OLS-3267: spec: AgenticOLSConfig status conditions for suspension observability

[onmete]

Summary

• Adds behavioral rules (5a–5e) for AgenticOLSConfig status subresource with a Suspended condition tracking suspension lifecycle (lastTransitionTime, activation/deactivation reasons)
• Adds Kubernetes Events on suspension activation (Warning) and deactivation (Normal) with affected proposal counts
• Adds CRD API rules (45–46) for status subresource and RBAC requirements
• Adds PLANNED entries for admission-time blocking (deferred to OLS-3302) and sandbox pod isolation (blocked on durable logs RFE)

Design Decisions

From refinement session:

1. Status approach: Standard metav1.Condition with Suspended type + Events. Typed summary fields (e.g., emergencyStoppedCount) deferred as YAGNI — Prometheus metrics are a better fit if dashboarding is needed later.
2. Admission-time blocking: VAP with paramRef per spike OLS-3166. VAP/binding lifecycle ownership deferred to OLS-3302.
3. Sandbox pod isolation: Deferred. NetworkPolicy egress-deny identified as the O(1) mechanism, but pod forensics requires a durable log solution first (separate RFE).

Test plan

• Spec review: rules 5a–5e in system-config.md are consistent with existing rules 1–15
• CRD API rules 45–46 are consistent with existing AgenticOLSConfig rules 42–44
• Planned changes entries reference correct tickets

Made with Cursor

[openshift-ci-robot]

@onmete: This pull request references OLS-3267 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the feature request to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Summary

• Adds behavioral rules (5a–5e) for AgenticOLSConfig status subresource with a Suspended condition tracking suspension lifecycle (lastTransitionTime, activation/deactivation reasons)
• Adds Kubernetes Events on suspension activation (Warning) and deactivation (Normal) with affected proposal counts
• Adds CRD API rules (45–46) for status subresource and RBAC requirements
• Adds PLANNED entries for admission-time blocking (deferred to OLS-3302) and sandbox pod isolation (blocked on durable logs RFE)

Design Decisions

From refinement session:

1. Status approach: Standard metav1.Condition with Suspended type + Events. Typed summary fields (e.g., emergencyStoppedCount) deferred as YAGNI — Prometheus metrics are a better fit if dashboarding is needed later.
2. Admission-time blocking: VAP with paramRef per spike OLS-3166. VAP/binding lifecycle ownership deferred to OLS-3302.
3. Sandbox pod isolation: Deferred. NetworkPolicy egress-deny identified as the O(1) mechanism, but pod forensics requires a durable log solution first (separate RFE).

Test plan

• Spec review: rules 5a–5e in system-config.md are consistent with existing rules 1–15
• CRD API rules 45–46 are consistent with existing AgenticOLSConfig rules 42–44
• Planned changes entries reference correct tickets

Made with Cursor

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• Documentation
  • Enhanced system configuration specification with improved suspension state tracking through status conditions and event notifications.
  • Updated RBAC requirements to grant necessary permissions for status subresource operations.
  • Added planned enhancements for proposal admission-time validation and improved suspension lifecycle observability.

Walkthrough

Two spec documents for the AgenticOLSConfig kill switch are updated to define a /status subresource with a conditions array and a Suspended condition type, specify Kubernetes Event requirements on suspension activation/deactivation, add RBAC permissions for the operator on agenticolsconfigs/status, and append OLS-3267 planned items for admission blocking and sandbox isolation.

Changes

AgenticOLSConfig Kill Switch Spec

Layer / File(s)	Summary
Suspended condition and observability semantics .ai/spec/what/system-config.md, .ai/spec/what/crd-api.md	Adds Jira tracking reference, a new "Suspension Status and Observability" section defining /status subresource, Suspended condition activation/deactivation semantics and timing, Kubernetes Event requirements (type, reason, message with affected-proposal/sandbox counts), and ordering constraint (after all non-terminal proposals are emergency-stopped). Adds matching /status subresource definition and operator RBAC (get, update, patch on agenticolsconfigs/status) to the CRD API spec.
API surface docs and planned changes .ai/spec/what/system-config.md, .ai/spec/what/crd-api.md	Updates both files' configuration surface sections to document status.conditions with Suspended type. Replaces prior planned-item in crd-api.md with OLS-3267. Appends OLS-3267 items in system-config.md for ValidatingAdmissionPolicy-based admission blocking during suspension and a future sandbox pod isolation approach for forensics.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: adding status conditions to AgenticOLSConfig for suspension observability, which matches the changeset modifications across both specification documents.
Description check	✅ Passed	The description comprehensively covers the changeset, detailing behavioral rules, Kubernetes Events, CRD API rules, design decisions, and planned deferrals—all present in the modified specification documents.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign joshuawilson for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.ai/spec/what/crd-api.md (1)

45-46: ⚠️ Potential issue | 🔴 Critical

Rule 45 inherits API type contract break from system-config.md.

Rule 45 references system-config.md rules 5a–5e, which specify a /status subresource with Suspended condition. The CRD type definition (api/v1alpha1/agenticolsconfig_types.go) lacks a Status field; this must be added before rule 45 can be implemented.

Rule 46 (RBAC requirements) is correct: the operator service account needs get, update, and patch permissions on agenticolsconfigs/status. Verify that the operator's RBAC binding includes these subresource permissions.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.ai/spec/what/crd-api.md around lines 45 - 46, The CRD type definition in
the file `api/v1alpha1/agenticolsconfig_types.go` is missing a required Status
field to support the `/status` subresource with a Suspended condition as
specified in system-config.md rules 5a-5e. Add a Status field to the
AgenticolsConfig type that includes a Suspended condition following the standard
Kubernetes condition pattern. Additionally, verify that the operator's RBAC
configuration includes the necessary get, update, and patch permissions on the
agenticolsconfigs/status subresource to allow the operator service account to
modify the status.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.ai/spec/what/system-config.md:
- Line 32: Rule 5d in the AgenticOLSConfig specification requires emitting
Kubernetes Events with SuspensionActivated and SuspensionDeactivated reasons
that include counts of affected proposals and sandbox pods, but lacks a standard
message format definition. Update Rule 5d to specify the exact message format
template for both suspension activation and deactivation events, including
concrete examples that show how to consistently format the count information so
that all implementations produce uniform event messages regardless of the actual
numbers involved.
- Around line 29-34: The AgenticOLSConfig type definition in
api/v1alpha1/agenticolsconfig_types.go is missing the Status field required to
implement the /status subresource specified in rules 5a–5e. Add a new
AgenticOLSConfigStatus struct type that contains a Conditions field of type
slice of metav1.Condition, then add a Status field of type
AgenticOLSConfigStatus to the AgenticOLSConfig struct with appropriate JSON tags
to enable the /status subresource and allow the operator to update suspension
conditions.
- Line 33: The specification document rules 5a-5e require a `Suspended`
condition in the `AgenticOLSConfig` status subresource, but this is not yet
implemented in the CRD (api/v1alpha1/agenticolsconfig_types.go). To resolve
this, you must choose one of two approaches: either implement a dedicated
`AgenticOLSConfig` controller that centralizes the logic to iterate through all
non-terminal proposals, emergency-stop them, and atomically patch the
`Suspended` condition with an accurate proposal count before proceeding; or
update the specification (rules 5a-5e) to relax rule 5e and explicitly allow
eventual consistency, documenting that the condition and proposal count will be
updated after all non-terminal proposals have been individually processed by the
existing proposal reconciler rather than in a single atomic operation.

---

Outside diff comments:
In @.ai/spec/what/crd-api.md:
- Around line 45-46: The CRD type definition in the file
`api/v1alpha1/agenticolsconfig_types.go` is missing a required Status field to
support the `/status` subresource with a Suspended condition as specified in
system-config.md rules 5a-5e. Add a Status field to the AgenticolsConfig type
that includes a Suspended condition following the standard Kubernetes condition
pattern. Additionally, verify that the operator's RBAC configuration includes
the necessary get, update, and patch permissions on the agenticolsconfigs/status
subresource to allow the operator service account to modify the status.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 7bade234-2201-43b1-9b5d-f8048112be6b

📥 Commits

Reviewing files that changed from the base of the PR and between 725a6f6 and 418f80a.

📒 Files selected for processing (2)

• .ai/spec/what/crd-api.md
• .ai/spec/what/system-config.md

🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

• openshift/lightspeed-agentic-sandbox (manual)

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Find the agenticolsconfig_types.go file
find . -name "agenticolsconfig_types.go" -type f

Repository: openshift/lightspeed-agentic-operator

Length of output: 122

---

🏁 Script executed:

#!/bin/bash
# Find the spec file mentioned in the review
find . -path "*/.ai/spec/what/system-config.md" -type f

Repository: openshift/lightspeed-agentic-operator

Length of output: 114

---

🏁 Script executed:

#!/bin/bash
# List API directory structure
fd "api/v1" --type d

Repository: openshift/lightspeed-agentic-operator

Length of output: 63

---

🏁 Script executed:

#!/bin/bash
# Read the agenticolsconfig_types.go file
cat -n ./api/v1alpha1/agenticolsconfig_types.go

Repository: openshift/lightspeed-agentic-operator

Length of output: 3519

---

🏁 Script executed:

#!/bin/bash
# Read the spec file, focusing on the rules mentioned (lines 27-34 based on review)
sed -n '25,40p' ./.ai/spec/what/system-config.md

Repository: openshift/lightspeed-agentic-operator

Length of output: 2765

---

API type definition missing Status field — rules 5a–5e cannot be implemented.

Rules 5a–5e specify a /status subresource with a Suspended condition type on AgenticOLSConfig. However, the CRD type definition in api/v1alpha1/agenticolsconfig_types.go currently has only TypeMeta, ObjectMeta, and Spec fields; the Status field is absent. Kubernetes requires the type definition to include the Status field to serve the /status subresource. Add:

type AgenticOLSConfigStatus struct {
  Conditions []metav1.Condition `json:"conditions,omitempty"`
}

And add the field to AgenticOLSConfig:

Status AgenticOLSConfigStatus `json:"status,omitempty"`

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.ai/spec/what/system-config.md around lines 29 - 34, The AgenticOLSConfig
type definition in api/v1alpha1/agenticolsconfig_types.go is missing the Status
field required to implement the /status subresource specified in rules 5a–5e.
Add a new AgenticOLSConfigStatus struct type that contains a Conditions field of
type slice of metav1.Condition, then add a Status field of type
AgenticOLSConfigStatus to the AgenticOLSConfig struct with appropriate JSON tags
to enable the /status subresource and allow the operator to update suspension
conditions.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Rule 5d: Specify exact event message format for suspension activation/deactivation.

Rule 5d requires Events to include "count of affected proposals and sandbox pods" but does not specify the exact message format. Implementers may produce inconsistent formats: e.g., "System suspended; 12 proposals, 24 pods" vs "12 proposals emergency-stopped; 24 sandbox pods". Define a standard format template to ensure observability consistency.

Example:

• Activation: "System suspended; 12 proposals emergency-stopped, 24 sandbox pods released"
• Deactivation: "System resumed; agentic operations re-enabled"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.ai/spec/what/system-config.md at line 32, Rule 5d in the AgenticOLSConfig
specification requires emitting Kubernetes Events with SuspensionActivated and
SuspensionDeactivated reasons that include counts of affected proposals and
sandbox pods, but lacks a standard message format definition. Update Rule 5d to
specify the exact message format template for both suspension activation and
deactivation events, including concrete examples that show how to consistently
format the count information so that all implementations produce uniform event
messages regardless of the actual numbers involved.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Read the specification file to understand rule 5e in context
cat -n .ai/spec/what/system-config.md | head -50

Repository: openshift/lightspeed-agentic-operator

Length of output: 6709

---

🏁 Script executed:

#!/bin/bash
# Search for rules 12-14 mentioned in the comment
grep -n "12\|13\|14\|Rule 12\|Rule 13\|Rule 14" .ai/spec/what/system-config.md

Repository: openshift/lightspeed-agentic-operator

Length of output: 1241

---

🏁 Script executed:

#!/bin/bash
# Find reconciler implementation files
find . -type f -name "*reconcil*.go" -o -name "*controller*.go" | head -20

Repository: openshift/lightspeed-agentic-operator

Length of output: 233

---

🏁 Script executed:

#!/bin/bash
# Read the proposal reconciler to understand suspension handling
wc -l ./controller/proposal/reconciler.go

Repository: openshift/lightspeed-agentic-operator

Length of output: 121

---

🏁 Script executed:

#!/bin/bash
# Search for suspension-related code in proposal reconciler
grep -n "Suspended\|suspended\|EmergencyStopped\|5e\|status update" ./controller/proposal/reconciler.go | head -30

Repository: openshift/lightspeed-agentic-operator

Length of output: 202

---

🏁 Script executed:

#!/bin/bash
# Find the AgenticOLSConfig controller
find . -type f -name "*.go" | xargs grep -l "AgenticOLSConfig" | grep -i "controller\|reconcil"

Repository: openshift/lightspeed-agentic-operator

Length of output: 263

---

🏁 Script executed:

#!/bin/bash
# Read the proposal reconciler suspension logic
sed -n '75,120p' ./controller/proposal/reconciler.go

Repository: openshift/lightspeed-agentic-operator

Length of output: 1390

---

🏁 Script executed:

#!/bin/bash
# Search for isSuspended function implementation
grep -n "func isSuspended\|func.*Suspended" ./controller/proposal/helpers.go

Repository: openshift/lightspeed-agentic-operator

Length of output: 155

---

🏁 Script executed:

#!/bin/bash
# Search for where Suspended condition is set on AgenticOLSConfig
grep -rn "Suspended.*condition\|condition.*Suspended" ./controller/ | grep -v "EmergencyStopped"

Repository: openshift/lightspeed-agentic-operator

Length of output: 63

---

🏁 Script executed:

#!/bin/bash
# Find all files related to AgenticOLSConfig controller
find . -type f -name "*.go" | xargs grep -l "AgenticOLSConfig.*Reconciler\|type.*Reconciler.*struct" | head -10

Repository: openshift/lightspeed-agentic-operator

Length of output: 117

---

🏁 Script executed:

#!/bin/bash
# Read isSuspended function implementation
sed -n '64,90p' ./controller/proposal/helpers.go

Repository: openshift/lightspeed-agentic-operator

Length of output: 1270

---

🏁 Script executed:

#!/bin/bash
# Search for handleSuspension implementation
grep -n "func.*handleSuspension" ./controller/proposal/reconciler.go

Repository: openshift/lightspeed-agentic-operator

Length of output: 63

---

🏁 Script executed:

#!/bin/bash
# List the main controller structure
ls -la ./controller/

Repository: openshift/lightspeed-agentic-operator

Length of output: 428

---

🏁 Script executed:

#!/bin/bash
# Search for config controller
find ./controller -type d -name "*config*"

Repository: openshift/lightspeed-agentic-operator

Length of output: 63

---

🏁 Script executed:

#!/bin/bash
# Search for handleSuspension in all go files
grep -rn "handleSuspension" ./controller/

Repository: openshift/lightspeed-agentic-operator

Length of output: 456

---

🏁 Script executed:

#!/bin/bash
# Search for where Suspended condition is set/patched
grep -rn "type.*Suspended\|reason.*Suspended\|Suspended.*status\|Suspended.*condition" ./controller/

Repository: openshift/lightspeed-agentic-operator

Length of output: 532

---

🏁 Script executed:

#!/bin/bash
# Read more of the proposal reconciler to find handleSuspension
sed -n '120,180p' ./controller/proposal/reconciler.go

Repository: openshift/lightspeed-agentic-operator

Length of output: 2158

---

🏁 Script executed:

#!/bin/bash
# List all go files in controller to find the config controller
find ./controller -name "*.go" -type f | sort

Repository: openshift/lightspeed-agentic-operator

Length of output: 1427

---

🏁 Script executed:

#!/bin/bash
# Read handleSuspension implementation
sed -n '490,550p' ./controller/proposal/handlers.go

Repository: openshift/lightspeed-agentic-operator

Length of output: 2239

---

🏁 Script executed:

#!/bin/bash
# Search for where AgenticOLSConfig status is patched
grep -rn "status.*patch\|status.*update\|Patch.*Suspended\|Update.*Suspended" ./controller/ | grep -i "config\|agentic"

Repository: openshift/lightspeed-agentic-operator

Length of output: 585

---

🏁 Script executed:

#!/bin/bash
# Search more broadly for AgenticOLSConfig status updates
grep -rn "AgenticOLSConfig" ./controller/setup.go

Repository: openshift/lightspeed-agentic-operator

Length of output: 63

---

🏁 Script executed:

#!/bin/bash
# Check if there's an AgenticOLSConfig controller in main or elsewhere
find . -name "*.go" -type f | xargs grep -l "AgenticOLSConfig.*Reconciler\|func.*SetupWithManager"

Repository: openshift/lightspeed-agentic-operator

Length of output: 117

---

🏁 Script executed:

#!/bin/bash
# Search for where Suspended condition is set on AgenticOLSConfig
grep -rn "\.Status\.Conditions" ./controller/ | grep -i "config\|suspended"

Repository: openshift/lightspeed-agentic-operator

Length of output: 63

---

🏁 Script executed:

#!/bin/bash
# Read setup.go to see if there's an AgenticOLSConfig controller registered
cat ./controller/setup.go

Repository: openshift/lightspeed-agentic-operator

Length of output: 2307

---

🏁 Script executed:

#!/bin/bash
# Search for main.go or cmd files
find . -name "main.go" -type f | head -5

Repository: openshift/lightspeed-agentic-operator

Length of output: 177

---

🏁 Script executed:

#!/bin/bash
# Look for AgenticOLSConfig controller setup
grep -rn "AgenticOLSConfig" ./controller/setup.go

Repository: openshift/lightspeed-agentic-operator

Length of output: 63

---

🏁 Script executed:

#!/bin/bash
# Search broadly for where Suspended condition is updated on AgenticOLSConfig
grep -rn "Suspended.*AdminActivated\|AdminActivated.*Suspended" ./

Repository: openshift/lightspeed-agentic-operator

Length of output: 523

---

🏁 Script executed:

#!/bin/bash
# Search for any condition patches on config objects
grep -rn "config\.Status\.Conditions\|SetStatusCondition.*config" ./controller/

Repository: openshift/lightspeed-agentic-operator

Length of output: 63

---

🏁 Script executed:

#!/bin/bash
# Check if there's a separate reconciler for AgenticOLSConfig
find . -type f -name "*.go" | xargs grep -l "type.*Config.*Reconciler\|AgenticOLSConfig.*Reconcile"

Repository: openshift/lightspeed-agentic-operator

Length of output: 65

---

🏁 Script executed:

#!/bin/bash
# Check the API/CRD definitions to understand what's expected
find . -path "*/api/*" -name "*config*" -type f | head -10

Repository: openshift/lightspeed-agentic-operator

Length of output: 122

---

🏁 Script executed:

#!/bin/bash
# Read the AgenticOLSConfig API types
cat ./api/v1alpha1/agenticolsconfig_types.go

Repository: openshift/lightspeed-agentic-operator

Length of output: 2945

---

🏁 Script executed:

#!/bin/bash
# Search for any reconciler that watches AgenticOLSConfig
grep -rn "SetupWithManager\|Watches.*AgenticOLSConfig" ./controller/proposal/

Repository: openshift/lightspeed-agentic-operator

Length of output: 510

---

🏁 Script executed:

#!/bin/bash
# Check SetupWithManager in proposal reconciler
grep -A 20 "SetupWithManager" ./controller/proposal/reconciler.go

Repository: openshift/lightspeed-agentic-operator

Length of output: 2779

---

🏁 Script executed:

#!/bin/bash
# Read the full SetupWithManager to see the AgenticOLSConfig watch
sed -n '182,230p' ./controller/proposal/reconciler.go

Repository: openshift/lightspeed-agentic-operator

Length of output: 1956

---

🏁 Script executed:

#!/bin/bash
# Check if AgenticOLSConfig has a status subresource defined
grep -A 30 "type AgenticOLSConfig struct" ./api/v1alpha1/agenticolsconfig_types.go | tail -20

Repository: openshift/lightspeed-agentic-operator

Length of output: 610

---

🏁 Script executed:

#!/bin/bash
# Search for Status in the config types file
grep -n "Status\|Conditions" ./api/v1alpha1/agenticolsconfig_types.go

Repository: openshift/lightspeed-agentic-operator

Length of output: 63

---

🏁 Script executed:

#!/bin/bash
# Get the complete agenticolsconfig_types.go file to confirm
wc -l ./api/v1alpha1/agenticolsconfig_types.go

Repository: openshift/lightspeed-agentic-operator

Length of output: 125

---

🏁 Script executed:

#!/bin/bash
# Read the entire file to see if Status is defined anywhere
cat ./api/v1alpha1/agenticolsconfig_types.go

Repository: openshift/lightspeed-agentic-operator

Length of output: 2945

---

🏁 Script executed:

#!/bin/bash
# Check spec files for AgenticOLSConfig to understand what's actually implemented
find ./.ai/spec -name "*.md" | xargs grep -l "AgenticOLSConfig\|Suspended condition"

Repository: openshift/lightspeed-agentic-operator

Length of output: 192

---

🏁 Script executed:

#!/bin/bash
# Check the reconciler tests for how suspension is tested
grep -A 20 "handleSuspension\|Suspended" ./controller/proposal/reconciler_test.go | head -60

Repository: openshift/lightspeed-agentic-operator

Length of output: 1887

---

🏁 Script executed:

#!/bin/bash
# Search for any TODO or FIXME related to Suspended condition on AgenticOLSConfig
grep -rn "TODO\|FIXME\|XXX" ./controller/proposal/ | grep -i "suspended\|status\|config"

Repository: openshift/lightspeed-agentic-operator

Length of output: 63

---

🏁 Script executed:

#!/bin/bash
# Check if there's a separate AgenticOLSConfig reconciler mentioned anywhere
find . -name "*.go" | xargs grep -l "AgenticOLSConfig.*Reconciler\|type.*Reconciler" | xargs grep -l "SetupWithManager"

Repository: openshift/lightspeed-agentic-operator

Length of output: 117

---

🏁 Script executed:

#!/bin/bash
# Search comprehensively for any Status struct on AgenticOLSConfig
find . -name "*.go" | xargs grep -A 50 "AgenticOLSConfigStatus\|type.*Config.*Status"

Repository: openshift/lightspeed-agentic-operator

Length of output: 65

---

🏁 Script executed:

#!/bin/bash
# Check all kubebuilder directives in agenticolsconfig_types.go
grep -n "kubebuilder" ./api/v1alpha1/agenticolsconfig_types.go

Repository: openshift/lightspeed-agentic-operator

Length of output: 564

---

🏁 Script executed:

#!/bin/bash
# Look for any code that patches AgenticOLSConfig status
grep -rn "AgenticOLSConfig.*Patch\|Patch.*AgenticOLSConfig\|\.Status\.Patch" ./

Repository: openshift/lightspeed-agentic-operator

Length of output: 63

---

🏁 Script executed:

#!/bin/bash
# Check if there are any integration tests that verify rule 5e
grep -rn "AdminActivated\|Suspended.*condition\|rule 5e\|5e.*timing" ./

Repository: openshift/lightspeed-agentic-operator

Length of output: 1622

---

🏁 Script executed:

#!/bin/bash
# Check the reconciler spec for more details on suspension status tracking
cat ./.ai/spec/what/crd-api.md | grep -A 10 -B 5 "PLANNED.*OLS-3267"

Repository: openshift/lightspeed-agentic-operator

Length of output: 598

---

🏁 Script executed:

#!/bin/bash
# Check reconciler.md for implementation guidance
cat ./.ai/spec/how/reconciler.md | grep -A 20 "Suspension check"

Repository: openshift/lightspeed-agentic-operator

Length of output: 2768

---

AgenticOLSConfig status subresource and Suspended condition (rules 5a–5e) are not yet implemented.

Rules 5a–5e require AgenticOLSConfig to have a /status subresource with a Suspended condition (status True, reason AdminActivated, message with proposal count) set after all non-terminal proposals have been emergency-stopped. However:

1. The AgenticOLSConfig CRD (api/v1alpha1/agenticolsconfig_types.go) has no status subresource — only spec.
2. The specification itself marks this feature [PLANNED: OLS-3267] in crd-api.md.
3. The proposal reconciler processes proposals individually as they are re-queued; there is no centralized completion-tracking mechanism or separate AgenticOLSConfig controller to coordinate the status update.

The current architecture cannot atomically set the Suspended condition with an accurate proposal count because no single reconciler owns that decision — each proposal reconciliation is independent. Resolve this by either:

• Implementing a dedicated AgenticOLSConfig controller that iterates all non-terminal proposals, terminates them, and then patches the Suspended condition once, or
• Relax rule 5e to allow eventual consistency: update the condition once all non-terminal proposals have been processed, accepting that the count may not reflect true concurrency.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.ai/spec/what/system-config.md at line 33, The specification document rules
5a-5e require a `Suspended` condition in the `AgenticOLSConfig` status
subresource, but this is not yet implemented in the CRD
(api/v1alpha1/agenticolsconfig_types.go). To resolve this, you must choose one
of two approaches: either implement a dedicated `AgenticOLSConfig` controller
that centralizes the logic to iterate through all non-terminal proposals,
emergency-stop them, and atomically patch the `Suspended` condition with an
accurate proposal count before proceeding; or update the specification (rules
5a-5e) to relax rule 5e and explicitly allow eventual consistency, documenting
that the condition and proposal count will be updated after all non-terminal
proposals have been individually processed by the existing proposal reconciler
rather than in a single atomic operation.