This file is meant to track the smaller current backlog, not historical notes.
-
Prevent same-repository write collisions across multiple
GitProviderobjects. Decide whether the fix should be validation, a shared queue/lock per repo, or both. Until then, keep recommending oneGitProviderper repository. -
Re-assess unifying
PendingWriteAtomicandPendingWriteCommitinto one shape. Trade-off and complexity sketch in docs/future/idea-unify-pending-write-kinds.md. Currently deferred; worth revisiting if a second snapshot-style producer appears or the reconciler's fabricatedUserInfocauses a bug. -
Improve queue and worker observability. Better metrics, queue visibility, and more high-load test coverage would help.
-
Make the
BranchWorkerqueue durable and move watch cursor advancement behind a durable worker acknowledgment. The current Redis watch cursor only remembers the last resourceVersion handed to the in-memory worker queue. That detects queue-full drops, but a controller crash after cursor advancement and before the queued write lands in Git can still skip work on restart. The intended direction is a durable worker queue/journal so replay, live events, and resyncs are acknowledged only after the write is recoverable. This is also the realistic boundary for Kubernetes watch history: the API server does not guarantee every old revision remains available long enough for us to rebuild from resourceVersion alone. -
Fix recurring full e2e flakiness around WatchRule/snapshot convergence. This has shown up more than once as timeout-based failures in manager SOPS bootstrap and signing snapshot-message specs, then passed on rerun. Capture and mitigation notes live in docs/design/e2e-watchrule-cross-spec-interference.md. This should be addressed before the next feature that expands commit-message, snapshot, or write-window behavior, otherwise new failures will be hard to separate from existing timing debt.
-
Use bestpractices.dev as a project maturity checklist. Review the current gaps, decide which items matter for this project, and turn the useful ones into concrete follow-up work instead of treating the badge as the goal.
-
Filter more cluster-generated noise. Examples include Kubernetes-generated ConfigMaps such as
kube-root-ca.crtand similar cluster-specific resources that do not belong in a portable Git view by default. -
Decide how SOPS rules should cover sensitive custom resources that are not Secret-shaped. The current bootstrapped
.sops.yamlencryptsdataandstringData, which fits Kubernetes Secrets and CozyStacktenantsecrets; resources with sensitive fields under shapes such asspec.credentialsneed an explicit field policy or full-file encryption decision. -
Revisit output layout. Think about better control over target folders and whether some use cases should support multiple resources per file.
-
Reduce duplication between
WatchRuleandClusterWatchRulecode paths where it makes sense. -
Re-enable the
goconstlinter with a path-scoped exclusion instead of the current repo-wide disable in .golangci.yml. Exemptingtest/andinternal/git/commit.gowould silence the existing noise (~45 findings, mostly test fixtures) while still catching genuine new string repetition. -
Preserve more user-facing file structure where feasible. Comments, ordering, and other low-noise formatting details are still easy to lose when rewriting manifests.
-
Handle resources whose GVK cannot be resolved against the live cluster. A manifest may reference a
apiVersion/kindwhose CRD is not installed, so the RESTMapper cannot map it to a GVR. This is already a problem today and also blocks the manifest-inventory work in docs/design/manifest/manifest-inventory-file-agnostic-placement.md: indexing must record the manifest identity and defer rather than fail the whole scan.
-
Simpler setup flows, including more Git provider bootstrap automation.
-
Constrained reverse actions for simple, known Kustomize-style mutations.
-
Better branching and promotion strategies.
-
Bi-directional GitOps alignment with controllers such as Flux and Argo CD.
Research work:
- Replace metrics mechanism with https://docs.victoriametrics.com/helm/victoria-metrics-operator/ (so that it's also helm and so that we can have proper deps)
- Read more on how resource versions work (and can work in the HA rebruild): https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions