chore(docs): add RFC describing OCM package capabilities

[trevex]

What

Currently we have no way to validate the requirements/dependencies/prerequisites of OCM packages. This RFC aims to solve this problem.

Closes #

Why

We want to be able to aid users better, validate` OCM deployments and potentially create DAGs for deployments.

Testing

Only RFC.

Notes for reviewers

Please have a read.

Checklist

• Tests added/updated
• No breaking changes (or upgrade path documented above)
• Readable commit history (squashed and cleaned up as desired)
• AI code review considered and comments resolved

Summary by CodeRabbit

• Documentation
  • Added RFC for a typed "capabilities" resource for OCM component declarations covering Kubernetes version, cluster capacity, per-node constraints, served APIs, and opaque service capabilities.
  • Described strict YAML schema/validation, section-by-section verification semantics, and hybrid resolution (live cluster probes or other components' claims).
  • Documented CLI subcommands for showing, verifying, and resolving capabilities, expected outputs and exit behaviors.
  • Included testing approach and rollout guidance.

[coderabbitai]

Warning

Review limit reached

@trevex, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 33 minutes and 21 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b92f8c97-a964-4e2b-813d-fd8ceb513ae0

📥 Commits

Reviewing files that changed from the base of the PR and between a8ef490 and a8be4cb.

📒 Files selected for processing (1)

• docs/rfcs/rfc01-ocm-component-contracts.md

📝 Walkthrough

Walkthrough

Adds RFC 01: a design for a typed OCM "capabilities" resource (requires/provides), strict YAML schema, hybrid verification via cluster/catalog probes, a proposed ocm-kit/capabilities Go API (Probe interface and orchestration), CLI subcommands, testing/rollout guidance, and v2 deferred items.

Changes

OCM Package Capabilities RFC

Layer / File(s)	Summary
RFC header, motivation, and architecture docs/rfcs/rfc01-ocm-package-capabilities.md	Adds RFC metadata, problem statement, goals/non-goals, and the high-level discovery/parsing and hybrid verification architecture with v1 scoping.
Schema spec and worked examples docs/rfcs/rfc01-ocm-package-capabilities.md	Defines v1 Capabilities YAML schema (requires/provides), strict parsing/validation rules (apiVersion/kind gating, semver/quantity/GVK checks), per-section verifier strategies, and examples demonstrating satisfied/missing/unverified outcomes.
Go package API and probes docs/rfcs/rfc01-ocm-package-capabilities.md	Documents the ocm-kit/capabilities Go API: typed structs, exported constants/errors, the Probe interface, verification orchestration semantics, and factory behaviours (NewClusterProbe/NewCatalogProbe).
Verifier outcomes and CLI design docs/rfcs/rfc01-ocm-package-capabilities.md	Specifies verifier outcome and error classes, probe ordering/short-circuit semantics, and ocm-kit capabilities CLI subcommands (show, verify, resolve), expected output shape, flags, and exit-code behavior.
Testing, rollout, and deferred v2 items docs/rfcs/rfc01-ocm-package-capabilities.md	Covers unit parsing/verification tests, fake-client-based ClusterProbe tests, scoped local e2e, v1 rollout constraints (additive, opt-in), docs updates, and enumerates v2 deferred features (aggregation, CRD-instance provides, optional requirements, authoring helpers).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related issues

• OCM Package Capabilities (RFC) #59: Directly related — describes the same capabilities declaration design, Probe/verification semantics, and CLI subcommands referenced by this RFC.

Poem

A rabbit reads the RFC tonight,
Declares what clusters must invite,
Probes that check, and specs that sing,
Capabilities typed on every wing. 🐇✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: adding an RFC document for OCM package capabilities.
Description check	✅ Passed	The description covers the required sections (What, Why, Testing, Notes) with substantive content, though some checklist items appear misleading for a documentation-only RFC.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/rfc-ocm-package-capabilities

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (4)

docs/rfcs/rfc01-ocm-package-capabilities.md (4)

355-358: ⚡ Quick win

Consider documenting type assertion contract for Requirement.Detail.

The Requirement struct uses Detail any, which will require type assertions in implementing code:

switch req.Kind {
case KubernetesVersion:
    k := req.Detail.(KubernetesRequirement)
    // ...
}

This pattern is common in Go but error-prone. Consider:

1. Adding a code comment documenting the RequirementKind → Detail type mapping, or
2. Providing a helper method like req.AsKubernetes() (*KubernetesRequirement, bool) for safer access, or
3. Evaluating whether a sealed interface (types implementing a private marker method) would provide better type safety

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/rfcs/rfc01-ocm-package-capabilities.md` around lines 355 - 358, The
Requirement struct's Detail field is typed as any which forces callers to use
unchecked type assertions; add one of the following to make the contract
explicit and safer: (a) document the mapping between RequirementKind and the
concrete Detail type in a comment above type Requirement (e.g., RequirementKind
→ KubernetesRequirement, ClusterRequirement, etc.), or (b) add safe helper
accessors such as AsKubernetes() (*KubernetesRequirement, bool) and AsCluster()
(*ClusterRequirement, bool) on Requirement to perform the type assertion and
return a boolean for success, or (c) replace Detail with a sealed interface and
concrete types that implement a private marker method to enforce the allowed
variants; update code that switches on RequirementKind (and any callers of
Requirement.Detail) to use the new helpers or interface.

---

402-402: 💤 Low value

Document rationale for exit code 64.

Exit code 64 follows the BSD sysexits.h convention for usage errors (EX_USAGE), which is a good choice for CLI tools. Consider adding a brief note to clarify this isn't arbitrary:

-| **Usage error** | Caller passed bad input | `64` | (returned from `Verify`) |
+| **Usage error** | Caller passed bad input | `64` (EX_USAGE) | (returned from `Verify`) |

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/rfcs/rfc01-ocm-package-capabilities.md` at line 402, Add a short
rationale below the table clarifying that exit code 64 is chosen to follow the
BSD sysexits.h convention (EX_USAGE) for usage errors; mention that this maps to
callers passing bad input and that the `Verify` function returns this code for
CLI usage errors to make the choice explicit rather than arbitrary.

---

53-77: 💤 Low value

Add language specifiers to fenced code blocks.

Three fenced code blocks are missing language specifiers, which markdownlint flags. Adding them improves rendering and accessibility:

• Line 53: ASCII architecture diagram → add text
• Line 275: Directory structure → add text
• Line 435: CLI output example → add text

📝 Suggested fixes

-```
+```text
                     +-------------------------------+

-```
+```text
 ocm-kit/
   capabilities/

-```
+```text
 $ ocm-kit capabilities verify ./arc:0.2.0 \

Also applies to: 275-284, 435-449

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/rfcs/rfc01-ocm-package-capabilities.md` around lines 53 - 77, Add the
missing Markdown fenced code block language specifiers by changing the three
plain triple-backtick blocks to use "text": the ASCII architecture diagram block
(the block starting with " +-------------------------------+" / "OCM
ComponentVersion"), the directory structure block that begins with "ocm-kit/"
(the tree showing capabilities/), and the CLI output example block that starts
with "$ ocm-kit capabilities verify ..."; update each opening ``` to ```text so
markdownlint stops flagging them and rendering improves.

---

96-96: ⚡ Quick win

Standardize semver constraint format across examples.

The semver version constraints use inconsistent formatting:

• Line 96: ">=1.27.0, <1.31.0" (space after comma, patch versions)
• Line 190 & 216: ">=1.25" (no patch version)
• Line 246: ">=1.27,<1.31" (no space after comma, no patch version)

While github.com/Masterminds/semver/v3 may accept all these formats, consistent formatting across the RFC improves clarity for implementers.

📝 Suggested standardization

Pick one format (e.g., ">=1.27.0, <1.31.0" with spaces and patch versions) and apply it consistently:

- version: ">=1.27,<1.31"
+ version: ">=1.27.0, <1.31.0"

- version: ">=1.25"
+ version: ">=1.25.0"

- version: ">=1.28"
+ version: ">=1.28.0"

Also applies to: 190-190, 216-216, 246-246

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/rfcs/rfc01-ocm-package-capabilities.md` at line 96, Normalize all semver
constraint examples to a single consistent format (use full patch versions and a
space after the comma), e.g. convert occurrences like ">=1.25", ">=1.27,<1.31"
and ">=1.27.0, <1.31.0" to the standardized form ">=1.27.0, <1.31.0" throughout
the RFC (update the literal strings found in the document where version
constraints appear around the examples at the noted locations); ensure every
semver constraint uses patch versions and a single space after commas for
consistency.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/rfcs/rfc01-ocm-package-capabilities.md`:
- Line 267: The narrative claims an "unverified" state for requirements but the
Result struct (Result with fields Satisfied, Missing, Errors) and probe
semantics (probes returning satisfied=false with no errors => Missing) have no
such state; reconcile by either updating the API or the doc: either add an
Unverified []Requirement field to Result and ensure probe logic populates it
when no probe ran/applicable, or change the narrative at line 267 to state the
requirement will be reported as Missing (with metadata explaining no applicable
probe), or adopt the Errors approach by defining and using a specific error type
(e.g., ErrNoApplicableProbe) so such cases appear in Errors; pick one approach
and update the Result definition, probe handling code (probe evaluation path),
and the RFC narrative to match consistently.

---

Nitpick comments:
In `@docs/rfcs/rfc01-ocm-package-capabilities.md`:
- Around line 355-358: The Requirement struct's Detail field is typed as any
which forces callers to use unchecked type assertions; add one of the following
to make the contract explicit and safer: (a) document the mapping between
RequirementKind and the concrete Detail type in a comment above type Requirement
(e.g., RequirementKind → KubernetesRequirement, ClusterRequirement, etc.), or
(b) add safe helper accessors such as AsKubernetes() (*KubernetesRequirement,
bool) and AsCluster() (*ClusterRequirement, bool) on Requirement to perform the
type assertion and return a boolean for success, or (c) replace Detail with a
sealed interface and concrete types that implement a private marker method to
enforce the allowed variants; update code that switches on RequirementKind (and
any callers of Requirement.Detail) to use the new helpers or interface.
- Line 402: Add a short rationale below the table clarifying that exit code 64
is chosen to follow the BSD sysexits.h convention (EX_USAGE) for usage errors;
mention that this maps to callers passing bad input and that the `Verify`
function returns this code for CLI usage errors to make the choice explicit
rather than arbitrary.
- Around line 53-77: Add the missing Markdown fenced code block language
specifiers by changing the three plain triple-backtick blocks to use "text": the
ASCII architecture diagram block (the block starting with "
+-------------------------------+" / "OCM ComponentVersion"), the directory
structure block that begins with "ocm-kit/" (the tree showing capabilities/),
and the CLI output example block that starts with "$ ocm-kit capabilities verify
..."; update each opening ``` to ```text so markdownlint stops flagging them and
rendering improves.
- Line 96: Normalize all semver constraint examples to a single consistent
format (use full patch versions and a space after the comma), e.g. convert
occurrences like ">=1.25", ">=1.27,<1.31" and ">=1.27.0, <1.31.0" to the
standardized form ">=1.27.0, <1.31.0" throughout the RFC (update the literal
strings found in the document where version constraints appear around the
examples at the noted locations); ensure every semver constraint uses patch
versions and a single space after commas for consistency.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 847715a2-0dfd-49dc-8efe-dd9b86316708

📥 Commits

Reviewing files that changed from the base of the PR and between ba14305 and d37fb7b.

📒 Files selected for processing (1)

• docs/rfcs/rfc01-ocm-package-capabilities.md

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/rfcs/rfc01-ocm-package-capabilities.md`:
- Around line 53-77: Several fenced code blocks in the RFC (the ASCII diagram
beginning with "+-------------------------------+", the tree output starting
with "ocm-kit/ capabilities/", and the CLI transcript starting with "$ ocm-kit
capabilities verify") are missing language identifiers and causing markdownlint
MD040 failures; update those fences to include explicit languages (use "text"
for the ASCII diagram and the tree output, and "bash" for the CLI transcript) so
each ```... block becomes ```text or ```bash accordingly, and do the same for
the other two occurrences noted (lines around 275-284 and 449-463) to satisfy
linting.
- Around line 407-415: The RFC must define a deterministic precedence rule for
mixed outcome runs: add a clear ordering (e.g. Usage error (64) highest, then
Probe error (2), then Unverified (3), then Unsatisfied/Missing (1)) and state
that the CLI flags --fail-on-probe-error and --fail-on-unverified promote those
classes to be treated as failures and thus affect the chosen exit code; update
the textual spec and the behavior of Verify to compute the final exit code by
scanning results in that precedence order (and document identical wording for
the other section at lines ~447-463).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 3a3c04eb-48b3-480f-821f-07c59dec6cf9

📥 Commits

Reviewing files that changed from the base of the PR and between d37fb7b and a8ef490.

📒 Files selected for processing (1)

• docs/rfcs/rfc01-ocm-package-capabilities.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add language identifiers to fenced code blocks to satisfy markdownlint.

Three fenced blocks are missing language tags (MD040), which can fail docs linting. Add explicit languages (e.g., text for diagrams/tree output, bash for shell transcripts).

Suggested patch

-```
+```text
                     +-------------------------------+
                     |  OCM ComponentVersion         |
@@
-```
+```text

-```
+```text
 ocm-kit/
   capabilities/
@@
-```
+```text

-```
+```bash
 $ ocm-kit capabilities verify ./arc:0.2.0 \
     --kubeconfig ~/.kube/config \
@@
 2 of 5 unsatisfied. Exit 1.
-```
+```

Also applies to: 275-284, 449-463

🧰 Tools

🪛 markdownlint-cli2 (0.22.1)

[warning] 53-53: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/rfcs/rfc01-ocm-package-capabilities.md` around lines 53 - 77, Several
fenced code blocks in the RFC (the ASCII diagram beginning with
"+-------------------------------+", the tree output starting with "ocm-kit/
capabilities/", and the CLI transcript starting with "$ ocm-kit capabilities
verify") are missing language identifiers and causing markdownlint MD040
failures; update those fences to include explicit languages (use "text" for the
ASCII diagram and the tree output, and "bash" for the CLI transcript) so each
```... block becomes ```text or ```bash accordingly, and do the same for the
other two occurrences noted (lines around 275-284 and 449-463) to satisfy
linting.