalog` (the engine only has `organization:manage`). That divergence pre-dates this PR — leaving it for a dedicated sync pass.
  • The page's "imported resources carry user attributes" claim diverges from the in-repo doc, but again — outside the rollback / env-actions scope of this PR.

🤖 Generated with Claude Code

@coryodaniel @claude
docs: rollback workflow + abac access-control updates (env:deploy, en…
1b21bbf 
…v:decommission, rollback callout)

User prompts:
- "update the abac guide and the docs ../docs with rollback and any other
  permissions that are missing"
- "in the docs pr, also include a workflow on rollbacks equal quality to
  the other workflow guides"

Changes:
- docs/workflows/04-rollback.md: new guide. Modeled on
  01-fork-environment.md / 02-promote.md / 03-preview-environments.md —
  what rollbackDeployment does, snapshot semantics, why approval pins the
  package release pointer (vs. proposeDeployment for one-shot behavior),
  authorization (instance:propose + instance:deploy), GraphQL flow,
  what does/doesn't get snapshotted (md_metadata refreshed; secrets stay
  with the instance), explicit "not the right tool" callouts (older
  version pin, schema down-migrations, out-of-band resources).
- docs/workflows/00-overview.md: add rollback bullet to the section
  index.
- docs/platform-operations/security/02-access-control.md: add
  environment:deploy + environment:decommission to the Environment
  permissions table (catalog had them, doc didn't); call out rollback
  proposals under instance:propose; tighten environment:delete
  description (empty env required); update SRE common-pattern example
  to include instance:propose + env-level deploy/decommission so the
  rollback workflow's "oncall authors and approves" pattern composes.

The permission count line is left alone — adding the two env actions
brings the existing "39 permissions" count into actual sync with the
catalog as visible on this page.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@vercel
Copy link
Copy Markdown

vercel Bot commented May 26, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
docs Ready Ready Preview, Comment May 26, 2026 9:46pm

Request Review

@coryodaniel coryodaniel marked this pull request as ready for review May 26, 2026 21:45
@coryodaniel
Copy link
Copy Markdown
Member Author

coryodaniel commented May 26, 2026

@claude please review the rollback workflow guide for parity with the existing fork / promote / preview guides, and verify the access-control catalog additions against lib/massdriver/authorization/policy.ex (action_catalog) in massdriver-cloud/massdriver.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@coryodaniel