Generated Machine-Readable Docs, Deploy Gate Discipline & Publication Redaction
Why This Matters
AI search engines and coding assistants increasingly answer questions about SpeyBooks from the machine-readable documentation at /llms.txt and /llms-full.txt. Until today those files were maintained by hand, and they had drifted: the endpoint listing covered a fraction of the actual API surface, the stated base URL no longer matched the specification, and a documentation link had quietly died in a docs restructure. Nothing could notice, because nothing checked. This release makes both files generated artifacts of the canonical OpenAPI specification and the published content, and puts the marketing deploy itself behind verification gates so that drift between what SpeyBooks claims and what SpeyBooks serves stops a deployment rather than shipping with it.
Machine-Readable Documentation, Generated
llms-full.txt
-
API surface derived from the canonical specification The complete endpoint listing, resource grouping, counts, and base URL are now generated at build time from the same OpenAPI specification served at docs.speybooks.com. The previous hand-maintained listing covered roughly a quarter of the real surface and stated a base URL the specification did not.
-
Full article corpus inlined Every Insights article is now included in full with its canonical URL, publication date, and category, giving AI retrieval systems complete context rather than a brochure summary. Security audit reports are represented by the most recent report in full, with earlier reports indexed by URL.
-
Changelog index Every release is indexed by version, date, title, and canonical URL.
llms.txt
- Rebuilt as a generated link index The summary file now follows the llms.txt convention: a curated index of linked entries with one-line descriptions, generated from the content collections. New articles appear automatically. Pricing figures are no longer duplicated here; the file links to the pricing page and to llms-full.txt instead.
Deploy Verification Gates
The marketing site deploy now runs eight fail-closed verification steps as operational controls. Each names itself on failure and nothing reaches the live site unverified.
-
Specification preflight The canonical API specification must exist and parse before anything builds. Endpoint and resource counts are derived independently at this stage.
-
Output integrity verification The rendered machine-readable documentation must carry the same endpoint and resource counts the specification yields, the rendered page count must meet a sanity floor, and both llms files must exist. If the generator and the gate ever disagree, the deploy stops: that is drift, and drift is a defect.
-
Publication screening, twice Source content is screened for internal identifiers before the build, and the rendered output is screened again after it. The screen list is extensible.
-
Live verification After deployment, key routes must answer on the public internet and the live machine-readable documentation must carry current specification counts. A deploy is not complete until the wire agrees.
Each deploy summary now records the source revision and whether uncommitted changes were present, creating a provenance line from every deployment back to history.
Publication Redaction Boundary
-
Automated audit reports are mechanically redacted at publication The weekly automated security audit publishes its findings unedited, but operational details that would aid reconnaissance (backup naming and scheduling, storage sizing) are now mechanically removed at the publication boundary. Verdicts stay public; operational detail stays with the operator. Each published report states this policy in its closing line.
-
Historical sweep The first run of the publication screen identified an internal infrastructure identifier in one historical changelog entry and one earlier audit report. Both have been redacted, the audit report by deterministic regeneration through the new publication pipeline rather than hand editing.
Fixes
- Dead documentation link corrected Two live pages linked to a documentation route that no longer exists following an earlier docs site restructure. Both now point at the current API reference.
Operational Impact
- Zero internal identifiers in rendered public output, screened at both the source and output layers on every deploy
- Machine-readable API documentation grew from a partial hand-copied listing to the complete surface, derived from the specification it describes
- Twelve Insights articles now fully available to AI retrieval systems with canonical attribution
- A deploy that would publish counts disagreeing with the specification fails before reaching the live site
- Every deployment records its source revision and clean/dirty state
Files Changed
Backend: None
Marketing site:
- Machine-readable documentation routes rebuilt as build-time generators
- Deploy pipeline uplifted to gated verification
- Specification artifact synced into the site at deploy time for build determinism and historical provenance
- One historical changelog entry redacted; one audit report regenerated
- Two pages corrected to the current documentation route
Known Issues
- The registration page still carries static plan prices pending a public pricing source; tracked alongside the wider single-source pricing work.
The marketing site now holds itself to the standard the kernel set: claims derived from canonical sources, verified before publication, and refused when they disagree.