NE-2390: Adding AGENTS.md file

[Thealisyed]

Adding AGENTS.md file

Adding this AGENTS.md file will allow
all ai agents to index and refer to
this file for contextual awareness

[openshift-ci-robot]

@Thealisyed: This pull request references NE-2390 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Adding AGENTS.md file

Adding this AGENTS.md file will allow
all ai agents to index and refer to
this file for contextual awareness

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[candita]

All team members should check into this, with Brett as lead.

/assign @bentito
/assign

[bentito]

Overall, this is a strong addition that will significantly help agents (and humans) navigate the repo.

Review Comments

Strengths:

• Naming Conventions: The table of naming helpers (like RouterDeploymentName) is excellent. This is the #1 thing agents get wrong (hallucinating names), so having the canonical list is huge.
• Structure: The directory tree provides a good mental map.

Suggestions for Improvement:

1. Refine "Project Structure":

   • The entry pkg/operator/controller/ # Reconciliation controllers implies the controllers are in that directory. In reality, they are in subdirectories (e.g., pkg/operator/controller/ingress/).
   • Suggestion: Clarify that this directory contains sub-packages for each controller type.

2. Document the ensure Pattern:

   • The codebase heavily uses an ensureX pattern in reconcilers (e.g., ensureIngressController, ensureIngressDeleted in pkg/operator/controller/ingress/controller.go).
   • Suggestion: Add a note in the "Coding Style" or "Architecture" section: "Controllers typically delegate logic to ensure<Resource> methods that handle creation/update of specific resources."

3. Encourage Constants over Strings:

   • The "Important Annotations" section lists raw string values.
   • Suggestion: Reference the Go constants (e.g., controller.IngressOperatorOwnedAnnotation in pkg/operator/controller/names.go). This encourages agents to import the constant rather than hardcoding the string, which is safer.

4. Reference a "Golden" Test File:

   • Suggestion: Explicitly point to pkg/operator/controller/ingress/controller_test.go as the standard for how controller tests should be written. This gives an agent a concrete template to mimic.

5. Manifests:

   • A brief mention of pkg/manifests and how assets are loaded/bound would be helpful context, as valid manifest generation is often tricky.

Great work on this doc!

[Miciah]

It is interesting to compare this with openshift/router#710. In particular, is it useful to mention conventions for commit messages, PR descriptions, test coverage, and logical commits?

There is also some overlap with the design details in #1339, but that has a lot of content that was AI-generated and needs to be verified.

[Miciah]

Controllers are registered in pkg/operator/operator.go.

[bentito]

This is addressed in commit 76aebbe. The AGENTS.md file has been updated to correctly identify pkg/operator/operator.go for controller registration and cmd/ingress-operator/start.go for metrics.

[Miciah]

Worth calling out explicitly: Use %w for wrapped error values (as in the example).

[bentito]

This is addressed in commit 76aebbe. Explicit instructions to use %w for error wrapping and to follow Kubernetes logging conventions have been added to the 'Coding Style' section.

[Miciah]

Follow Kubernetes logging conventions.

[bentito]

commit 76aebbe added instructions to follow Kubernetes logging conventions to the 'Coding Style' section.

[coderabbitai]

Walkthrough

Adds a new repository-wide documentation file AGENTS.md that specifies operating guidance for AI coding agents: system context, namespace constraints, CRD matrix, controller topology, error/condition handling, DNS/provider patterns, testing/linting/build instructions, coding conventions, and contribution rules (no code changes).

Changes

Cohort / File(s)

Summary

Documentation AGENTS.md

New guidance document for AI agents detailing repository architecture (north-south L4/L7, HAProxy vs Gateway API), namespace separation, CRD matrix, controller directory topology, error/condition handling rules, DNS provider interface, controller creation pattern, testing conventions (unit vs e2e), lint/build/run targets, coding and logging conventions, feature gates, distribution/deployment notes, and contribution guidelines. No code or API changes.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'NE-2390: Adding AGENTS.md file' is clear and directly describes the main change: adding a new documentation file (AGENTS.md) to guide AI coding agents.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Stable And Deterministic Test Names	✅ Passed	This check is not applicable to the provided pull request. The PR adds only an AGENTS.md documentation file that provides guidance for AI agents working with the repository. The file does not contain any test code, test definitions, or test titles (such as Ginkgo-style It(), Describe(), Context(), or When() blocks). While the documentation references test patterns and conventions in the repository, it does not define or modify actual test code where the Stable and Deterministic Test Names requirement would apply. Therefore, this check is inapplicable to this documentation-only PR.
Test Structure And Quality	✅ Passed	The custom check for 'Test Structure and Quality' is not applicable to this pull request as only documentation file AGENTS.md is added.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci-robot]

@Thealisyed: This pull request references NE-2390 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Adding AGENTS.md file

Adding this AGENTS.md file will allow
all ai agents to index and refer to
this file for contextual awareness

Summary by CodeRabbit

• Documentation
• Added comprehensive guidance documentation covering development patterns, project structure, testing procedures, linting, building, and contribution conventions.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@AGENTS.md`:
- Around line 7-32: The fenced code block in AGENTS.md that contains the
repository tree snippet is missing a language identifier; update the opening
triple backticks for that block to "```text" so the snippet is treated as plain
text (i.e., change the block starting with "```" before the
cluster-ingress-operator/ tree to "```text").

---

ℹ️ Review info

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 56e2977 and 76aebbe.

📒 Files selected for processing (1)

• AGENTS.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Add a language identifier to the fenced block.

Line 7 uses a fenced code block without a language, which triggers MD040. Use text for the tree snippet.

Suggested diff

-```
+```text
 cluster-ingress-operator/
 ├── cmd/ingress-operator/        # Main entry point
 │   ├── main.go                  # CLI commands (start, render)
 │   ├── render.go                # Manifest rendering command
 │   └── start.go                 # Operator startup and metrics registration
 ...
 └── HACKING.md                   # Developer documentation

</details>

<details>
<summary>🧰 Tools</summary>

<details>
<summary>🪛 markdownlint-cli2 (0.21.0)</summary>

[warning] 7-7: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

</details>

</details>

<details>
<summary>🤖 Prompt for AI Agents</summary>

Verify each finding against the current code and only fix it if needed.

In @AGENTS.md around lines 7 - 32, The fenced code block in AGENTS.md that
contains the repository tree snippet is missing a language identifier; update
the opening triple backticks for that block to "text" so the snippet is treated as plain text (i.e., change the block starting with "" before the
cluster-ingress-operator/ tree to "```text").

</details>

<!-- fingerprinting:phantom:triton:hawk -->

<!-- This is an auto-generated comment by CodeRabbit -->

[bentito]

Sorry, this review is much delayed, but for now just a top-level comment that will require an added chunk:

You've got a good code standards outine so far and decent repo layout to quick orientation, but I think it needs more of an overall this is how CIO fits in:

The AGENTS.md needs to orient the agent on CIO's place in the cluster networking galaxy. I'm not sure about the ideal set of quick knowledge we can convey, but here's a starter list:

• What CRs it manages (complete list) and why and how that fits into OCP
• What its main operand haproxy/router does
• What configs for router it is and isn't responsible for
• The fact that it manages OSSM
• ...

We should really pull together several people for a meeting with the agenda titled "What would you tell a new coder about CIO in their first month on the team?", digest the notes from that meeting and put it in AGENTS.md

Here's an example proposal, something we could discuss at a meeting to expand, delete, change:

AGENTS.md

1. SYSTEM CONTEXT & TOPOLOGY

• Domain: North-South network traffic management (Layer 7 & Layer 4).
• Prerequisites: CNI (Cluster Network Operator), Pod IP routing, internal CoreDNS.
• Dual Architecture Mode:
  1. Legacy/Primary: HAProxy orchestration via openshift3/ose-haproxy-router.
  2. Modern/GWAPI: Gateway API via OpenShift Service Mesh (OSSM / Istio / Envoy).

2. STRICT NAMESPACE BOUNDARIES

• openshift-ingress-operator: Execution environment for operator logic, control loops, and metrics endpoints. DO NOT deploy data-plane operands here.
• openshift-ingress: Execution environment for all data-plane workloads. HAProxy pods, haproxy.cfg ConfigMaps, TLS secrets, Envoy proxies, and Services MUST be strictly confined to this namespace.

3. CUSTOM RESOURCE DEFINITION (CRD) MATRIX

Core Configuration

• Ingress (config.openshift.io/v1, Cluster-scoped): Defines cluster-wide routing defaults and toggles.
• IngressController (operator.openshift.io/v1, Namespace-scoped): Primary interface for legacy HAProxy. Controls replicas, deployment affinity, and endpoint publishing.
• DNSRecord (ingress.operator.openshift.io/v1, Namespace-scoped): Internal abstraction for cloud DNS manipulation.

Gateway API (GWAPI)

• GatewayClass: Trigger resource. Detecting openshift.io/gateway-controller/v1 initiates OSSM deployment.
• Gateway: Defines external proxy instances / ports. Mapped to Envoy proxies.
• HTTPRoute: Advanced routing, traffic weighting, and header matching to backend services.

4. DIRECTORY TOPOGRAPHY

• pkg/operator/controller/ingress/: Legacy core. Reconciles IngressController and manages HAProxy deployment, load balancer services, and status loops.
• pkg/operator/controller/dns/: Fulfills DNSRecord resources. Interfaces with AWS/GCP/Azure SDKs.
• pkg/operator/controller/gatewayapi/: GWAPI meta-controller. Manages CRD lifecycles and launches dependent watchers.
• pkg/operator/controller/gatewayclass/: Provisions OSSM and generates the ServiceMeshControlPlane.
• pkg/operator/controller/certificate/: Manages automated certificate rotation and expiry.

5. TACTICAL DIRECTIVES & CONSTRAINTS

• RULE 1: No Silent Failures. If a cloud API times out or a version conflict occurs, set the expected error condition in .status.conditions (expectedCondition in status.go) and mark the operator as Degraded.
• RULE 2: OSSM Meta-Management for GWAPI. The operator does not write Envoy configs directly. It manages the OpenShift Service Mesh Operator by generating a ServiceMeshControlPlane (SMCP) resource.
• RULE 3: Decouple DNS for GWAPI. Directly generate DNSRecord objects for GWAPI endpoints; do not tie external endpoints for Envoy to the legacy HAProxy IngressController.
• RULE 4: Finalizer Management. Explicitly handle the removal of finalizers (e.g., ingress.openshift.io/operator) during deletion workflows in load_balancer_service.go to prevent infinite Terminating states.
• RULE 5: Cloud Credential Operator (CCO) Awareness. Gracefully degrade and report HTTP 403 Forbidden errors if assumed roles lack permissions in "manual mode" where dynamic IAM credentials are disabled.
• RULE 6: Immutable HAProxy Template. Do not inject arbitrary, unsupported HAProxy directives into the base router template.

6. EXPLICIT NON-GOALS

• Managing underlying cloud infrastructure subnets or legacy security groups.
• Fixing application-level protocol downgrade failures (e.g., HTTP/2 to WebSocket).
• Generating default TLS certificates for Envoy proxies.

[Thealisyed]

Yes I agree @bentito. That would be the best approach not only for CIO but also CDO too. Having all our SME's discuss to ensure we capture to the best of our ability for the AGENTS.md file in each respective repo

[davidesalerno]

Could it be useful to add a CLAUDE.md with a reference to the AGENTS.md?

I mean something like this.

cc @bentito @Miciah

[bentito]

Could it be useful to add a CLAUDE.md with a reference to the AGENTS.md?

I mean something like this.

AGENTS.md is a good choice because Claude respects it in the same way as the proprietary CLAUDE.md

[openshift-ci-robot]

@Thealisyed: This pull request references NE-2390 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Adding AGENTS.md file

Adding this AGENTS.md file will allow
all ai agents to index and refer to
this file for contextual awareness

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

♻️ Duplicate comments (1)

AGENTS.md (1)

50-75: ⚠️ Potential issue | 🟡 Minor

Add language identifier to the fenced code block.

The code block displaying the project directory tree is missing a language identifier, triggering the MD040 markdown linting warning.

📝 Proposed fix

-```
+```text
 cluster-ingress-operator/
 ├── cmd/ingress-operator/        # Main entry point

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@AGENTS.md` around lines 50 - 75, The fenced code block showing the project
directory tree is missing a language identifier; update the opening fence from
``` to ```text so the block is explicitly marked as plain text (modify the
fenced block that contains the directory tree starting with
"cluster-ingress-operator/" in AGENTS.md).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@AGENTS.md`:
- Around line 50-75: The fenced code block showing the project directory tree is
missing a language identifier; update the opening fence from ``` to ```text so
the block is explicitly marked as plain text (modify the fenced block that
contains the directory tree starting with "cluster-ingress-operator/" in
AGENTS.md).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 68e3f04c-7281-46d7-a912-f3eb23ac96d9

📥 Commits

Reviewing files that changed from the base of the PR and between 76aebbe and 28f66b0.

📒 Files selected for processing (1)

• AGENTS.md

[bentito]

I've added to the doc along the lines of my comment about needing to help orient an agent on CIO's place in the NIDS world.

Comments on whether that orientation seems correct and complete are very welcome.

[openshift-ci]

@Thealisyed: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-operator-techpreview	28f66b0	link	false	/test e2e-aws-operator-techpreview

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[bentito]

/lgtm

I'd like to merge this and then have a team discussion about what's needed more broadly for agents to do well (better?) on all of our repos and move to a scenario where AGENTS.md is just a table of contents into a agentic dir with section-of-codebase/area-of-responsibilty specific instructions for each.

[melvinjoseph86]

/verified later @mjoseph

[openshift-ci-robot]

@melvinjoseph86: This PR has been marked to be verified later by @mjoseph.

Details

In response to this:

/verified later @mjoseph

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[davidesalerno]

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: davidesalerno

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [davidesalerno]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment