cloudposse/atmos v1.201.0

on GitHub

what

• Implement reusable renderer pipeline infrastructure for list commands (filter, sort, column selection, format)
• Apply renderer pipeline to all list commands: stacks, components, instances, metadata, vendor, workflows
• Add configurable column output via atmos.yaml and --columns CLI flag with Go template support
• Add tree-view visualization with --format=tree and --provenance flags for import hierarchy display
• Add comprehensive test coverage for list infrastructure packages

why

• Enable users to customize list command output with template-based columns (e.g., --columns "Name={{ .component }}")
• Provide consistent filtering, sorting, and formatting across all list commands
• Support multiple output formats (JSON, YAML, CSV, TSV, table, tree) for different use cases
• Improve developer experience with smart TTY detection and automatic color degradation
• Achieve high test coverage (>88%) for reliability and maintainability

Key Features

Configurable Columns

# atmos.yaml
stacks:
  list:
    columns:
      - name: Stack
        value: "{{ .stack }}"
      - name: Component  
        value: "{{ .component }}"

CLI Flags

• --columns - Custom column definitions with Go templates
• --format - Output format (table, json, yaml, csv, tsv, tree)
• --sort - Sort specification (e.g., Stack:asc,Component:desc)
• --provenance - Show import hierarchy in tree format

Test Coverage

Summary by CodeRabbit

• New Features

  • Fully configurable list commands: custom columns via templates, multi-format output (table/json/yaml/csv/tsv/tree), sortable output, dynamic --columns completion, and provenance-enabled tree views.

• Enhancements

  • New rendering pipeline with modular extraction, filtering, column selection, sorting, formatting, and output routing. Tri-state Enabled/Locked and richer filter/format flags.

• Documentation

  • PRDs, implementation guides, and expanded CLI docs with examples and template function reference.

• Tests

  • Large addition of unit and integration tests across listing, extraction, filtering, sorting, rendering, import resolution, and provenance.

• UX

  • Improved no-results messages and telemetry notice in snapshots.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

what

• Implement four new AWS YAML functions: !aws.account_id, !aws.caller_identity_arn, !aws.caller_identity_user_id, and !aws.region
• These functions retrieve AWS identity and configuration information using the STS GetCallerIdentity API
• Provide seamless integration with Atmos authentication contexts for SSO and multi-account scenarios
• Share a unified in-memory caching mechanism to minimize API calls during CLI invocation

why

• Equivalent to Terragrunt's get_aws_account_id(), get_aws_caller_identity_arn(), get_aws_caller_identity_user_id(), and similar functions
• Commonly needed for dynamic resource naming, cross-account access control, and audit logging
• Integrates cleanly with existing Atmos YAML function architecture and authentication infrastructure
• Reduces boilerplate by eliminating need for separate !exec calls to AWS CLI
• Type-safe and predictable compared to template-based approaches

references

• Equivalent to Terragrunt helpers: https://terragrunt.io/docs/reference/built-in-functions/#get_aws_caller_identity_arn
• Uses existing Atmos YAML function infrastructure
• Follows established patterns in pkg/utils/yaml_utils.go and internal/exec/yaml_func_utils.go

Summary by CodeRabbit

• New Features

  • Added four AWS YAML functions to return AWS account ID, caller ARN, caller user ID, and region; resolution uses AWS credentials and is cached per CLI invocation with isolation by auth context.

• Documentation

  • Added detailed docs and a blog post with examples, behavior, caching, auth integration, and usage notes.

• Tests

  • Added comprehensive tests for function behavior, caching, error handling, concurrency, and auth scenarios.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

what

• Add default field to CommandFlag schema to support default values for both boolean and string flags
• Boolean flags can now default to true (previously always defaulted to false)
• Update flag registration in Cobra to use configured defaults
• Add comprehensive documentation with usage patterns for boolean flags in bash and Go templates

why

Enable custom commands to have special behavior triggers without requiring unnecessary flag values. Users can define type: bool flags with default: true to handle cold start edge cases more cleanly.

references

Closes #1847

Summary by CodeRabbit

• New Features
  • Custom commands now support configurable default values for boolean and string flags, allowing defaults to be preserved during flag registration
  • Boolean flags can be set to default true or false; string flags can have explicit default values
  • Added comprehensive documentation, blog posts, and usage examples for boolean flag patterns in templates and conditional execution

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Summary

Enables developers to use filesystem paths (e.g., ., ./vpc) instead of component names with all component-related commands. Paths are automatically resolved to component names based on stack configuration, eliminating the need to memorize component names.

Changes

• Core Implementation: Path extraction, normalization, and stack validation utilities with symlink resolution
• Commands Enhanced: Terraform, Helmfile, Packer, describe component, and validate component commands
• Tab Completion: Enhanced completion with path support and graceful degradation when resolution fails
• Testing: 17 integration test scenarios + 6 unit tests covering all use cases
• Documentation: Full documentation with examples for all command types + blog post

Example Usage

# Navigate to component
cd components/terraform/vpc

# Use . to reference current directory
atmos terraform plan . --stack dev
atmos describe component . --stack dev
atmos validate component . --stack dev

Features

• Auto-detection of component type from filesystem path
• Stack validation to ensure component exists in specified stack
• Clear error messages when paths cannot be resolved
• Backward compatible - existing component name syntax still works

Summary by CodeRabbit

• New Features

  • Path-based component resolution (., ./, ../, absolute) with auto-type detection, stack validation, interactive disambiguation, and directory-aware tab completion.

• Bug Fixes

  • Commands propagate errors instead of exiting; config now exposes absolute base-paths and clearer, actionable path/stack errors.

• Documentation

  • PRD, CLI usage pages, and blog post updated with path-based examples and guidance.

• Tests

  • Extensive new/updated unit, integration, and golden snapshot tests covering path resolution, completions, and edge cases.

• Other

  • Telemetry notice added; CLI help lists a new terraform subcommand ("provision"); legacy CLI config file removed.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

what

Feature Implementation:

• Add metadata inheritance from base components with deep-merge semantics (enabled by default via stacks.inherit.metadata)
• Add metadata.name as a stable logical component identity for workspace key prefixes
• Update workspace key generation precedence: explicit backend prefix → metadata.name → component identity → component path
• Expose new inherit field in atmos describe config output

Bug Fixes:

• Exclude metadata.type: abstract from inheritance to prevent abstract components from becoming deployable
• Apply metadata inheritance in ExecuteDescribeStacks to ensure inherited metadata fields (like terraform_workspace) are resolved when describing stacks
• Handle precedence conflicts: explicit terraform_workspace takes precedence over inherited/imported patterns

Documentation:

• Document metadata.name convention: first-level component folder relative to component base path
• Eliminate manual workspace_key_prefix patterns across version management documentation
• Update all design patterns (folder-based versioning, git flow, release tracks, strict pinning) to use catalog inheritance with metadata.name
• Add PRDs for metadata inheritance and workspace key prefixes
• Improve version management best practices to promote inherited metadata.name over manual settings

Tests:

• Add comprehensive test coverage for metadata inheritance scenarios
• Add tests for workspace key generation with metadata.name
• Add regression test for metadata.type: abstract exclusion
• Update snapshots for new stacks.inherit field in describe config output

why

Feature Justification:

• Metadata inheritance eliminates repetition across component hierarchies by allowing base components to define shared metadata (workspace configuration, Spacelift settings, etc.)
• metadata.name provides a stable, predictable workspace key that doesn't change when component paths are refactored
• Default-enabled inheritance with deep-merge semantics ensures components automatically inherit metadata while allowing explicit overrides

Bug Justification:

• Without excluding metadata.type: abstract, abstract base components could become deployable when inherited, breaking the abstract component pattern
• ExecuteDescribeStacks was only merging YAML imports but not applying component inheritance, causing inherited metadata fields to be ignored
• Pattern/template metadata from imports/inheritance could override explicit workspace values due to precedence order in BuildTerraformWorkspace

Documentation Justification:

• The metadata.name feature was implemented but documentation still showed old manual workspace_key_prefix patterns, creating confusion and encouraging error-prone workarounds
• Creates a clear, consistent convention: metadata.name = top-level component folder
• Makes documentation DRY by showing catalog patterns that inherit the stable key

references

• Implements PRD: Metadata Inheritance
• Implements PRD: Workspace Key Prefixes with metadata.name
• Fixes TestDescribeStacksWithFilter7 which validates inherited terraform_workspace metadata

Summary by CodeRabbit

• New Features

  • Metadata inheritance enabled by default (toggleable via stacks.inherit.metadata).
  • New metadata.name field to provide a stable logical component identity.
  • Workspace key prefix generation now prefers metadata.name with documented fallbacks for stable Terraform state paths.

• Documentation

  • Extensive guides, examples, migration steps, and blog posts covering metadata inheritance and workspace key management.

• Tests

  • Comprehensive unit and integration tests covering inheritance, name precedence, merging, and backend behaviors.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

what

• Add atmos devcontainer command with subcommands for managing development containers
• Support Docker and Podman runtimes with automatic detection
• Implement start, stop, attach, list, logs, rebuild, config, remove, and exec subcommands
• Add comprehensive documentation and examples

why

• Enable developers to manage devcontainers directly from Atmos CLI
• Provide consistent interface for container operations across Docker/Podman
• Support devcontainer spec configuration in atmos.yaml
• Improve developer experience with interactive TUI spinners

references

• PRD: docs/prd/devcontainer-command.md
• Examples: examples/devcontainer/

implementation details

Commands Implemented

• atmos devcontainer list - List all configured devcontainers
• atmos devcontainer start - Create and start a devcontainer
• atmos devcontainer stop - Stop a running devcontainer
• atmos devcontainer attach - Attach to a running devcontainer
• atmos devcontainer logs - Show container logs
• atmos devcontainer rebuild - Rebuild container from scratch
• atmos devcontainer config - Show devcontainer configuration
• atmos devcontainer remove - Remove a devcontainer (stub)
• atmos devcontainer exec - Execute command in container (stub)

Architecture

• Container abstraction layer in pkg/container/ supports multiple runtimes
• Devcontainer logic in pkg/devcontainer/ handles spec parsing and validation
• Command execution in internal/exec/devcontainer*.go with helper functions
• Automatic runtime detection (Docker/Podman) with fallback
• TTY-aware UI with spinners for long-running operations

Code Quality

• All functions refactored to meet complexity thresholds (cognitive <20, cyclomatic <10)
• Files split to stay under 600-line limit
• Magic numbers extracted to named constants
• Comprehensive error handling with static errors
• Added lint exclusion policy to CLAUDE.md

Testing

• Manual testing with Docker runtime
• Tested start/stop/attach/list/logs/rebuild commands
• Verified TTY and non-TTY modes

checklist

• Implementation complete for core commands
• Documentation added for all commands
• Examples provided
• Code refactored to pass linting

Summary by CodeRabbit

• New Features

  • Full Devcontainer CLI: list, start, stop, attach, shell, exec, logs, config, rebuild, remove; instance naming/auto-generation, identity injection, Docker/Podman runtime support, experimental PTY mode with optional masking.

• Bug Fixes

  • Improved early --chdir handling, more reliable alias/flag forwarding, safer child-process environment handling, refined spinner/theming and masking behavior.

• Documentation

  • Extensive devcontainer usage docs, examples, and PRDs added.

• Tests

  • Large expansion of unit/integration tests and generated mocks.

• Chores

  • CI/workflow, linting and packaging adjustments.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Summary

Add ability to enforce Atmos version requirements in atmos.yaml configuration. Teams can now ensure consistent Atmos versions across developers and CI/CD pipelines.

What's Included

Core Implementation

• Version constraint validation using hashicorp/go-version library (already in go.mod)
• Three enforcement levels: fatal (exit), warn (continue), silent (skip)
• Custom error messages for failed constraints
• Environment variable override (ATMOS_VERSION_ENFORCEMENT)

Configuration

version:
  constraint:
    require: ">=1.100.0, <2.0.0"
    enforcement: fatal  # fatal|warn|silent
    message: "Please upgrade Atmos to meet project requirements"

Files Changed

• pkg/schema/version.go - Schema structs with JSON/YAML tags
• pkg/version/constraint.go - Constraint parsing and validation
• pkg/config/utils.go - Integration with config loading
• errors/errors.go - Error definitions
• Comprehensive test coverage in *_test.go files

Documentation

• website/docs/cli/configuration/version-constraints.mdx - Full user guide
• website/docs/cli/configuration/configuration.mdx - Configuration reference update
• website/blog/2025-12-01-version-constraint-validation.mdx - Release blog post
• docs/prd/version-constraint.md - Product requirements document

Key Features

• SemVer constraints: >=2.5.0, <3.0.0, ranges, pessimistic (~>2.5), exclusions (!=2.7.0)
• Terraform-compatible syntax: Users already familiar with this pattern
• Zero new dependencies: Uses existing hashicorp/go-version v1.7.0
• Backward compatible: No changes to existing behavior when constraint not configured

Summary by CodeRabbit

• New Features

  • Add Atmos version constraint support in configuration with semver expressions, enforcement modes (fatal/warn/silent), and optional messages.
  • CLI option to list/filter releases using constraints (--constraint-aware).
  • Environment variable override for enforcement behavior.

• Documentation

  • New and updated docs and blog post with usage examples, syntax, enforcement semantics, precedence, and troubleshooting.
  • Updated blog guidance for allowed post tags and tag validation.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

what

• Moved metadata documentation to stacks/components/ with clearer sidebar label components.*.metadata
• Added documentation for three missing metadata fields: terraform_workspace, terraform_workspace_pattern, and custom
• Updated all cross-references to use new URL structure
• Added bidirectional links between metadata and workspaces documentation

why

Component metadata is currently under-documented. The schema defines 8 metadata fields, but the documentation only covered 5. The location stacks/metadata.mdx also implied stack-level configuration, creating confusion. Moving to stacks/components/metadata.mdx clarifies that metadata is only valid under components.terraform.<name>.metadata.

references

• Schema: pkg/datafetcher/schema/atmos/manifest/1.0.json
• Related docs: website/docs/components/terraform/workspaces.mdx

what

• Restructured documentation with progressive learning path:

  • Renamed /core-concepts → /learn (clearer learning intent)
  • Renamed /introduction → /intro (shorter, cleaner URLs)
  • Created explicit 9-page learning sequence in sidebar
  • Moved 28 advanced pages to dedicated top-level sections

• Simplified URL structure:

  • /learn/* for all learning content
  • /learn/yaml (was /learn/yaml-guide)
  • /intro/*, /install, /faq, /features, /use-cases (top-level)
  • /migration/* (promoted and visible)
  • /components/*, /projects/*, /connections/*, /custom-commands/*, /deploy/*, /describe/*

• Previous work in this PR:

  • Created 9 progressive learning pages (Why Atmos → Next Steps)
  • Added comprehensive YAML reference (844 lines)
  • Created 3 migration guides (Native Terraform, Terragrunt, Workspaces)
  • Improved tone/voice (removed defensive language, added humor)
  • Added dot notation documentation
  • Fixed 100+ broken links from previous reorganization

• New restructure work:

  • Moved 28 files out of learn/ to proper sections
  • Updated 218 link references throughout documentation
  • Restructured sidebar with 6 new top-level sections
  • Added 10 redirects for backwards compatibility
  • Removed obsolete landing pages
  • Made Migration Guides visible by default

why

• "Core Concepts" was ambiguous - unclear if it's for learning or reference
• "Learn" is explicit - immediately communicates purpose to newcomers
• Shorter URLs are better - /intro vs /introduction, /learn/yaml vs /learn/yaml-guide
• Flat structure reduces nesting - easier to find content
• Advanced content mixed with learning - Components, Projects, etc. belong in reference, not learning path
• Migration Guides hidden - users coming from other tools couldn't find them
• Install buried - most important first step was nested too deep

changes

Directory Structure

• docs/core-concepts/ → docs/learn/ (9 learning pages remain)
• docs/introduction/ → docs/intro/ (4 intro pages + why-atmos/)
• docs/core-concepts/components/ → docs/components/ (6 files)
• docs/core-concepts/projects/ → docs/projects/ (6 files)
• docs/core-concepts/share-data/ → docs/connections/ (2 files, renamed)
• docs/core-concepts/custom-commands/ → docs/custom-commands/ (1 file)
• docs/core-concepts/deploy/ → docs/deploy/ (1 file)
• docs/core-concepts/describe/ → docs/describe/ (3 files)

Sidebar Configuration

Before: Mixed autogenerated and explicit, advanced content in learn

After: Clean separation with explicit learning path

// Learn Atmos - 9 explicit pages
'learn/why-atmos',
'learn/concepts-overview',
'learn/first-stack',
'learn/yaml-guide',  // → /learn/yaml
'learn/imports-basics',
'learn/inheritance-basics',
'learn/organizing-stacks',
'learn/connecting-components',
'learn/next-steps'

// 6 new top-level sections
- Components (autogenerated from /components/)
- Projects (autogenerated from /projects/)
- Connections (autogenerated from /connections/)
- Custom Commands (autogenerated from /custom-commands/)
- Deploy (autogenerated from /deploy/)
- Describe (autogenerated from /describe/)

Link Updates (218 references)

• /core-concepts/* → /learn/* (bulk replace)
• /introduction/* → /intro/* (bulk replace)
• /learn/components/* → /components/*
• /learn/projects/* → /projects/*
• /learn/custom-commands/* → /custom-commands/*
• etc.

URL Changes

stats

• 120 files changed: Complete restructure with git history preserved
• 28 files moved: Using git mv to dedicated sections
• 218 link references updated: Throughout documentation
• 10 redirects added: For backwards compatibility
• 6 new sidebar sections: Better organization

migration notes

• All old URLs redirect automatically via docusaurus.config.js
• /core-concepts/* → /learn/* redirects preserve bookmarks
• Git history preserved for all moved files

references

• Follows React/Next.js pattern of "Learn" vs "Reference" separation
• Implements flat URL structure for discoverability
• Progressive learning path: beginner → intermediate → advanced

Co-Authored-By: Claude noreply@anthropic.com

Summary by CodeRabbit

• Documentation
  • Reorganized documentation structure with new Learning Path, enabling faster onboarding
  • Added comprehensive migration guides from Native Terraform, Terragrunt, and Terraform Workspaces
  • Expanded configuration documentation with dedicated sections for authentication, integrations, and settings
  • Added new design patterns and examples for organizing infrastructure at scale
  • Enhanced CLI command documentation with consistent formatting and configuration references

_{✏️ Tip: You can customize this high-level summary in your review settings.}

what

• Created new reference page /reference/yaml-function-merging documenting type-aware merging of YAML functions
• Added concise "Type-Aware Merging" notes to 7 YAML function docs (!template, !env, !exec, !store, !store.get, !terraform.output, !terraform.state) linking to the reference page
• Enhanced !terraform.state documentation with comprehensive single quotes examples (replaced brief reference with full examples)
• Added escaped single quotes example to !terraform.output documentation
• Made both !terraform.output and !terraform.state docs self-contained with parallel structure

why

• Previous "Deferred Evaluation" documentation was verbose (40+ lines duplicated across each function doc) and misleading
• Centralized reference page reduces duplication and makes maintenance easier
• Corrected the explanation: the feature is type-aware merging that allows YAML functions and concrete values to coexist in the inheritance chain - YAML functions have always been evaluated as the final step in stack processing
• !terraform.state documentation previously just referenced !terraform.output docs, requiring users to jump between pages
• Complete examples for single quotes handling (from PR #1560) needed to be documented consistently across both functions
• Self-contained documentation improves user experience by eliminating cross-page navigation

references

• Related to PR #1821: Deferred YAML Function Evaluation in Merge
• Related to PR #1560: Single quote support (#1362)
• Related to Issue #1362: !terraform.output should support single quotes with nested double quotes

Summary by CodeRabbit

• Documentation
  • Added a new reference page on YAML Function Merging and type-aware merging.
  • Inserted type-aware merging notes across YAML function docs to explain coexistence of functions and concrete values.
  • Enhanced guidance and examples for quoting/escaping in YQ expressions.
  • Clarified behavior when referenced component state is absent (returns null) and recommended default handling.
  • Minor table formatting improvements for readability.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

what

• Implemented deferred merge infrastructure to solve type conflicts when YAML functions are present in hierarchical stack configurations
• Added comprehensive test coverage (76 tests, 89.9% code coverage) for deferred merge functionality
• Created blog post documenting the new deferred merge feature
• Cleaned up leftover test fixtures from abandoned implementations

why

• YAML functions (!template, !terraform.output, !store.get, etc.) were being merged before evaluation, creating type mismatches that broke merge operations
• When base configurations had string values and overrides had template functions, the merge would fail due to type conflicts
• This affected real-world scenarios: multi-environment deployments, team-specific configurations, gradual migrations, and mixed configuration sources
• The deferred merge approach (defer → merge → apply) eliminates type conflicts while preserving all YAML function capabilities

references

• PRD: https://github.com/cloudposse/atmos/blob/main/docs/prd/yaml-function-merge-handling.md
• Blog post: website/blog/2025-11-29-deferred-yaml-function-merge.mdx
• Implementation: pkg/merge/merge_yaml_functions.go
• Tests: pkg/merge/merge_deferred_test.go

Summary by CodeRabbit

• New Features

  • Deferred YAML function evaluation during merges to avoid type conflicts.
  • Enhanced !template decoding: JSON strings auto-decode into native YAML structures.
  • Component-aware YAML function processing and configurable list merge strategies (replace, append, merge).

• Updates

  • Large dependency upgrades across SDKs, Kubernetes, container tooling, and utilities.
  • Example Dockerfile Atmos version bumped.

• Tests

  • Extensive new unit, integration, and benchmark tests and fixtures covering YAML functions and deferred-merge scenarios.

• Documentation

  • New design doc and blog post explaining deferred merge workflow and usage.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

what

• Group blog posts by release version instead of date
• Sort with "Unreleased" posts first, then versions in descending semver order
• Display release version as clickable section headers linking to GitHub releases
• Simplified filter UI to show only tag filtering (removed year-based filtering)

why

Blog posts were out of order by version due to mismatched post dates and release dates. Sorting by semver ensures users see features grouped by the version they can upgrade to.

references

Fixes issues where changelog timeline order didn't match release chronology.

Summary by CodeRabbit

• New Features

  • Release badges on blog posts and in the TOC (including "Unreleased"); changelog and sidebar now grouped by release with GitHub links; multi-select year/tag filters for the timeline; sidebar collapse state shared site-wide.

• Documentation

  • Blog front-matter standardized and many posts populated with a release field; release metadata auto-populated for accurate grouping.

• Style

  • Updated badge, timeline, TOC, sidebar and blog layout styles for spacing, responsiveness and dark-mode.

• Chores

  • Simplified tag taxonomy for clearer user-facing categories.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

What

• Convert the Cloud Posse watermark from a non-interactive CSS background image to a clickable anchor element
• Watermark now links to cloudposse.com and opens in a new tab
• Renamed component from CloudPosseLogo to Watermark for clarity

Why

• Improve user experience by making the watermark interactive and clickable
• Better maintainability with a React component instead of CSS background properties
• Consistent with modern web practices for branding elements

How

• Created new Watermark component that renders an anchor tag with two theme-aware images
• Implemented theme switching via CSS using Docusaurus's [data-theme] selector
• Added Root theme component to render watermark on all pages globally
• Removed background-image styling from body element

Summary by CodeRabbit

• New Features

  • Added a Cloud Posse watermark/logo positioned in the bottom-right corner with light/dark theme support, hover effects, and click-through functionality.

• Style

  • Watermark hidden on mobile devices for improved responsiveness.
  • Removed background imagery from theme styling.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Summary

Completely redesigned the changelog/blog list page to replace the narrow sidebar layout with a full-width vertical timeline view. The new design makes better use of screen real estate and provides an intuitive way to browse release notes.

What Changed

• Vertical timeline layout with year/month grouping and alternate left/right entry positioning
• Filter controls for filtering by year and tag
• Collapsible sidebar on individual blog posts (collapsed by default to maximize content width)
• Full abstracts on timeline cards (shows content before <!--truncate--> instead of "...")
• Smooth hover effects with color transitions and connector line animations
• Animated gradient title on the changelog index page

Implementation Details

• Created ChangelogTimeline component with month/year grouping logic
• Custom theme swizzles for BlogListPage, BlogLayout, and BlogSidebar/Desktop
• CSS modules for scoped styling with responsive design
• Filter state management using React hooks

Summary by CodeRabbit

• New Features
  • Interactive changelog timeline with year and tag filters and reset action
  • Timeline grouping by year/month with linked entries and optional excerpts
  • Tag badges with distinct color styling and accessible controls
  • Full‑width changelog page and custom blog layout for improved visual hierarchy
  • Collapsible blog sidebar (desktop) and responsive behavior for mobile/tablet

_{✏️ Tip: You can customize this high-level summary in your review settings.}

what

• Explain version management upfront with concrete examples instead of abstract concepts
• Challenge the "obvious" approach of strict pinning by showing its hidden costs (divergence, weak feedback loops, operational overhead)
• Frame these as design patterns—proven approaches that optimize for different goals
• Remove dedicated "Industry Context" section and weave LaunchDarkly and Thoughtworks quotes naturally into relevant subsections

why

The intro didn't make clear that version management is a complex problem with real trade-offs. Strict pinning seems like the obvious answer but optimizes for the wrong things. By explaining the problem upfront and showing why the obvious answer doesn't work, readers understand why these design patterns matter. Weaving quotes into context (rather than a separate section) follows the excellent approach used in the design documentation itself.

references

Follows the pattern used in /website/docs/design-patterns/version-management/index.mdx which does an excellent job explaining the problem before diving into solutions.

Summary by CodeRabbit

Documentation

• Documentation
  • Updated comprehensive version management guide with concrete, multi-environment examples and refined design patterns explanations.
  • Reorganized content to emphasize convergence vs. control strategies with organizational context.
  • Removed outdated industry context sections and testimonials.
  • Reframed key takeaways to better align with software delivery practices and deployment strategies.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

what

• Created new .github/workflows/pr-size-labeler.yml workflow using pull_request_target event
• Moved pr-size-labeler job from codeql.yml to dedicated workflow
• Workflow now has elevated permissions to label PRs from forks

why

The PR size labeler was failing with 403 Resource not accessible by integration for PRs from forks because pull_request event runs with read-only permissions for non-member contributors. Using pull_request_target runs the workflow in the base repository context with write permissions, while remaining safe because we only use the GitHub API to read file metadata.

references

Fixes #1814

Summary by CodeRabbit

• Chores
  • Moved PR size labeling out of the security workflow into a dedicated PR Size Labeler workflow to improve maintainability and separation of concerns.
  • Restored equivalent PR size labeling behavior in the new workflow while removing the embedded job from the original workflow file.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

what

• Pin golangci-lint to commit 101ccaca which fixes the -c advice.detachedHead=false bug
• Remove git wrapper workaround (~80 lines of hacky code)
• Clean, simple build step for custom golangci-lint with lintroller plugin
• Pin AWS provider to v5.x for LocalStack compatibility

why

golangci-lint fix

The golangci-lint custom command was failing with exit status 128 on CI runners using Git v2.52+.

Root cause: golangci-lint passes "-c advice.detachedHead=false" as a single argument, but Git v2.52+ became stricter and rejects this (expects two separate arguments: "-c" and "advice.detachedHead=false").

Fix: PR #6206 was merged Nov 19, 2025 but not yet released. We pin to the fix commit until v2.6.3+ is released.

LocalStack fix

The LocalStack CI job was failing with MalformedXML error when creating S3 buckets.

Root cause: AWS Terraform provider v6.x has breaking changes in S3 bucket creation that LocalStack 1.4.0 does not support. The providers.tf had no version constraints, so Terraform installed v6.23.0.

Fix: Pin AWS provider to ~> 5.0 in examples/demo-localstack/components/terraform/bucket/providers.tf.

references

• golangci-lint fix PR: golangci/golangci-lint#6206
• Related issue: golangci/golangci-lint#6205

what

• YQ expression defaults (using // fallback operator) now work correctly with !terraform.state and !terraform.output YAML functions when components are not provisioned or outputs don't exist
• Refactored YAML function wrappers to return (any, error) tuples instead of calling os.Exit() via CheckErrorPrintAndExit
• Implemented proper error classification: recoverable errors (component not provisioned, output missing) use YQ defaults; API errors (500, 503, 504, timeouts) propagate as failures
• YQ evaluation now handles null values correctly via the // fallback operator

why

Users experienced sporadic failures with YQ expression defaults in !terraform.state and !terraform.output functions. Root cause: YAML function wrappers returned/exited before YQ pipeline could evaluate defaults. The fix ensures YQ defaults are evaluated for missing data while still failing on API errors that shouldn't use fallbacks.

references

Fixes sporadic failures with YQ default expressions reported by users. Implementation eliminates deep exit calls in favor of proper error propagation through the call stack.

Summary by CodeRabbit

• New Features

  • YQ default value support for terraform.output and terraform.state functions when components aren't provisioned or outputs are missing.

• Bug Fixes

  • Enhanced error handling and recovery for Terraform state and output processing.
  • Improved retry mechanisms with exponential backoff for cloud storage backends.
  • Better error classification with detailed diagnostic logging during infrastructure operations.

• Documentation

  • Updated Terraform function documentation with clarified default-value behavior and error-handling guidance.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

what

• Fixed quoted argument parsing bug: Workflow commands with quoted arguments (e.g., --query '.metadata.component == "gcp/compute/v0.2.0"') are now parsed correctly using shell.Fields() instead of strings.Fields(), which was incorrectly splitting on spaces within quotes
• Redesigned workflow execution architecture: Introduced interface-based dependency injection for testability and maintainability:
  • Created new pkg/workflow/ package with clean separation of concerns
  • Added CommandRunner, AuthProvider, UIProvider interfaces for dependency injection
  • Created Executor struct that orchestrates workflow execution with injected dependencies
  • Added adapter layer in internal/exec/workflow_adapters.go to bridge interfaces with existing code
  • Reduced Execute function from 6 parameters to 1 (*WorkflowParams struct) to comply with argument-limit linter rules

why

• Quoted argument bug: Users reported that workflow commands with complex query expressions containing spaces and quotes were being parsed incorrectly, causing command failures. The fix uses proper shell parsing that respects quote boundaries.
• Architecture redesign: The previous workflow execution code was difficult to test without spawning real processes. The new interface-based design enables:
  • Unit testing with mocks (generated via go.uber.org/mock/mockgen)
  • Clear separation between workflow orchestration logic and execution details
  • Better maintainability through smaller, focused components
  • Compliance with golangci-lint rules (argument-limit, hugeParam, etc.)

references

• Uses mvdan.cc/sh/v3/shell for proper shell argument parsing
• Follows Atmos architectural patterns: interface-driven design, dependency injection, mock generation

Summary by CodeRabbit

• New Features

  • Modular workflow executor with resume support and --from-step to restart from a specific step
  • Improved command parsing to preserve quoted arguments

• Improvements

  • Clearer failure messages with contextual hints and resume commands
  • Better authentication and environment handling during workflow runs

• Chores

  • Bumped multiple dependencies

• Tests

  • Expanded test coverage for workflows, parsing, auth, and resume behaviors

_{✏️ Tip: You can customize this high-level summary in your review settings.}

what

• Prevent serialization of invalid empty backend {"": {}} in backend.tf.json
• Add validation to reject empty backend_type in generateComponentBackendConfig()
• Log warnings when skipping backend generation due to missing config
• Add new error type ErrBackendTypeRequired for proper error handling
• Comprehensive test coverage for missing backend configuration scenarios

why

When backend_type is empty (due to missing config or failed template processing), Atmos was generating invalid Terraform backend configuration {"terraform": {"backend": {"": {}}}}. This causes "Duplicate backend configuration" errors because an empty string is not a valid backend type. The fix prevents invalid config generation and provides helpful warnings directing users to the auto_generate_backend_file: false setting.

references

Fixes the issue where empty backend configuration caused "Duplicate backend configuration" errors in terraform init.

Summary by CodeRabbit

• New Features

  • Added distinct error values to signal missing or empty backend configuration fields.

• Bug Fixes

  • Validation now detects missing/empty backend types after processing, emits warnings, and skips backend file generation for invalid components.

• Tests

  • Expanded coverage for backend validation, empty-backend scenarios, warning logs, and skipped-generation behavior.

• Documentation

  • Added blog post explaining the new backend validation, examples, and migration guidance.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

what

• Fix stack-level default identity not being recognized for atmos describe and atmos list commands
• Add Atmos Auth support to atmos describe component command
• Add --identity flag and ATMOS_IDENTITY env var support to all atmos list commands that use ExecuteDescribeStacks
• Implement two approaches for resolving stack-level auth identity defaults:
  • Component Auth Merge for commands with specific component+stack (describe component, terraform *)
  • Stack Loading for multi-stack commands (describe stacks, describe affected, describe dependents, list *)

why

Issue 1: Stack-level default identity was not recognized

When users configured default: true for an identity in stack config files (e.g., stacks/orgs/acme/_defaults.yaml), it was ignored. Users were prompted to select an identity even though one was configured as default.

Root cause:

• Stack configs need to be processed to find default identities
• But processing stacks may require authentication (for YAML functions)
• Authentication requires knowing the identity upfront

Solution: Two approaches depending on the command type:

1. Component Auth Merge (for describe component, terraform *):

   • Gets component config first without processing YAML functions
   • Merges component-level auth with global auth config
   • Uses existing stack inheritance/merge logic

2. Stack Loading (for describe stacks, describe affected, describe dependents, list *):

   • Performs lightweight YAML parsing of stack files
   • Finds auth.identities.*.default: true without processing templates
   • Merges stack defaults into auth config before creating AuthManager

Issue 2: atmos list commands did not use Atmos Auth

The list commands were not creating an AuthManager, meaning they couldn't authenticate even when identities were configured.

Solution:

• Added --identity flag as a persistent flag on the parent list command
• Added ATMOS_IDENTITY environment variable support via Viper binding
• Created helper functions in cmd/list/utils.go:
  • getIdentityFromCommand: Gets identity from flag or env var
  • createAuthManagerForList: Creates AuthManager for list commands
• Updated all list commands that use ExecuteDescribeStacks to support authentication:
  • list stacks
  • list components
  • list values / list vars
  • list metadata
  • list settings
  • list instances

Commands that don't use ExecuteDescribeStacks (workflows, vendor, themes) don't need auth support since they read from config/registry directly.

Priority Order (lowest to highest)

1. atmos.yaml defaults
2. Stack config defaults (loaded or from component merge)
3. CLI flag (--identity) / environment variable (ATMOS_IDENTITY)

Usage

# Use specific identity for list commands
atmos list stacks --identity my-identity
atmos list components --identity my-identity
atmos list values vpc --identity my-identity

# Or via environment variable
export ATMOS_IDENTITY=my-identity
atmos list stacks

# Disable authentication (use external identity like Leapp)
atmos list stacks --identity=off

references

• New documentation: docs/fixes/stack-level-default-auth-identity.md
• New stack auth loader: pkg/config/stack_auth_loader.go
• New auth helper: pkg/auth/manager_helpers.go
• List command auth helpers: cmd/list/utils.go
• Test fixture: tests/fixtures/scenarios/stack-auth-defaults/

Summary by CodeRabbit

• New Features

  • Added --identity / -i flag to list commands and automatic stack-level default identity loading for auth

• Bug Fixes

  • Improved identity resolution and merging to avoid unnecessary auth prompts for multi-stack and component operations

• Documentation

  • Updated docs with examples for the identity flag and stack-level default identity behavior

• Tests

  • Extensive unit and integration tests for stack-auth defaults and identity resolution

• Chores

  • Updated dependency github.com/aws/smithy-go to v1.24.0

_{✏️ Tip: You can customize this high-level summary in your review settings.}