v0.97.3

website: update helm guide to apply patches (#291 )
Updated the helm guide to apply patches while still showing the diff in the documentation markdown. The only gotcha is it creates orig files.
2026-03-19 00:37:45 +00:00 · 2024-10-31 21:04:22 -07:00 · 2024-10-31 20:54:57 -07:00 · 2024-10-31 20:25:40 -07:00 · 2024-10-31 20:13:17 -07:00 · 2024-10-31 16:35:41 -07:00
328 changed files with 38130 additions and 1169 deletions
--- a/.cspell.json
+++ b/.cspell.json
@@ -5,103 +5,314 @@
    "mdx"
  ],
  "words": [
+    "acmesolver",
+    "acraccesstokens",
+    "admissionregistration",
+    "alertmanager",
+    "alertmanagers",
+    "anthos",
+    "apiextensions",
+    "apimachinery",
+    "apiobjects",
+    "apiservers",
    "applicationset",
+    "applicationsets",
+    "appproject",
+    "appprojects",
    "argoproj",
+    "argumentless",
    "authcode",
+    "authorizationpolicies",
+    "authorizationpolicy",
    "authpolicy",
    "authproxy",
    "authroutes",
+    "automount",
+    "automounting",
+    "autoscaler",
+    "balancereader",
+    "blackbox",
    "buildplan",
+    "builtinpluginloadingoptions",
+    "cadvisor",
    "cainjector",
+    "CAROOT",
+    "certificaterequest",
+    "certificaterequests",
+    "certificatesigningrequests",
    "clsx",
+    "clusterexternalsecret",
+    "clusterexternalsecrets",
    "clusterissuer",
+    "clusterissuers",
+    "clusterrole",
+    "clusterrolebinding",
+    "clustersecretstore",
+    "clustersecretstores",
+    "clusterwide",
+    "CNCF",
+    "CODEOWNERS",
+    "configmap",
+    "configmapargs",
+    "connectrpc",
    "cookiesecret",
    "coredns",
+    "corev",
    "CRD's",
    "crds",
    "creds",
    "crossplane",
+    "crunchydata",
    "cuecontext",
    "cuelang",
+    "customresourcedefinition",
+    "daemonset",
+    "deploymentruntimeconfig",
+    "destinationrule",
+    "destinationrules",
    "devicecode",
    "dnsmasq",
    "dscacheutil",
+    "ecrauthorizationtokens",
+    "edns",
+    "endpointslices",
    "entgo",
+    "envoyfilter",
+    "envoyfilters",
+    "errdetails",
    "errgroup",
+    "etcdsnapshotfiles",
+    "externalsecret",
+    "externalsecrets",
+    "fctr",
    "fieldmaskpb",
+    "fieldspec",
    "flushcache",
+    "fullname",
+    "gatewayclass",
+    "gatewayclasses",
+    "gcraccesstokens",
    "gendoc",
+    "generationbehavior",
+    "generatorargs",
+    "generatoroptions",
+    "genproto",
+    "ggnpl",
    "ghaction",
+    "githubaccesstokens",
    "gitops",
    "godoc",
    "golangci",
+    "gomarkdoc",
+    "googleapis",
    "goreleaser",
+    "gotypesalias",
    "grpcreflect",
+    "grpcroute",
+    "grpcroutes",
    "grpcurl",
+    "healthchecks",
+    "healthz",
+    "helmchartargs",
+    "helmchartconfigs",
+    "helmcharts",
+    "Hiera",
    "holos",
    "holoslogger",
+    "horizontalpodautoscaler",
+    "horizontalpodautoscalers",
+    "Hostaliases",
+    "Hostnames",
+    "htpasswd",
    "httpbin",
+    "httproute",
+    "httproutes",
+    "iampolicygenerator",
    "Infima",
+    "intstr",
    "isatty",
    "istiod",
+    "jbrx",
+    "jeffmccune",
    "jetstack",
+    "jiralert",
    "Jsonnet",
+    "kfbh",
    "killall",
    "kubeadm",
    "kubeconfig",
+    "kubelet",
    "kubelogin",
+    "kubernetesobjects",
    "Kustomization",
    "Kustomizations",
    "kustomize",
+    "kustomizebuild",
+    "kvpairsources",
+    "labeldrop",
+    "labelmap",
    "ldflags",
+    "leaderelection",
+    "ledgerwriter",
    "libnss",
+    "limitranges",
+    "livez",
    "loadbalancer",
+    "loadrestrictions",
+    "logfmt",
    "mattn",
+    "mccutchen",
+    "metav",
+    "mindmap",
    "mktemp",
+    "msqbn",
+    "mtls",
    "Multicluster",
+    "mutatingwebhookconfiguration",
+    "mutatingwebhookconfigurations",
    "mxcl",
    "myhostname",
+    "myRegistrKeySecretName",
+    "mysecret",
+    "nameofclusterrole",
    "nameserver",
+    "namespacedname",
+    "ndots",
+    "networkpolicies",
+    "nodename",
+    "nolint",
+    "oauthproxy",
+    "objectmap",
+    "objectmeta",
    "organizationconnect",
    "orgid",
    "otelconnect",
+    "overriden",
    "Parentspanid",
+    "patchstrategicmerge",
+    "pcjc",
+    "peerauthentication",
+    "peerauthentications",
+    "persistentvolumeclaim",
+    "persistentvolumeclaims",
+    "persistentvolumes",
    "pflag",
+    "pgadmin",
+    "pgupgrade",
+    "pipefail",
    "PKCE",
    "platformconnect",
+    "pluginconfig",
+    "pluginrestrictions",
+    "podcli",
+    "poddisruptionbudget",
+    "poddisruptionbudgets",
    "podinfo",
+    "podmonitor",
+    "portmapping",
+    "postgrescluster",
+    "privs",
+    "prometheuses",
    "promhttp",
    "protobuf",
    "protojson",
+    "providerconfig",
+    "proxyconfig",
+    "proxyconfigs",
    "Pulumi",
+    "pushgateway",
+    "pushsecret",
+    "pushsecrets",
    "putenv",
+    "qjbp",
    "quickstart",
+    "QVRFLS",
+    "readyz",
+    "referencegrant",
+    "referencegrants",
+    "Registr",
+    "replacementfield",
+    "replicasets",
+    "replicationcontrollers",
+    "requestauthentication",
+    "requestauthentications",
+    "resourcequotas",
    "retryable",
+    "rolebinding",
+    "rootfs",
    "ropc",
+    "seccomp",
+    "secretargs",
    "SECRETKEY",
+    "secretstore",
    "secretstores",
+    "serverlb",
+    "serverside",
+    "serviceaccount",
+    "servicebindings",
+    "serviceentries",
+    "serviceentry",
+    "servicemonitor",
+    "somevalue",
+    "SOMEVAR",
+    "sortoptions",
    "spanid",
    "spiffe",
+    "stackdriver",
    "startupapicheck",
+    "statefulset",
+    "statefulsets",
+    "stefanprodan",
+    "storageclasses",
+    "streamwatcher",
+    "struct",
    "structpb",
+    "subcharts",
+    "subjectaccessreviews",
+    "svclb",
+    "sysfs",
    "systemconnect",
    "tablewriter",
+    "templatable",
+    "thanos",
    "Tiltfile",
    "timestamppb",
    "Timoni",
    "tlsclientconfig",
    "tokencache",
    "Tokener",
+    "tolerations",
    "Traceid",
    "traefik",
+    "transactionhistory",
+    "tsdb",
+    "typemeta",
+    "udev",
    "uibutton",
+    "unstage",
    "untar",
+    "upbound",
    "Upsert",
    "urandom",
    "usecases",
    "userconnect",
    "userdata",
+    "userservice",
+    "validatingwebhookconfiguration",
+    "validatingwebhookconfigurations",
+    "vaultdynamicsecrets",
+    "virtualservice",
+    "virtualservices",
+    "volumeattachments",
+    "wasmplugin",
+    "wasmplugins",
+    "workloadentries",
+    "workloadentry",
+    "workloadgroup",
+    "workloadgroups",
+    "yournamespace",
    "zerolog",
-    "zitadel"
+    "zitadel",
+    "ztunnel"
  ]
 }
--- a/api/author/v1alpha3/definitions.go
+++ b/api/author/v1alpha3/definitions.go
@@ -11,18 +11,29 @@ import (

 //go:generate ../../../hack/gendoc

+// Component represents the fields common the different kinds of component.  All
+// components have a name, support mixing in resources, and produce a BuildPlan.
+type ComponentFields struct {
+	// Name represents the Component name.
+	Name string
+	// Resources are kubernetes api objects to mix into the output.
+	Resources map[string]any
+	// ArgoConfig represents the ArgoCD GitOps configuration for this Component.
+	ArgoConfig ArgoConfig
+	// BuildPlan represents the derived BuildPlan for the Holos cli to render.
+	BuildPlan core.BuildPlan
+}
+
 // Helm provides a BuildPlan via the Output field which contains one HelmChart
 // from package core.  Useful as a convenience wrapper to render a HelmChart
 // with optional mix-in resources and Kustomization post-processing.
 type Helm struct {
-	// Name represents the chart name.
-	Name string
+	ComponentFields `json:",inline"`
+
 	// Version represents the chart version.
 	Version string
 	// Namespace represents the helm namespace option when rendering the chart.
 	Namespace string
-	// Resources are kubernetes api objects to mix into the output.
-	Resources map[string]any `cue:"{...}"`

 	// Repo represents the chart repository
 	Repo struct {
@@ -57,27 +68,23 @@ type Helm struct {
 	// KustomizeResources represents additional resources files to include in the
 	// kustomize resources list.
 	KustomizeResources map[string]any `cue:"{[string]: {...}}"`
-
-	// ArgoConfig represents the ArgoCD GitOps configuration for this Component.
-	ArgoConfig ArgoConfig
-
-	// Output represents the derived BuildPlan for the Holos cli to render.
-	Output core.BuildPlan
 }

-// Resources represents the default schema for a Kubernetes API object resource.
-// For example, a Service, Namespace or Deployment.  The top level key is the
-// kind of resource so default behavior and strict schema enforcement may be
-// enforced for the kind.  The second level keys are an arbitrary internal
-// label, which serves as the default value for the resource metadata name
-// field, but may differ for situations where the same resource kind and name
-// are managed in different namespaces.
-//
-// Refer to [definitions.cue] for the CUE schema definition as an example to
-// build on when defining your own Components.
-//
-// [definitions.cue]: https://github.com/holos-run/holos/blob/main/internal/generate/platforms/cue.mod/pkg/github.com/holos-run/holos/api/schema/v1alpha3/definitions.cue#L9
-// type Resources map[string]map[string]any
+// Kustomize provides a BuildPlan via the Output field which contains one
+// KustomizeBuild from package core.
+type Kustomize struct {
+	ComponentFields `json:",inline"`
+	// Kustomization represents the kustomize build plan for holos to render.
+	Kustomization core.KustomizeBuild
+}
+
+// Kubernetes provides a BuildPlan via the Output field which contains inline
+// API Objects provided directly from CUE.
+type Kubernetes struct {
+	ComponentFields `json:",inline"`
+	// Objects represents the kubernetes api objects for the Component.
+	Objects core.KubernetesObjects
+}

 // ArgoConfig represents the ArgoCD GitOps configuration for a Component.
 // Useful to define once at the root of the Platform configuration and reuse
@@ -99,6 +106,8 @@ type ArgoConfig struct {
 	// Application.spec.source.targetRevision field.  Defaults to the branch named
 	// main.
 	TargetRevision string `cue:"string | *\"main\""`
+	// AppProject represents the ArgoCD Project to associate the Application with.
+	AppProject string `cue:"string | *\"default\""`
 }

 // Cluster represents a cluster managed by the Platform.
@@ -129,7 +138,7 @@ type StandardFleets struct {
 	// Workload represents a Fleet of zero or more workload Clusters.
 	Workload Fleet `json:"workload" cue:"{name: \"workload\"}"`
 	// Management represents a Fleet with one Cluster named management.
-	Management Fleet `json:"management" cue:"{name: \"management\", clusters: management: _}"`
+	Management Fleet `json:"management" cue:"{name: \"management\"}"`
 }

 // Platform is a convenience structure to produce a core Platform specification
@@ -147,4 +156,71 @@ type Platform struct {
 	// Output represents the core Platform spec for the holos cli to iterate over
 	// and render each listed Component, injecting the Model.
 	Output core.Platform
+	// Domain represents the primary domain the Platform operates in.  This field
+	// is intended as a sensible default for component authors to reference and
+	// platform operators to define.
+	Domain string `cue:"string | *\"holos.localhost\""`
+}
+
+// Organization represents organizational metadata useful across the platform.
+type Organization struct {
+	Name        string
+	DisplayName string
+	Domain      string
+}
+
+// OrganizationStrict represents organizational metadata useful across the
+// platform.  This is an example of using CUE regular expressions to constrain
+// and validate configuration.
+type OrganizationStrict struct {
+	Organization `json:",inline"`
+	// Name represents the organization name as a resource name.  Must be 63
+	// characters or less.  Must start with a letter.  May contain non-repeating
+	// hyphens, letters, and numbers.  Must end with a letter or number.
+	Name string `cue:"=~ \"^[a-z][0-9a-z-]{1,61}[0-9a-z]$\" & !~ \"--\""`
+	// DisplayName represents the human readable organization name.
+	DisplayName string `cue:"=~ \"^[0-9A-Za-z][0-9A-Za-z ]{2,61}[0-9A-Za-z]$\" & !~ \"  \""`
+}
+
+// Projects represents projects managed by the platform team for use by other
+// teams using the platform.
+type Projects map[core.NameLabel]Project
+
+// Project represents logical grouping of components owned by one or more teams.
+// Useful for the platform team to manage resources for project teams to use.
+type Project struct {
+	// Name represents project name.
+	Name string
+	// Owner represents the team who own this project.
+	Owner Owner
+	// Namespaces represents the namespaces assigned to this project.
+	Namespaces map[core.NameLabel]Namespace
+	// Hostnames represents the host names to expose for this project.
+	Hostnames map[core.NameLabel]Hostname
+}
+
+// Owner represents the owner of a resource.  For example, the name and email
+// address of an engineering team.
+type Owner struct {
+	Name  string
+	Email string
+}
+
+// Namespace represents a Kubernetes namespace.
+type Namespace struct {
+	Name string
+}
+
+// Hostname represents the left most dns label of a domain name.
+type Hostname struct {
+	// Name represents the subdomain to expose, e.g. "www"
+	Name string
+	// Namespace represents the namespace metadata.name field of backend object
+	// reference.
+	Namespace string
+	// Service represents the Service metadata.name field of backend object
+	// reference.
+	Service string
+	// Port represents the Service port of the backend object reference.
+	Port int
 }
--- a/api/author/v1alpha3/header.yaml
+++ b/api/author/v1alpha3/header.yaml
@@ -0,0 +1,4 @@
+---
+description: Simplified abstraction to generate core v1alpha3 components.
+sidebar_position: 997
+---
--- a/api/author/v1alpha4/definitions.go
+++ b/api/author/v1alpha4/definitions.go
@@ -0,0 +1,290 @@
+// # Author API
+//
+// Package v1alpha4 contains ergonomic CUE definitions for Holos component
+// authors.  These definitions serve as adapters to produce [Core API] resources
+// for the holos command line tool.
+//
+// [Core API]: https://holos.run/docs/api/core/v1alpha4/
+package v1alpha4
+
+import core "github.com/holos-run/holos/api/core/v1alpha4"
+
+//go:generate ../../../hack/gendoc
+
+// Platform assembles a Core API [Platform] in the Resource field for the holos
+// render platform command.  Use the Components field to register components
+// with the platform using a struct.  This struct is converted into a list for
+// final output to holos.
+//
+// See related:
+//
+//   - [Component] collection of components composing the platform.
+//   - [Platform] resource assembled for holos to process.
+//
+// [Platform]: https://holos.run/docs/api/core/v1alpha4/#Platform
+// [Component]: https://holos.run/docs/api/core/v1alpha4/#Component
+type Platform struct {
+	Name       string
+	Components map[NameLabel]core.Component
+	Resource   core.Platform
+}
+
+// Cluster represents a cluster managed by the Platform.
+type Cluster struct {
+	// Name represents the cluster name, for example "east1", "west1", or
+	// "management".
+	Name string `json:"name"`
+	// Primary represents if the cluster is marked as the primary among a set of
+	// candidate clusters.  Useful for promotion of database leaders.
+	Primary bool `json:"primary" cue:"true | *false"`
+}
+
+// Fleet represents a named collection of similarly configured Clusters.  Useful
+// to segregate workload clusters from their management cluster.
+type Fleet struct {
+	Name string `json:"name"`
+	// Clusters represents a mapping of Clusters by their name.
+	Clusters map[string]Cluster `json:"clusters" cue:"{[Name=_]: name: Name}"`
+}
+
+// StandardFleets represents the standard set of Clusters in a Platform
+// segmented into Fleets by their purpose.  The management Fleet contains a
+// single Cluster, for example a GKE autopilot cluster with no workloads
+// deployed for reliability and cost efficiency.  The workload Fleet contains
+// all other Clusters which contain workloads and sync Secrets from the
+// management cluster.
+type StandardFleets struct {
+	// Workload represents a Fleet of zero or more workload Clusters.
+	Workload Fleet `json:"workload" cue:"{name: \"workload\"}"`
+	// Management represents a Fleet with one Cluster named management.
+	Management Fleet `json:"management" cue:"{name: \"management\"}"`
+}
+
+// ArgoConfig represents the ArgoCD GitOps configuration associated with a
+// [BuildPlan].  Useful to define once at the root of the Platform configuration
+// and reuse across all components.
+//
+// [BuildPlan]: https://holos.run/docs/api/core/v1alpha4/#buildplan
+type ArgoConfig struct {
+	// Enabled causes holos to render an Application resource when true.
+	Enabled bool `cue:"true | *false"`
+	// RepoURL represents the value passed to the Application.spec.source.repoURL
+	// field.
+	RepoURL string
+	// Root represents the path from the git repository root to the WriteTo output
+	// directory, the behavior of the holos render component --write-to flag and
+	// the Core API Component WriteTo field.  Used as a prefix for the
+	// Application.spec.source.path field.
+	Root string `cue:"string | *\"deploy\""`
+	// TargetRevision represents the value passed to the
+	// Application.spec.source.targetRevision field.  Defaults to the branch named
+	// main.
+	TargetRevision string `cue:"string | *\"main\""`
+	// AppProject represents the ArgoCD Project to associate the Application with.
+	AppProject string `cue:"string | *\"default\""`
+}
+
+// Organization represents organizational metadata useful across the platform.
+type Organization struct {
+	Name        string
+	DisplayName string
+	Domain      string
+}
+
+// OrganizationStrict represents organizational metadata useful across the
+// platform.  This is an example of using CUE regular expressions to constrain
+// and validate configuration.
+type OrganizationStrict struct {
+	Organization `json:",inline"`
+	// Name represents the organization name as a resource name.  Must be 63
+	// characters or less.  Must start with a letter.  May contain non-repeating
+	// hyphens, letters, and numbers.  Must end with a letter or number.
+	Name string `cue:"=~ \"^[a-z][0-9a-z-]{1,61}[0-9a-z]$\" & !~ \"--\""`
+	// DisplayName represents the human readable organization name.
+	DisplayName string `cue:"=~ \"^[0-9A-Za-z][0-9A-Za-z ]{2,61}[0-9A-Za-z]$\" & !~ \"  \""`
+}
+
+// Kubernetes provides a [BuildPlan] via the Output field which contains inline
+// API Objects provided directly from CUE in the Resources field of
+// [ComponentConfig].
+//
+// See related:
+//
+//   - [ComponentConfig]
+//   - [BuildPlan]
+//
+// [BuildPlan]: https://holos.run/docs/api/core/v1alpha4/#BuildPlan
+type Kubernetes struct {
+	ComponentConfig `json:",inline"`
+
+	// BuildPlan represents the derived BuildPlan produced for the holos render
+	// component command.
+	BuildPlan core.BuildPlan
+}
+
+// Helm provides a [BuildPlan] via the Output field which generates manifests
+// from a helm chart with optional mix-in resources provided directly from CUE
+// in the Resources field.
+//
+// This definition is a convenient way to produce a [BuildPlan] composed of
+// three [Resources] generators with one [Kustomize] transformer.
+//
+// See related:
+//
+//   - [ComponentConfig]
+//   - [Chart]
+//   - [Values]
+//   - [BuildPlan]
+//
+// [BuildPlan]: https://holos.run/docs/api/core/v1alpha4/#BuildPlan
+// [Chart]: https://holos.run/docs/api/core/v1alpha4/#Chart
+// [Values]: https://holos.run/docs/api/core/v1alpha4/#Values
+type Helm struct {
+	ComponentConfig `json:",inline"`
+
+	// Chart represents a Helm chart.
+	Chart core.Chart
+	// Values represents data to marshal into a values.yaml for helm.
+	Values core.Values
+	// EnableHooks enables helm hooks when executing the `helm template` command.
+	EnableHooks bool
+
+	// BuildPlan represents the derived BuildPlan produced for the holos render
+	// component command.
+	BuildPlan core.BuildPlan
+}
+
+// Kustomize provides a [BuildPlan] via the Output field which generates
+// manifests from a kustomize kustomization with optional mix-in resources
+// provided directly from CUE in the Resources field.
+//
+// See related:
+//
+//   - [ComponentConfig]
+//   - [BuildPlan]
+//
+// [BuildPlan]: https://holos.run/docs/api/core/v1alpha4/#buildplan
+type Kustomize struct {
+	ComponentConfig `json:",inline"`
+
+	// BuildPlan represents the derived BuildPlan produced for the holos render
+	// component command.
+	BuildPlan core.BuildPlan
+}
+
+// ComponentConfig represents the configuration common to all kinds of
+// component.
+//
+//   - [Helm] charts.
+//   - [Kubernetes] resources generated from CUE.
+//   - [Kustomize] bases.
+//
+// See the following resources for additional details:
+//
+//   - [Resources]
+//   - [ArgoConfig]
+//   - [KustomizeConfig]
+//   - [BuildPlan]
+//
+// [BuildPlan]: https://holos.run/docs/api/core/v1alpha4/#BuildPlan
+// [Resources]: https://holos.run/docs/api/core/v1alpha4/#Resources
+type ComponentConfig struct {
+	// Name represents the BuildPlan metadata.name field.  Used to construct the
+	// fully rendered manifest file path.
+	Name string
+	// Component represents the path to the component producing the BuildPlan.
+	Component string
+	// Cluster represents the name of the cluster this BuildPlan is for.
+	Cluster string
+	// Resources represents kubernetes resources mixed into the rendered manifest.
+	Resources core.Resources
+	// ArgoConfig represents the ArgoCD GitOps configuration for this BuildPlan.
+	ArgoConfig ArgoConfig
+	// CommonLabels represents common labels to manage on all rendered manifests.
+	CommonLabels map[string]string
+	// Namespace manages the metadata.namespace field on all resources except the
+	// ArgoCD Application.
+	Namespace string `json:",omitempty"`
+
+	// KustomizeConfig represents the configuration for kustomize.
+	KustomizeConfig KustomizeConfig
+}
+
+// KustomizeConfig represents the configuration for kustomize post processing.
+// The Files field is used to mixing in static manifest files from the component
+// directory.  The Resources field is used for mixing in manifests from network
+// locations urls.
+//
+// See related:
+//
+//   - [ComponentConfig]
+//   - [Kustomization]
+//
+// [Kustomization]: https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/
+type KustomizeConfig struct {
+	// Kustomization represents the kustomization used to transform resources.
+	// Note the resources field is internally managed from the Files and Resources fields.
+	Kustomization map[string]any `json:",omitempty"`
+	// Files represents files to copy from the component directory for kustomization.
+	Files map[string]struct{ Source string } `cue:"{[NAME=_]: Source: NAME}"`
+	// Resources represents additional entries to included in the resources list.
+	Resources map[string]struct{ Source string } `cue:"{[NAME=_]: Source: NAME}"`
+}
+
+// Projects represents projects managed by the platform team for use by other
+// teams using the platform.
+type Projects map[NameLabel]Project
+
+// Project represents logical grouping of components owned by one or more teams.
+// Useful for the platform team to manage resources for project teams to use.
+type Project struct {
+	// Name represents project name.
+	Name string
+	// Owner represents the team who own this project.
+	Owner Owner
+	// Namespaces represents the namespaces assigned to this project.
+	Namespaces map[NameLabel]Namespace
+	// Hostnames represents the host names to expose for this project.
+	Hostnames map[NameLabel]Hostname
+	// CommonLabels represents common labels to manage on all rendered manifests.
+	CommonLabels map[string]string
+}
+
+// Owner represents the owner of a resource.  For example, the name and email
+// address of an engineering team.
+type Owner struct {
+	Name  string
+	Email string
+}
+
+// Namespace represents a Kubernetes namespace.
+type Namespace struct {
+	Name string
+}
+
+// Hostname represents the left most dns label of a domain name.
+type Hostname struct {
+	// Name represents the subdomain to expose, e.g. "www"
+	Name string
+	// Namespace represents the namespace metadata.name field of backend object
+	// reference.
+	Namespace string
+	// Service represents the Service metadata.name field of backend object
+	// reference.
+	Service string
+	// Port represents the Service port of the backend object reference.
+	Port int
+}
+
+// NameLabel signals the common use case of converting a struct to a list where
+// the name field of each value unifies with the field name of the outer struct.
+//
+// For example:
+//
+//	S: [NameLabel=string]: name: NameLabel
+//	S: jeff: _
+//	S: gary: _
+//	S: nate: _
+//	L: [for x in S {x}]
+//	// L is [{name: "jeff"}, {name: "gary"}, {name: "nate"}]
+type NameLabel string
--- a/api/author/v1alpha4/header.yaml
+++ b/api/author/v1alpha4/header.yaml
@@ -0,0 +1,4 @@
+---
+description: Simplified abstraction to generate core v1alpha4 build plans.
+sidebar_position: 996
+---
--- a/api/core/v1alpha2/header.yaml
+++ b/api/core/v1alpha2/header.yaml
@@ -0,0 +1,4 @@
+---
+description: Core v1alpha4 schema for advanced use cases.
+sidebar_position: 998
+---
--- a/api/core/v1alpha3/apiobjects.go
+++ b/api/core/v1alpha3/apiobjects.go
@@ -14,6 +14,12 @@ import "google.golang.org/protobuf/types/known/structpb"
 // output.
 type InternalLabel string

+// NameLabel is a unique identifier useful to convert a CUE struct to a list
+// when the values have a Name field with a default value.  This type is
+// intended to indicate the common use case of converting a struct to a list
+// where the Name field of the value aligns with the struct field name.
+type NameLabel string
+
 // Kind is a kubernetes api object kind. Defined as a type for clarity and type
 // checking.
 type Kind string
--- a/api/core/v1alpha3/header.yaml
+++ b/api/core/v1alpha3/header.yaml
@@ -0,0 +1,4 @@
+---
+description: Core v1alpha3 schema for advanced use cases.
+sidebar_position: 997
+---
--- a/api/core/v1alpha4/header.yaml
+++ b/api/core/v1alpha4/header.yaml
@@ -0,0 +1,4 @@
+---
+description: Core v1alpha2 schema for advanced use cases.
+sidebar_position: 996
+---
--- a/api/core/v1alpha4/types.go
+++ b/api/core/v1alpha4/types.go
@@ -0,0 +1,402 @@
+// # Core API
+//
+// Package v1alpha4 contains the core API contract between the holos cli and CUE
+// configuration code.  Platform designers, operators, and software developers
+// use this API to write configuration in CUE which holos loads.  The Core API
+// is declarative.  Each resource represents a desired state necessary for holos
+// to fully render Kubernetes manifests into plain files.
+//
+// The following resources provide important context for the Core API.  The
+// [Author API] is intended for component authors as a convenient adapter for
+// the Core API resources Holos expects.
+//
+//  1. [Technical Overview]
+//  2. [Quickstart]
+//  3. [Author API]
+//
+// # Platform
+//
+// [Platform] defines the complete configuration of a platform.  A platform
+// represents a [Component] collection.
+//
+// Inspect a Platform resource holos would process by executing:
+//
+//	cue export --out yaml ./platform
+//
+// # Component
+//
+// A [Component] is the combination of CUE code along one path relative to the
+// platform root directory plus data injected from the [PlatformSpec] via CUE tags.
+// The platform configuration root is the directory containing cue.mod.
+//
+// A [Component] always produces exactly one [BuildPlan].
+//
+// # BuildPlan
+//
+// A [BuildPlan] contains an [Artifact] collection.  A BuildPlan often produces
+// two artifacts, one containing the fully rendered Kubernetes API resources,
+// the other containing an additional resource to manage the former with GitOps.
+// For example, a BuildPlan for a podinfo component produces a manifest
+// containing a Deployment and a Service, along with a second manifest
+// containing an ArgoCD Application.
+//
+// Inspect a BuildPlan resource holos render component would process by executing:
+//
+//	cue export --out yaml ./projects/platform/components/namespaces
+//
+// # Artifact
+//
+// An [Artifact] is one fully rendered manifest file produced from the final
+// [Transformer] in a sequence of transformers.  An Artifact may also be
+// produced directly from a [Generator], but this use case is uncommon.
+//
+// # Transformer
+//
+// A [Transformer] takes multiple inputs from prior [Generator] or [Transformer]
+// outputs, then transforms the data into one output.  [Kustomize] is the most
+// commonly used transformer, though a simple [Join] is also supported.
+//
+//  1. [Kustomize] - Patch and transform the output from prior generators or
+//     transformers.  See [Introduction to Kustomize].
+//  2. [Join] - Concatenate multiple prior outputs into one output.
+//
+// # Generators
+//
+// A [Generator] generates Kubernetes resources.  [Helm] and [Resources] are the
+// most commonly used, often paired together to mix-in resources to an
+// unmodified Helm chart.  A simple [File] generator is also available for use
+// with the [Kustomize] transformer.
+//
+//  1. [Resources] - Generates resources from CUE code.
+//  2. [Helm] - Generates rendered yaml from a [Chart].
+//  3. [File] - Generates data by reading a file from the component directory.
+//
+// [Introduction to Kustomize]: https://kubectl.docs.kubernetes.io/guides/config_management/introduction/
+// [Author API]: https://holos.run/docs/api/author/
+// [Quickstart]: https://holos.run/docs/quickstart/
+// [Technical Overview]: https://holos.run/docs/technical-overview/
+package v1alpha4
+
+//go:generate ../../../hack/gendoc
+
+// BuildPlan represents a build plan for holos to execute.  Each [Platform]
+// component produces exactly one BuildPlan.
+//
+// One or more [Artifact] files are produced by a BuildPlan, representing the
+// fully rendered manifests for the Kubernetes API Server.
+//
+// # Example BuildPlan
+//
+// Command:
+//
+//	cue export --out yaml ./projects/platform/components/namespaces
+//
+// Output:
+//
+//	kind: BuildPlan
+//	apiVersion: v1alpha4
+//	metadata:
+//	  name: dev-namespaces
+//	spec:
+//	  component: projects/platform/components/namespaces
+//	  artifacts:
+//	    - artifact: clusters/no-cluster/components/dev-namespaces/dev-namespaces.gen.yaml
+//	      generators:
+//	        - kind: Resources
+//	          output: resources.gen.yaml
+//	          resources:
+//	            Namespace:
+//	              dev-jeff:
+//	                metadata:
+//	                  name: dev-jeff
+//	                  labels:
+//	                    kubernetes.io/metadata.name: dev-jeff
+//	                kind: Namespace
+//	                apiVersion: v1
+//	      transformers:
+//	        - kind: Kustomize
+//	          inputs:
+//	            - resources.gen.yaml
+//	          output: clusters/no-cluster/components/dev-namespaces/dev-namespaces.gen.yaml
+//	          kustomize:
+//	            kustomization:
+//	              commonLabels:
+//	                holos.run/component.name: dev-namespaces
+//	              resources:
+//	                - resources.gen.yaml
+type BuildPlan struct {
+	// Kind represents the type of the resource.
+	Kind string `json:"kind" cue:"\"BuildPlan\""`
+	// APIVersion represents the versioned schema of the resource.
+	APIVersion string `json:"apiVersion" cue:"string | *\"v1alpha4\""`
+	// Metadata represents data about the resource such as the Name.
+	Metadata Metadata `json:"metadata"`
+	// Spec specifies the desired state of the resource.
+	Spec BuildPlanSpec `json:"spec"`
+}
+
+// BuildPlanSpec represents the specification of the [BuildPlan].
+type BuildPlanSpec struct {
+	// Component represents the component that produced the build plan.
+	// Represented as a path relative to the platform root.
+	Component string `json:"component"`
+	// Disabled causes the holos cli to disregard the build plan.
+	Disabled bool `json:"disabled,omitempty"`
+	// Artifacts represents the artifacts for holos to build.
+	Artifacts []Artifact `json:"artifacts"`
+}
+
+// Artifact represents one fully rendered manifest produced by a [Transformer]
+// sequence, which transforms a [Generator] collection.  A [BuildPlan] produces
+// an [Artifact] collection.
+//
+// Each Artifact produces one manifest file artifact.  Generator Output values
+// are used as Transformer Inputs.  The Output field of the final [Transformer]
+// should have the same value as the Artifact field.
+//
+// When there is more than one [Generator] there must be at least one
+// [Transformer] to combine outputs into one Artifact.  If there is a single
+// Generator, it may directly produce the Artifact output.
+//
+// An Artifact is processed concurrently with other artifacts in the same
+// [BuildPlan].  An Artifact should not use an output from another Artifact as
+// an input.  Each [Generator] may also run concurrently.  Each [Transformer] is
+// executed sequentially starting after all generators have completed.
+//
+// Output fields are write-once.  It is an error for multiple Generators or
+// Transformers to produce the same Output value within the context of a
+// [BuildPlan].
+type Artifact struct {
+	Artifact     FilePath      `json:"artifact,omitempty"`
+	Generators   []Generator   `json:"generators,omitempty"`
+	Transformers []Transformer `json:"transformers,omitempty"`
+	Skip         bool          `json:"skip,omitempty"`
+}
+
+// Generator generates an intermediate manifest for a [Artifact].
+//
+// Each Generator in a [Artifact] must have a distinct Output value for a
+// [Transformer] to reference.
+//
+// Refer to [Resources], [Helm], and [File].
+type Generator struct {
+	// Kind represents the kind of generator.  Must be Resources, Helm, or File.
+	Kind string `json:"kind" cue:"\"Resources\" | \"Helm\" | \"File\""`
+	// Output represents a file for a Transformer or Artifact to consume.
+	Output FilePath `json:"output"`
+	// Resources generator. Ignored unless kind is Resources.  Resources are
+	// stored as a two level struct.  The top level key is the Kind of resource,
+	// e.g. Namespace or Deployment.  The second level key is an arbitrary
+	// InternalLabel.  The third level is a map[string]any representing the
+	// Resource.
+	Resources Resources `json:"resources,omitempty"`
+	// Helm generator. Ignored unless kind is Helm.
+	Helm Helm `json:"helm,omitempty"`
+	// File generator. Ignored unless kind is File.
+	File File `json:"file,omitempty"`
+}
+
+// Resource represents one kubernetes api object.
+type Resource map[string]any
+
+// Resources represents a kubernetes resources [Generator] from CUE.
+type Resources map[Kind]map[InternalLabel]Resource
+
+// File represents a simple single file copy [Generator].  Useful with a
+// [Kustomize] [Transformer] to process plain manifest files stored in the
+// component directory.  Multiple File generators may be used to transform
+// multiple resources.
+type File struct {
+	// Source represents a file sub-path relative to the component path.
+	Source FilePath `json:"source"`
+}
+
+// Helm represents a [Chart] manifest [Generator].
+type Helm struct {
+	// Chart represents a helm chart to manage.
+	Chart Chart `json:"chart"`
+	// Values represents values for holos to marshal into values.yaml when
+	// rendering the chart.
+	Values Values `json:"values"`
+	// EnableHooks enables helm hooks when executing the `helm template` command.
+	EnableHooks bool `json:"enableHooks,omitempty"`
+	// Namespace represents the helm namespace flag
+	Namespace string `json:"namespace,omitempty"`
+}
+
+// Values represents [Helm] Chart values generated from CUE.
+type Values map[string]any
+
+// Chart represents a [Helm] Chart.
+type Chart struct {
+	// Name represents the chart name.
+	Name string `json:"name"`
+	// Version represents the chart version.
+	Version string `json:"version"`
+	// Release represents the chart release when executing helm template.
+	Release string `json:"release"`
+	// Repository represents the repository to fetch the chart from.
+	Repository Repository `json:"repository,omitempty"`
+}
+
+// Repository represents a [Helm] [Chart] repository.
+type Repository struct {
+	Name string `json:"name"`
+	URL  string `json:"url"`
+}
+
+// Transformer transforms [Generator] manifests within a [Artifact].
+type Transformer struct {
+	// Kind represents the kind of transformer. Must be Kustomize, or Join.
+	Kind string `json:"kind" cue:"\"Kustomize\" | \"Join\""`
+	// Inputs represents the files to transform. The Output of prior Generators
+	// and Transformers.
+	Inputs []FilePath `json:"inputs"`
+	// Output represents a file for a subsequent Transformer or Artifact to
+	// consume.
+	Output FilePath `json:"output"`
+	// Kustomize transformer. Ignored unless kind is Kustomize.
+	Kustomize Kustomize `json:"kustomize,omitempty"`
+	// Join transformer. Ignored unless kind is Join.
+	Join Join `json:"join,omitempty"`
+}
+
+// Join represents a [Transformer] using [bytes.Join] to concatenate multiple
+// inputs into one output with a separator.  Useful for combining output from
+// [Helm] and [Resources] together into one [Artifact] when [Kustomize] is
+// otherwise unnecessary.
+//
+// [bytes.Join]: https://pkg.go.dev/bytes#Join
+type Join struct {
+	Separator string `json:"separator" cue:"string | *\"---\\n\""`
+}
+
+// Kustomize represents a kustomization [Transformer].
+type Kustomize struct {
+	// Kustomization represents the decoded kustomization.yaml file
+	Kustomization Kustomization `json:"kustomization"`
+	// Files holds file contents for kustomize, e.g. patch files.
+	Files FileContentMap `json:"files,omitempty"`
+}
+
+// Kustomization represents a kustomization.yaml file for use with the
+// [Kustomize] [Transformer].  Untyped to avoid tightly coupling holos to
+// kubectl versions which was a problem for the Flux maintainers.  Type checking
+// is expected to happen in CUE against the kubectl version the user prefers.
+type Kustomization map[string]any
+
+// FileContent represents file contents.
+type FileContent string
+
+// FileContentMap represents a mapping of file paths to file contents.
+type FileContentMap map[FilePath]FileContent
+
+// FilePath represents a file path.
+type FilePath string
+
+// InternalLabel is an arbitrary unique identifier internal to holos itself.
+// The holos cli is expected to never write a InternalLabel value to rendered
+// output files, therefore use a InternalLabel when the identifier must be
+// unique and internal.  Defined as a type for clarity and type checking.
+type InternalLabel string
+
+// Kind is a discriminator. Defined as a type for clarity and type checking.
+type Kind string
+
+// NameLabel is a unique identifier useful to convert a CUE struct to a list
+// when the values have a Name field with a default value.  NameLabel indicates
+// the common use case of converting a struct to a list where the Name field of
+// the value aligns with the outer struct field name.
+//
+// For example:
+//
+//	Outer: [NAME=_]: Name: NAME
+type NameLabel string
+
+// Platform represents a platform to manage.  A Platform resource informs holos
+// which components to build.  The platform resource also acts as a container
+// for the platform model form values provided by the PlatformService.  The
+// primary use case is to collect the cluster names, cluster types, platform
+// model, and holos components to build into one resource.
+type Platform struct {
+	// Kind is a string value representing the resource.
+	Kind string `json:"kind" cue:"\"Platform\""`
+	// APIVersion represents the versioned schema of this resource.
+	APIVersion string `json:"apiVersion" cue:"string | *\"v1alpha4\""`
+	// Metadata represents data about the resource such as the Name.
+	Metadata Metadata `json:"metadata"`
+
+	// Spec represents the specification.
+	Spec PlatformSpec `json:"spec"`
+}
+
+// Metadata represents data about the resource such as the Name.
+type Metadata struct {
+	// Name represents the resource name.
+	Name string `json:"name"`
+}
+
+// PlatformSpec represents the specification of a [Platform].  Think of a
+// platform spec as a [Component] collection for multiple kubernetes clusters
+// combined with the user-specified Platform Model.
+type PlatformSpec struct {
+	// Components represents a list of holos components to manage.
+	Components []Component `json:"components"`
+}
+
+// Component represents the complete context necessary to produce a [BuildPlan].
+// Component carries information injected from holos render platform to holos
+// render component to produce each [BuildPlan].
+//
+// All of these fields are passed to the holos render component command using
+// flags, which in turn are injected to CUE using tags.  For clarity, CUE field
+// and tag names should match the struct json tag names below.
+type Component struct {
+	// Name represents the name of the component. Injected as the tag variable
+	// "holos_name" to set the BuildPlan metadata.name field.  Necessary for clear
+	// user feedback during platform rendering.
+	Name string `json:"name"`
+	// Component represents the path of the component relative to the platform
+	// root.  Injected as the tag variable "holos_component".
+	Component string `json:"component"`
+	// Cluster is the cluster name to provide when rendering the component.
+	// Injected as the tag variable "holos_cluster".
+	Cluster string `json:"cluster"`
+	// Model represents the platform model holos gets from from the
+	// PlatformService.GetPlatform rpc method and provides to CUE using a tag.
+	// Injected as the tag "holos_model".
+	Model map[string]any `json:"model,omitempty"`
+	// Tags represents cue @tag variables injected into the holos render component
+	// command from the holos render platform command.  Tags with a "holos_"
+	// prefix are reserved for use by the Holos Authors.
+	Tags map[string]string `json:"tags,omitempty"`
+	// WriteTo represents the holos render component --write-to flag.  If empty,
+	// the default value for the --write-to flag is used.
+	WriteTo string `json:"writeTo,omitempty"`
+}
+
+// Tags represents standardized fields injected into the component [BuildPlan]
+// from the [Platform].
+//
+// Note, tags should have a reasonable default value to easily use cue eval and
+// cue export without needing to make a bunch of decisions about tag values.
+//
+// Example:
+//
+//	import core "github.com/holos-run/holos/api/core/v1alpha4"
+//	_Tags: core.#Tags & {
+//	  cluster:     _ @tag(cluster, type=string)
+//	  environment: _ @tag(environment, type=string)
+//	  component:   _ @tag(component, type=string)
+//	  name:        _ @tag(name, type=string)
+//	}
+type Tags struct {
+	// Name represents the BuildPlan metadata.name field injected from the Platform.
+	Name string `json:"name" cue:"string | *\"no-name\""`
+	// Cluster represents the cluster name injected from
+	Cluster string `json:"cluster" cue:"string | *\"no-cluster\""`
+	// Environment represents the build plan environment.
+	Environment string `json:"environment" cue:"string | *\"no-environment\""`
+	// Component represents the path of the component relative to the platform root.
+	Component string `json:"component" cue:"string | *\"no-component\""`
+}
--- a/doc/md/api.md
+++ b/doc/md/api.md
@@ -0,0 +1,5 @@
+import DocCardList from '@theme/DocCardList';
+
+# API Reference
+
+<DocCardList />
--- a/doc/md/api/author.md
+++ b/doc/md/api/author.md
@@ -0,0 +1,5 @@
+import DocCardList from '@theme/DocCardList';
+
+# Author API
+
+<DocCardList />
--- a/doc/md/api/author/v1alpha3.md
+++ b/doc/md/api/author/v1alpha3.md
@@ -1,9 +1,13 @@
+---
+description: Simplified abstraction to generate core v1alpha3 components.
+sidebar_position: 997
+---
 <!-- Code generated by gomarkdoc. DO NOT EDIT -->

 # v1alpha3

 ```go
-import "github.com/holos-run/holos/api/schema/v1alpha3"
+import "github.com/holos-run/holos/api/author/v1alpha3"
 ```

 Package v1alpha3 contains CUE definitions intended as convenience wrappers around the core data types defined in package core. The purpose of these wrappers is to make life easier for platform engineers by reducing boiler plate code and generating component build plans in a consistent manner.
@@ -12,9 +16,19 @@ Package v1alpha3 contains CUE definitions intended as convenience wrappers aroun

 - [type ArgoConfig](<#ArgoConfig>)
 - [type Cluster](<#Cluster>)
+- [type ComponentFields](<#ComponentFields>)
 - [type Fleet](<#Fleet>)
 - [type Helm](<#Helm>)
+- [type Hostname](<#Hostname>)
+- [type Kubernetes](<#Kubernetes>)
+- [type Kustomize](<#Kustomize>)
+- [type Namespace](<#Namespace>)
+- [type Organization](<#Organization>)
+- [type OrganizationStrict](<#OrganizationStrict>)
+- [type Owner](<#Owner>)
 - [type Platform](<#Platform>)
+- [type Project](<#Project>)
+- [type Projects](<#Projects>)
 - [type StandardFleets](<#StandardFleets>)


@@ -41,6 +55,8 @@ type ArgoConfig struct {
    // Application.spec.source.targetRevision field.  Defaults to the branch named
    // main.
    TargetRevision string `cue:"string | *\"main\""`
+    // AppProject represents the ArgoCD Project to associate the Application with.
+    AppProject string `cue:"string | *\"default\""`
 }
 ```

@@ -60,6 +76,24 @@ type Cluster struct {
 }
 ```

+<a name="ComponentFields"></a>
+## type ComponentFields {#ComponentFields}
+
+Component represents the fields common the different kinds of component. All components have a name, support mixing in resources, and produce a BuildPlan.
+
+```go
+type ComponentFields struct {
+    // Name represents the Component name.
+    Name string
+    // Resources are kubernetes api objects to mix into the output.
+    Resources map[string]any
+    // ArgoConfig represents the ArgoCD GitOps configuration for this Component.
+    ArgoConfig ArgoConfig
+    // BuildPlan represents the derived BuildPlan for the Holos cli to render.
+    BuildPlan core.BuildPlan
+}
+```
+
 <a name="Fleet"></a>
 ## type Fleet {#Fleet}

@@ -80,14 +114,12 @@ Helm provides a BuildPlan via the Output field which contains one HelmChart from

 ```go
 type Helm struct {
-    // Name represents the chart name.
-    Name string
+    ComponentFields `json:",inline"`
+
    // Version represents the chart version.
    Version string
    // Namespace represents the helm namespace option when rendering the chart.
    Namespace string
-    // Resources are kubernetes api objects to mix into the output.
-    Resources map[string]any `cue:"{...}"`

    // Repo represents the chart repository
    Repo struct {
@@ -122,12 +154,105 @@ type Helm struct {
    // KustomizeResources represents additional resources files to include in the
    // kustomize resources list.
    KustomizeResources map[string]any `cue:"{[string]: {...}}"`
+}
+```

-    // ArgoConfig represents the ArgoCD GitOps configuration for this Component.
-    ArgoConfig ArgoConfig
+<a name="Hostname"></a>
+## type Hostname {#Hostname}

-    // Output represents the derived BuildPlan for the Holos cli to render.
-    Output core.BuildPlan
+Hostname represents the left most dns label of a domain name.
+
+```go
+type Hostname struct {
+    // Name represents the subdomain to expose, e.g. "www"
+    Name string
+    // Namespace represents the namespace metadata.name field of backend object
+    // reference.
+    Namespace string
+    // Service represents the Service metadata.name field of backend object
+    // reference.
+    Service string
+    // Port represents the Service port of the backend object reference.
+    Port int
+}
+```
+
+<a name="Kubernetes"></a>
+## type Kubernetes {#Kubernetes}
+
+Kubernetes provides a BuildPlan via the Output field which contains inline API Objects provided directly from CUE.
+
+```go
+type Kubernetes struct {
+    ComponentFields `json:",inline"`
+    // Objects represents the kubernetes api objects for the Component.
+    Objects core.KubernetesObjects
+}
+```
+
+<a name="Kustomize"></a>
+## type Kustomize {#Kustomize}
+
+Kustomize provides a BuildPlan via the Output field which contains one KustomizeBuild from package core.
+
+```go
+type Kustomize struct {
+    ComponentFields `json:",inline"`
+    // Kustomization represents the kustomize build plan for holos to render.
+    Kustomization core.KustomizeBuild
+}
+```
+
+<a name="Namespace"></a>
+## type Namespace {#Namespace}
+
+Namespace represents a Kubernetes namespace.
+
+```go
+type Namespace struct {
+    Name string
+}
+```
+
+<a name="Organization"></a>
+## type Organization {#Organization}
+
+Organization represents organizational metadata useful across the platform.
+
+```go
+type Organization struct {
+    Name        string
+    DisplayName string
+    Domain      string
+}
+```
+
+<a name="OrganizationStrict"></a>
+## type OrganizationStrict {#OrganizationStrict}
+
+OrganizationStrict represents organizational metadata useful across the platform. This is an example of using CUE regular expressions to constrain and validate configuration.
+
+```go
+type OrganizationStrict struct {
+    Organization `json:",inline"`
+    // Name represents the organization name as a resource name.  Must be 63
+    // characters or less.  Must start with a letter.  May contain non-repeating
+    // hyphens, letters, and numbers.  Must end with a letter or number.
+    Name string `cue:"=~ \"^[a-z][0-9a-z-]{1,61}[0-9a-z]$\" & !~ \"--\""`
+    // DisplayName represents the human readable organization name.
+    DisplayName string `cue:"=~ \"^[0-9A-Za-z][0-9A-Za-z ]{2,61}[0-9A-Za-z]$\" & !~ \"  \""`
+}
+```
+
+<a name="Owner"></a>
+## type Owner {#Owner}
+
+Owner represents the owner of a resource. For example, the name and email address of an engineering team.
+
+```go
+type Owner struct {
+    Name  string
+    Email string
 }
 ```

@@ -148,9 +273,40 @@ type Platform struct {
    // Output represents the core Platform spec for the holos cli to iterate over
    // and render each listed Component, injecting the Model.
    Output core.Platform
+    // Domain represents the primary domain the Platform operates in.  This field
+    // is intended as a sensible default for component authors to reference and
+    // platform operators to define.
+    Domain string `cue:"string | *\"holos.localhost\""`
 }
 ```

+<a name="Project"></a>
+## type Project {#Project}
+
+Project represents logical grouping of components owned by one or more teams. Useful for the platform team to manage resources for project teams to use.
+
+```go
+type Project struct {
+    // Name represents project name.
+    Name string
+    // Owner represents the team who own this project.
+    Owner Owner
+    // Namespaces represents the namespaces assigned to this project.
+    Namespaces map[core.NameLabel]Namespace
+    // Hostnames represents the host names to expose for this project.
+    Hostnames map[core.NameLabel]Hostname
+}
+```
+
+<a name="Projects"></a>
+## type Projects {#Projects}
+
+Projects represents projects managed by the platform team for use by other teams using the platform.
+
+```go
+type Projects map[core.NameLabel]Project
+```
+
 <a name="StandardFleets"></a>
 ## type StandardFleets {#StandardFleets}

@@ -161,7 +317,7 @@ type StandardFleets struct {
    // Workload represents a Fleet of zero or more workload Clusters.
    Workload Fleet `json:"workload" cue:"{name: \"workload\"}"`
    // Management represents a Fleet with one Cluster named management.
-    Management Fleet `json:"management" cue:"{name: \"management\", clusters: management: _}"`
+    Management Fleet `json:"management" cue:"{name: \"management\"}"`
 }
 ```

--- a/doc/md/api/author/v1alpha4.md
+++ b/doc/md/api/author/v1alpha4.md
@@ -0,0 +1,381 @@
+---
+description: Simplified abstraction to generate core v1alpha4 build plans.
+sidebar_position: 996
+---
+<!-- Code generated by gomarkdoc. DO NOT EDIT -->
+
+# v1alpha4
+
+```go
+import "github.com/holos-run/holos/api/author/v1alpha4"
+```
+
+### Author API
+
+Package v1alpha4 contains ergonomic CUE definitions for Holos component authors. These definitions serve as adapters to produce [Core API](<https://holos.run/docs/api/core/v1alpha4/>) resources for the holos command line tool.
+
+## Index
+
+- [type ArgoConfig](<#ArgoConfig>)
+- [type Cluster](<#Cluster>)
+- [type ComponentConfig](<#ComponentConfig>)
+- [type Fleet](<#Fleet>)
+- [type Helm](<#Helm>)
+- [type Hostname](<#Hostname>)
+- [type Kubernetes](<#Kubernetes>)
+- [type Kustomize](<#Kustomize>)
+- [type KustomizeConfig](<#KustomizeConfig>)
+- [type NameLabel](<#NameLabel>)
+- [type Namespace](<#Namespace>)
+- [type Organization](<#Organization>)
+- [type OrganizationStrict](<#OrganizationStrict>)
+- [type Owner](<#Owner>)
+- [type Platform](<#Platform>)
+- [type Project](<#Project>)
+- [type Projects](<#Projects>)
+- [type StandardFleets](<#StandardFleets>)
+
+
+<a name="ArgoConfig"></a>
+## type ArgoConfig {#ArgoConfig}
+
+ArgoConfig represents the ArgoCD GitOps configuration associated with a [BuildPlan](<https://holos.run/docs/api/core/v1alpha4/#buildplan>). Useful to define once at the root of the Platform configuration and reuse across all components.
+
+```go
+type ArgoConfig struct {
+    // Enabled causes holos to render an Application resource when true.
+    Enabled bool `cue:"true | *false"`
+    // RepoURL represents the value passed to the Application.spec.source.repoURL
+    // field.
+    RepoURL string
+    // Root represents the path from the git repository root to the WriteTo output
+    // directory, the behavior of the holos render component --write-to flag and
+    // the Core API Component WriteTo field.  Used as a prefix for the
+    // Application.spec.source.path field.
+    Root string `cue:"string | *\"deploy\""`
+    // TargetRevision represents the value passed to the
+    // Application.spec.source.targetRevision field.  Defaults to the branch named
+    // main.
+    TargetRevision string `cue:"string | *\"main\""`
+    // AppProject represents the ArgoCD Project to associate the Application with.
+    AppProject string `cue:"string | *\"default\""`
+}
+```
+
+<a name="Cluster"></a>
+## type Cluster {#Cluster}
+
+Cluster represents a cluster managed by the Platform.
+
+```go
+type Cluster struct {
+    // Name represents the cluster name, for example "east1", "west1", or
+    // "management".
+    Name string `json:"name"`
+    // Primary represents if the cluster is marked as the primary among a set of
+    // candidate clusters.  Useful for promotion of database leaders.
+    Primary bool `json:"primary" cue:"true | *false"`
+}
+```
+
+<a name="ComponentConfig"></a>
+## type ComponentConfig {#ComponentConfig}
+
+ComponentConfig represents the configuration common to all kinds of component.
+
+- [Helm](<#Helm>) charts.
+- [Kubernetes](<#Kubernetes>) resources generated from CUE.
+- [Kustomize](<#Kustomize>) bases.
+
+See the following resources for additional details:
+
+- [Resources](<https://holos.run/docs/api/core/v1alpha4/#Resources>)
+- [ArgoConfig](<#ArgoConfig>)
+- [KustomizeConfig](<#KustomizeConfig>)
+- [BuildPlan](<https://holos.run/docs/api/core/v1alpha4/#BuildPlan>)
+
+```go
+type ComponentConfig struct {
+    // Name represents the BuildPlan metadata.name field.  Used to construct the
+    // fully rendered manifest file path.
+    Name string
+    // Component represents the path to the component producing the BuildPlan.
+    Component string
+    // Cluster represents the name of the cluster this BuildPlan is for.
+    Cluster string
+    // Resources represents kubernetes resources mixed into the rendered manifest.
+    Resources core.Resources
+    // ArgoConfig represents the ArgoCD GitOps configuration for this BuildPlan.
+    ArgoConfig ArgoConfig
+    // CommonLabels represents common labels to manage on all rendered manifests.
+    CommonLabels map[string]string
+    // Namespace manages the metadata.namespace field on all resources except the
+    // ArgoCD Application.
+    Namespace string `json:",omitempty"`
+
+    // KustomizeConfig represents the configuration for kustomize.
+    KustomizeConfig KustomizeConfig
+}
+```
+
+<a name="Fleet"></a>
+## type Fleet {#Fleet}
+
+Fleet represents a named collection of similarly configured Clusters. Useful to segregate workload clusters from their management cluster.
+
+```go
+type Fleet struct {
+    Name string `json:"name"`
+    // Clusters represents a mapping of Clusters by their name.
+    Clusters map[string]Cluster `json:"clusters" cue:"{[Name=_]: name: Name}"`
+}
+```
+
+<a name="Helm"></a>
+## type Helm {#Helm}
+
+Helm provides a [BuildPlan](<https://holos.run/docs/api/core/v1alpha4/#BuildPlan>) via the Output field which generates manifests from a helm chart with optional mix\-in resources provided directly from CUE in the Resources field.
+
+This definition is a convenient way to produce a [BuildPlan](<https://holos.run/docs/api/core/v1alpha4/#BuildPlan>) composed of three \[Resources\] generators with one [Kustomize](<#Kustomize>) transformer.
+
+See related:
+
+- [ComponentConfig](<#ComponentConfig>)
+- [Chart](<https://holos.run/docs/api/core/v1alpha4/#Chart>)
+- [Values](<https://holos.run/docs/api/core/v1alpha4/#Values>)
+- [BuildPlan](<https://holos.run/docs/api/core/v1alpha4/#BuildPlan>)
+
+```go
+type Helm struct {
+    ComponentConfig `json:",inline"`
+
+    // Chart represents a Helm chart.
+    Chart core.Chart
+    // Values represents data to marshal into a values.yaml for helm.
+    Values core.Values
+    // EnableHooks enables helm hooks when executing the `helm template` command.
+    EnableHooks bool
+
+    // BuildPlan represents the derived BuildPlan produced for the holos render
+    // component command.
+    BuildPlan core.BuildPlan
+}
+```
+
+<a name="Hostname"></a>
+## type Hostname {#Hostname}
+
+Hostname represents the left most dns label of a domain name.
+
+```go
+type Hostname struct {
+    // Name represents the subdomain to expose, e.g. "www"
+    Name string
+    // Namespace represents the namespace metadata.name field of backend object
+    // reference.
+    Namespace string
+    // Service represents the Service metadata.name field of backend object
+    // reference.
+    Service string
+    // Port represents the Service port of the backend object reference.
+    Port int
+}
+```
+
+<a name="Kubernetes"></a>
+## type Kubernetes {#Kubernetes}
+
+Kubernetes provides a [BuildPlan](<https://holos.run/docs/api/core/v1alpha4/#BuildPlan>) via the Output field which contains inline API Objects provided directly from CUE in the Resources field of [ComponentConfig](<#ComponentConfig>).
+
+See related:
+
+- [ComponentConfig](<#ComponentConfig>)
+- [BuildPlan](<https://holos.run/docs/api/core/v1alpha4/#BuildPlan>)
+
+```go
+type Kubernetes struct {
+    ComponentConfig `json:",inline"`
+
+    // BuildPlan represents the derived BuildPlan produced for the holos render
+    // component command.
+    BuildPlan core.BuildPlan
+}
+```
+
+<a name="Kustomize"></a>
+## type Kustomize {#Kustomize}
+
+Kustomize provides a [BuildPlan](<https://holos.run/docs/api/core/v1alpha4/#buildplan>) via the Output field which generates manifests from a kustomize kustomization with optional mix\-in resources provided directly from CUE in the Resources field.
+
+See related:
+
+- [ComponentConfig](<#ComponentConfig>)
+- [BuildPlan](<https://holos.run/docs/api/core/v1alpha4/#buildplan>)
+
+```go
+type Kustomize struct {
+    ComponentConfig `json:",inline"`
+
+    // BuildPlan represents the derived BuildPlan produced for the holos render
+    // component command.
+    BuildPlan core.BuildPlan
+}
+```
+
+<a name="KustomizeConfig"></a>
+## type KustomizeConfig {#KustomizeConfig}
+
+KustomizeConfig represents the configuration for kustomize post processing. The Files field is used to mixing in static manifest files from the component directory. The Resources field is used for mixing in manifests from network locations urls.
+
+See related:
+
+- [ComponentConfig](<#ComponentConfig>)
+- [Kustomization](<https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/>)
+
+```go
+type KustomizeConfig struct {
+    // Kustomization represents the kustomization used to transform resources.
+    // Note the resources field is internally managed from the Files and Resources fields.
+    Kustomization map[string]any `json:",omitempty"`
+    // Files represents files to copy from the component directory for kustomization.
+    Files map[string]struct{ Source string } `cue:"{[NAME=_]: Source: NAME}"`
+    // Resources represents additional entries to included in the resources list.
+    Resources map[string]struct{ Source string } `cue:"{[NAME=_]: Source: NAME}"`
+}
+```
+
+<a name="NameLabel"></a>
+## type NameLabel {#NameLabel}
+
+NameLabel signals the common use case of converting a struct to a list where the name field of each value unifies with the field name of the outer struct.
+
+For example:
+
+```
+S: [NameLabel=string]: name: NameLabel
+S: jeff: _
+S: gary: _
+S: nate: _
+L: [for x in S {x}]
+// L is [{name: "jeff"}, {name: "gary"}, {name: "nate"}]
+```
+
+```go
+type NameLabel string
+```
+
+<a name="Namespace"></a>
+## type Namespace {#Namespace}
+
+Namespace represents a Kubernetes namespace.
+
+```go
+type Namespace struct {
+    Name string
+}
+```
+
+<a name="Organization"></a>
+## type Organization {#Organization}
+
+Organization represents organizational metadata useful across the platform.
+
+```go
+type Organization struct {
+    Name        string
+    DisplayName string
+    Domain      string
+}
+```
+
+<a name="OrganizationStrict"></a>
+## type OrganizationStrict {#OrganizationStrict}
+
+OrganizationStrict represents organizational metadata useful across the platform. This is an example of using CUE regular expressions to constrain and validate configuration.
+
+```go
+type OrganizationStrict struct {
+    Organization `json:",inline"`
+    // Name represents the organization name as a resource name.  Must be 63
+    // characters or less.  Must start with a letter.  May contain non-repeating
+    // hyphens, letters, and numbers.  Must end with a letter or number.
+    Name string `cue:"=~ \"^[a-z][0-9a-z-]{1,61}[0-9a-z]$\" & !~ \"--\""`
+    // DisplayName represents the human readable organization name.
+    DisplayName string `cue:"=~ \"^[0-9A-Za-z][0-9A-Za-z ]{2,61}[0-9A-Za-z]$\" & !~ \"  \""`
+}
+```
+
+<a name="Owner"></a>
+## type Owner {#Owner}
+
+Owner represents the owner of a resource. For example, the name and email address of an engineering team.
+
+```go
+type Owner struct {
+    Name  string
+    Email string
+}
+```
+
+<a name="Platform"></a>
+## type Platform {#Platform}
+
+Platform assembles a Core API [Platform](<https://holos.run/docs/api/core/v1alpha4/#Platform>) in the Resource field for the holos render platform command. Use the Components field to register components with the platform using a struct. This struct is converted into a list for final output to holos.
+
+See related:
+
+- [Component](<https://holos.run/docs/api/core/v1alpha4/#Component>) collection of components composing the platform.
+- [Platform](<https://holos.run/docs/api/core/v1alpha4/#Platform>) resource assembled for holos to process.
+
+```go
+type Platform struct {
+    Name       string
+    Components map[NameLabel]core.Component
+    Resource   core.Platform
+}
+```
+
+<a name="Project"></a>
+## type Project {#Project}
+
+Project represents logical grouping of components owned by one or more teams. Useful for the platform team to manage resources for project teams to use.
+
+```go
+type Project struct {
+    // Name represents project name.
+    Name string
+    // Owner represents the team who own this project.
+    Owner Owner
+    // Namespaces represents the namespaces assigned to this project.
+    Namespaces map[NameLabel]Namespace
+    // Hostnames represents the host names to expose for this project.
+    Hostnames map[NameLabel]Hostname
+    // CommonLabels represents common labels to manage on all rendered manifests.
+    CommonLabels map[string]string
+}
+```
+
+<a name="Projects"></a>
+## type Projects {#Projects}
+
+Projects represents projects managed by the platform team for use by other teams using the platform.
+
+```go
+type Projects map[NameLabel]Project
+```
+
+<a name="StandardFleets"></a>
+## type StandardFleets {#StandardFleets}
+
+StandardFleets represents the standard set of Clusters in a Platform segmented into Fleets by their purpose. The management Fleet contains a single Cluster, for example a GKE autopilot cluster with no workloads deployed for reliability and cost efficiency. The workload Fleet contains all other Clusters which contain workloads and sync Secrets from the management cluster.
+
+```go
+type StandardFleets struct {
+    // Workload represents a Fleet of zero or more workload Clusters.
+    Workload Fleet `json:"workload" cue:"{name: \"workload\"}"`
+    // Management represents a Fleet with one Cluster named management.
+    Management Fleet `json:"management" cue:"{name: \"management\"}"`
+}
+```
+
+Generated by [gomarkdoc](<https://github.com/princjef/gomarkdoc>)
--- a/doc/md/api/core.md
+++ b/doc/md/api/core.md
@@ -0,0 +1,5 @@
+import DocCardList from '@theme/DocCardList';
+
+# Core API
+
+<DocCardList />
--- a/doc/md/api/core/index.md
+++ b/doc/md/api/core/index.md
@@ -1,3 +0,0 @@
-# Core API
-
- [v1alpha2](v1alpha2)
--- a/doc/md/api/core/v1alpha2.md
+++ b/doc/md/api/core/v1alpha2.md
@@ -1,3 +1,7 @@
+---
+description: Core v1alpha4 schema for advanced use cases.
+sidebar_position: 998
+---
 <!-- Code generated by gomarkdoc. DO NOT EDIT -->

 # v1alpha2
--- a/doc/md/api/core/v1alpha3.md
+++ b/doc/md/api/core/v1alpha3.md
@@ -1,3 +1,7 @@
+---
+description: Core v1alpha3 schema for advanced use cases.
+sidebar_position: 997
+---
 <!-- Code generated by gomarkdoc. DO NOT EDIT -->

 # v1alpha3
@@ -41,6 +45,7 @@ Note that Holos operates as a data pipeline, so the output of a [HelmChart](<#He
 - [type Kustomize](<#Kustomize>)
 - [type KustomizeBuild](<#KustomizeBuild>)
 - [type Metadata](<#Metadata>)
+- [type NameLabel](<#NameLabel>)
 - [type Platform](<#Platform>)
 - [type PlatformMetadata](<#PlatformMetadata>)
 - [type PlatformSpec](<#PlatformSpec>)
@@ -328,6 +333,15 @@ type Metadata struct {
 }
 ```

+<a name="NameLabel"></a>
+## type NameLabel {#NameLabel}
+
+NameLabel is a unique identifier useful to convert a CUE struct to a list when the values have a Name field with a default value. This type is intended to indicate the common use case of converting a struct to a list where the Name field of the value aligns with the struct field name.
+
+```go
+type NameLabel string
+```
+
 <a name="Platform"></a>
 ## type Platform {#Platform}

--- a/doc/md/api/core/v1alpha4.md
+++ b/doc/md/api/core/v1alpha4.md
@@ -0,0 +1,541 @@
+---
+description: Core v1alpha2 schema for advanced use cases.
+sidebar_position: 996
+---
+<!-- Code generated by gomarkdoc. DO NOT EDIT -->
+
+# v1alpha4
+
+```go
+import "github.com/holos-run/holos/api/core/v1alpha4"
+```
+
+### Core API
+
+Package v1alpha4 contains the core API contract between the holos cli and CUE configuration code. Platform designers, operators, and software developers use this API to write configuration in CUE which holos loads. The Core API is declarative. Each resource represents a desired state necessary for holos to fully render Kubernetes manifests into plain files.
+
+The following resources provide important context for the Core API. The [Author API](<https://holos.run/docs/api/author/>) is intended for component authors as a convenient adapter for the Core API resources Holos expects.
+
+1. [Technical Overview](<https://holos.run/docs/technical-overview/>)
+2. [Quickstart](<https://holos.run/docs/quickstart/>)
+3. [Author API](<https://holos.run/docs/api/author/>)
+
+### Platform
+
+[Platform](<#Platform>) defines the complete configuration of a platform. A platform represents a [Component](<#Component>) collection.
+
+Inspect a Platform resource holos would process by executing:
+
+```
+cue export --out yaml ./platform
+```
+
+### Component
+
+A [Component](<#Component>) is the combination of CUE code along one path relative to the platform root directory plus data injected from the [PlatformSpec](<#PlatformSpec>) via CUE tags. The platform configuration root is the directory containing cue.mod.
+
+A [Component](<#Component>) always produces exactly one [BuildPlan](<#BuildPlan>).
+
+### BuildPlan
+
+A [BuildPlan](<#BuildPlan>) contains an [Artifact](<#Artifact>) collection. A BuildPlan often produces two artifacts, one containing the fully rendered Kubernetes API resources, the other containing an additional resource to manage the former with GitOps. For example, a BuildPlan for a podinfo component produces a manifest containing a Deployment and a Service, along with a second manifest containing an ArgoCD Application.
+
+Inspect a BuildPlan resource holos render component would process by executing:
+
+```
+cue export --out yaml ./projects/platform/components/namespaces
+```
+
+### Artifact
+
+An [Artifact](<#Artifact>) is one fully rendered manifest file produced from the final [Transformer](<#Transformer>) in a sequence of transformers. An Artifact may also be produced directly from a [Generator](<#Generator>), but this use case is uncommon.
+
+### Transformer
+
+A [Transformer](<#Transformer>) takes multiple inputs from prior [Generator](<#Generator>) or [Transformer](<#Transformer>) outputs, then transforms the data into one output. [Kustomize](<#Kustomize>) is the most commonly used transformer, though a simple [Join](<#Join>) is also supported.
+
+1. [Kustomize](<#Kustomize>) \- Patch and transform the output from prior generators or transformers. See [Introduction to Kustomize](<https://kubectl.docs.kubernetes.io/guides/config_management/introduction/>).
+2. [Join](<#Join>) \- Concatenate multiple prior outputs into one output.
+
+### Generators
+
+A [Generator](<#Generator>) generates Kubernetes resources. [Helm](<#Helm>) and [Resources](<#Resources>) are the most commonly used, often paired together to mix\-in resources to an unmodified Helm chart. A simple [File](<#File>) generator is also available for use with the [Kustomize](<#Kustomize>) transformer.
+
+1. [Resources](<#Resources>) \- Generates resources from CUE code.
+2. [Helm](<#Helm>) \- Generates rendered yaml from a [Chart](<#Chart>).
+3. [File](<#File>) \- Generates data by reading a file from the component directory.
+
+## Index
+
+- [type Artifact](<#Artifact>)
+- [type BuildPlan](<#BuildPlan>)
+- [type BuildPlanSpec](<#BuildPlanSpec>)
+- [type Chart](<#Chart>)
+- [type Component](<#Component>)
+- [type File](<#File>)
+- [type FileContent](<#FileContent>)
+- [type FileContentMap](<#FileContentMap>)
+- [type FilePath](<#FilePath>)
+- [type Generator](<#Generator>)
+- [type Helm](<#Helm>)
+- [type InternalLabel](<#InternalLabel>)
+- [type Join](<#Join>)
+- [type Kind](<#Kind>)
+- [type Kustomization](<#Kustomization>)
+- [type Kustomize](<#Kustomize>)
+- [type Metadata](<#Metadata>)
+- [type NameLabel](<#NameLabel>)
+- [type Platform](<#Platform>)
+- [type PlatformSpec](<#PlatformSpec>)
+- [type Repository](<#Repository>)
+- [type Resource](<#Resource>)
+- [type Resources](<#Resources>)
+- [type Tags](<#Tags>)
+- [type Transformer](<#Transformer>)
+- [type Values](<#Values>)
+
+
+<a name="Artifact"></a>
+## type Artifact {#Artifact}
+
+Artifact represents one fully rendered manifest produced by a [Transformer](<#Transformer>) sequence, which transforms a [Generator](<#Generator>) collection. A [BuildPlan](<#BuildPlan>) produces an [Artifact](<#Artifact>) collection.
+
+Each Artifact produces one manifest file artifact. Generator Output values are used as Transformer Inputs. The Output field of the final [Transformer](<#Transformer>) should have the same value as the Artifact field.
+
+When there is more than one [Generator](<#Generator>) there must be at least one [Transformer](<#Transformer>) to combine outputs into one Artifact. If there is a single Generator, it may directly produce the Artifact output.
+
+An Artifact is processed concurrently with other artifacts in the same [BuildPlan](<#BuildPlan>). An Artifact should not use an output from another Artifact as an input. Each [Generator](<#Generator>) may also run concurrently. Each [Transformer](<#Transformer>) is executed sequentially starting after all generators have completed.
+
+Output fields are write\-once. It is an error for multiple Generators or Transformers to produce the same Output value within the context of a [BuildPlan](<#BuildPlan>).
+
+```go
+type Artifact struct {
+    Artifact     FilePath      `json:"artifact,omitempty"`
+    Generators   []Generator   `json:"generators,omitempty"`
+    Transformers []Transformer `json:"transformers,omitempty"`
+    Skip         bool          `json:"skip,omitempty"`
+}
+```
+
+<a name="BuildPlan"></a>
+## type BuildPlan {#BuildPlan}
+
+BuildPlan represents a build plan for holos to execute. Each [Platform](<#Platform>) component produces exactly one BuildPlan.
+
+One or more [Artifact](<#Artifact>) files are produced by a BuildPlan, representing the fully rendered manifests for the Kubernetes API Server.
+
+### Example BuildPlan
+
+Command:
+
+```
+cue export --out yaml ./projects/platform/components/namespaces
+```
+
+Output:
+
+```
+kind: BuildPlan
+apiVersion: v1alpha4
+metadata:
+  name: dev-namespaces
+spec:
+  component: projects/platform/components/namespaces
+  artifacts:
+    - artifact: clusters/no-cluster/components/dev-namespaces/dev-namespaces.gen.yaml
+      generators:
+        - kind: Resources
+          output: resources.gen.yaml
+          resources:
+            Namespace:
+              dev-jeff:
+                metadata:
+                  name: dev-jeff
+                  labels:
+                    kubernetes.io/metadata.name: dev-jeff
+                kind: Namespace
+                apiVersion: v1
+      transformers:
+        - kind: Kustomize
+          inputs:
+            - resources.gen.yaml
+          output: clusters/no-cluster/components/dev-namespaces/dev-namespaces.gen.yaml
+          kustomize:
+            kustomization:
+              commonLabels:
+                holos.run/component.name: dev-namespaces
+              resources:
+                - resources.gen.yaml
+```
+
+```go
+type BuildPlan struct {
+    // Kind represents the type of the resource.
+    Kind string `json:"kind" cue:"\"BuildPlan\""`
+    // APIVersion represents the versioned schema of the resource.
+    APIVersion string `json:"apiVersion" cue:"string | *\"v1alpha4\""`
+    // Metadata represents data about the resource such as the Name.
+    Metadata Metadata `json:"metadata"`
+    // Spec specifies the desired state of the resource.
+    Spec BuildPlanSpec `json:"spec"`
+}
+```
+
+<a name="BuildPlanSpec"></a>
+## type BuildPlanSpec {#BuildPlanSpec}
+
+BuildPlanSpec represents the specification of the [BuildPlan](<#BuildPlan>).
+
+```go
+type BuildPlanSpec struct {
+    // Component represents the component that produced the build plan.
+    // Represented as a path relative to the platform root.
+    Component string `json:"component"`
+    // Disabled causes the holos cli to disregard the build plan.
+    Disabled bool `json:"disabled,omitempty"`
+    // Artifacts represents the artifacts for holos to build.
+    Artifacts []Artifact `json:"artifacts"`
+}
+```
+
+<a name="Chart"></a>
+## type Chart {#Chart}
+
+Chart represents a [Helm](<#Helm>) Chart.
+
+```go
+type Chart struct {
+    // Name represents the chart name.
+    Name string `json:"name"`
+    // Version represents the chart version.
+    Version string `json:"version"`
+    // Release represents the chart release when executing helm template.
+    Release string `json:"release"`
+    // Repository represents the repository to fetch the chart from.
+    Repository Repository `json:"repository,omitempty"`
+}
+```
+
+<a name="Component"></a>
+## type Component {#Component}
+
+Component represents the complete context necessary to produce a [BuildPlan](<#BuildPlan>). Component carries information injected from holos render platform to holos render component to produce each [BuildPlan](<#BuildPlan>).
+
+All of these fields are passed to the holos render component command using flags, which in turn are injected to CUE using tags. For clarity, CUE field and tag names should match the struct json tag names below.
+
+```go
+type Component struct {
+    // Name represents the name of the component. Injected as the tag variable
+    // "holos_name" to set the BuildPlan metadata.name field.  Necessary for clear
+    // user feedback during platform rendering.
+    Name string `json:"name"`
+    // Component represents the path of the component relative to the platform
+    // root.  Injected as the tag variable "holos_component".
+    Component string `json:"component"`
+    // Cluster is the cluster name to provide when rendering the component.
+    // Injected as the tag variable "holos_cluster".
+    Cluster string `json:"cluster"`
+    // Model represents the platform model holos gets from from the
+    // PlatformService.GetPlatform rpc method and provides to CUE using a tag.
+    // Injected as the tag "holos_model".
+    Model map[string]any `json:"model,omitempty"`
+    // Tags represents cue @tag variables injected into the holos render component
+    // command from the holos render platform command.  Tags with a "holos_"
+    // prefix are reserved for use by the Holos Authors.
+    Tags map[string]string `json:"tags,omitempty"`
+    // WriteTo represents the holos render component --write-to flag.  If empty,
+    // the default value for the --write-to flag is used.
+    WriteTo string `json:"writeTo,omitempty"`
+}
+```
+
+<a name="File"></a>
+## type File {#File}
+
+File represents a simple single file copy [Generator](<#Generator>). Useful with a [Kustomize](<#Kustomize>) [Transformer](<#Transformer>) to process plain manifest files stored in the component directory. Multiple File generators may be used to transform multiple resources.
+
+```go
+type File struct {
+    // Source represents a file sub-path relative to the component path.
+    Source FilePath `json:"source"`
+}
+```
+
+<a name="FileContent"></a>
+## type FileContent {#FileContent}
+
+FileContent represents file contents.
+
+```go
+type FileContent string
+```
+
+<a name="FileContentMap"></a>
+## type FileContentMap {#FileContentMap}
+
+FileContentMap represents a mapping of file paths to file contents.
+
+```go
+type FileContentMap map[FilePath]FileContent
+```
+
+<a name="FilePath"></a>
+## type FilePath {#FilePath}
+
+FilePath represents a file path.
+
+```go
+type FilePath string
+```
+
+<a name="Generator"></a>
+## type Generator {#Generator}
+
+Generator generates an intermediate manifest for a [Artifact](<#Artifact>).
+
+Each Generator in a [Artifact](<#Artifact>) must have a distinct Output value for a [Transformer](<#Transformer>) to reference.
+
+Refer to [Resources](<#Resources>), [Helm](<#Helm>), and [File](<#File>).
+
+```go
+type Generator struct {
+    // Kind represents the kind of generator.  Must be Resources, Helm, or File.
+    Kind string `json:"kind" cue:"\"Resources\" | \"Helm\" | \"File\""`
+    // Output represents a file for a Transformer or Artifact to consume.
+    Output FilePath `json:"output"`
+    // Resources generator. Ignored unless kind is Resources.  Resources are
+    // stored as a two level struct.  The top level key is the Kind of resource,
+    // e.g. Namespace or Deployment.  The second level key is an arbitrary
+    // InternalLabel.  The third level is a map[string]any representing the
+    // Resource.
+    Resources Resources `json:"resources,omitempty"`
+    // Helm generator. Ignored unless kind is Helm.
+    Helm Helm `json:"helm,omitempty"`
+    // File generator. Ignored unless kind is File.
+    File File `json:"file,omitempty"`
+}
+```
+
+<a name="Helm"></a>
+## type Helm {#Helm}
+
+Helm represents a [Chart](<#Chart>) manifest [Generator](<#Generator>).
+
+```go
+type Helm struct {
+    // Chart represents a helm chart to manage.
+    Chart Chart `json:"chart"`
+    // Values represents values for holos to marshal into values.yaml when
+    // rendering the chart.
+    Values Values `json:"values"`
+    // EnableHooks enables helm hooks when executing the `helm template` command.
+    EnableHooks bool `json:"enableHooks,omitempty"`
+    // Namespace represents the helm namespace flag
+    Namespace string `json:"namespace,omitempty"`
+}
+```
+
+<a name="InternalLabel"></a>
+## type InternalLabel {#InternalLabel}
+
+InternalLabel is an arbitrary unique identifier internal to holos itself. The holos cli is expected to never write a InternalLabel value to rendered output files, therefore use a InternalLabel when the identifier must be unique and internal. Defined as a type for clarity and type checking.
+
+```go
+type InternalLabel string
+```
+
+<a name="Join"></a>
+## type Join {#Join}
+
+Join represents a [Transformer](<#Transformer>) using [bytes.Join](<https://pkg.go.dev/bytes#Join>) to concatenate multiple inputs into one output with a separator. Useful for combining output from [Helm](<#Helm>) and [Resources](<#Resources>) together into one [Artifact](<#Artifact>) when [Kustomize](<#Kustomize>) is otherwise unnecessary.
+
+```go
+type Join struct {
+    Separator string `json:"separator" cue:"string | *\"---\\n\""`
+}
+```
+
+<a name="Kind"></a>
+## type Kind {#Kind}
+
+Kind is a discriminator. Defined as a type for clarity and type checking.
+
+```go
+type Kind string
+```
+
+<a name="Kustomization"></a>
+## type Kustomization {#Kustomization}
+
+Kustomization represents a kustomization.yaml file for use with the [Kustomize](<#Kustomize>) [Transformer](<#Transformer>). Untyped to avoid tightly coupling holos to kubectl versions which was a problem for the Flux maintainers. Type checking is expected to happen in CUE against the kubectl version the user prefers.
+
+```go
+type Kustomization map[string]any
+```
+
+<a name="Kustomize"></a>
+## type Kustomize {#Kustomize}
+
+Kustomize represents a kustomization [Transformer](<#Transformer>).
+
+```go
+type Kustomize struct {
+    // Kustomization represents the decoded kustomization.yaml file
+    Kustomization Kustomization `json:"kustomization"`
+    // Files holds file contents for kustomize, e.g. patch files.
+    Files FileContentMap `json:"files,omitempty"`
+}
+```
+
+<a name="Metadata"></a>
+## type Metadata {#Metadata}
+
+Metadata represents data about the resource such as the Name.
+
+```go
+type Metadata struct {
+    // Name represents the resource name.
+    Name string `json:"name"`
+}
+```
+
+<a name="NameLabel"></a>
+## type NameLabel {#NameLabel}
+
+NameLabel is a unique identifier useful to convert a CUE struct to a list when the values have a Name field with a default value. NameLabel indicates the common use case of converting a struct to a list where the Name field of the value aligns with the outer struct field name.
+
+For example:
+
+```
+Outer: [NAME=_]: Name: NAME
+```
+
+```go
+type NameLabel string
+```
+
+<a name="Platform"></a>
+## type Platform {#Platform}
+
+Platform represents a platform to manage. A Platform resource informs holos which components to build. The platform resource also acts as a container for the platform model form values provided by the PlatformService. The primary use case is to collect the cluster names, cluster types, platform model, and holos components to build into one resource.
+
+```go
+type Platform struct {
+    // Kind is a string value representing the resource.
+    Kind string `json:"kind" cue:"\"Platform\""`
+    // APIVersion represents the versioned schema of this resource.
+    APIVersion string `json:"apiVersion" cue:"string | *\"v1alpha4\""`
+    // Metadata represents data about the resource such as the Name.
+    Metadata Metadata `json:"metadata"`
+
+    // Spec represents the specification.
+    Spec PlatformSpec `json:"spec"`
+}
+```
+
+<a name="PlatformSpec"></a>
+## type PlatformSpec {#PlatformSpec}
+
+PlatformSpec represents the specification of a [Platform](<#Platform>). Think of a platform spec as a [Component](<#Component>) collection for multiple kubernetes clusters combined with the user\-specified Platform Model.
+
+```go
+type PlatformSpec struct {
+    // Components represents a list of holos components to manage.
+    Components []Component `json:"components"`
+}
+```
+
+<a name="Repository"></a>
+## type Repository {#Repository}
+
+Repository represents a [Helm](<#Helm>) [Chart](<#Chart>) repository.
+
+```go
+type Repository struct {
+    Name string `json:"name"`
+    URL  string `json:"url"`
+}
+```
+
+<a name="Resource"></a>
+## type Resource {#Resource}
+
+Resource represents one kubernetes api object.
+
+```go
+type Resource map[string]any
+```
+
+<a name="Resources"></a>
+## type Resources {#Resources}
+
+Resources represents a kubernetes resources [Generator](<#Generator>) from CUE.
+
+```go
+type Resources map[Kind]map[InternalLabel]Resource
+```
+
+<a name="Tags"></a>
+## type Tags {#Tags}
+
+Tags represents standardized fields injected into the component [BuildPlan](<#BuildPlan>) from the [Platform](<#Platform>).
+
+Note, tags should have a reasonable default value to easily use cue eval and cue export without needing to make a bunch of decisions about tag values.
+
+Example:
+
+```
+import core "github.com/holos-run/holos/api/core/v1alpha4"
+_Tags: core.#Tags & {
+  cluster:     _ @tag(cluster, type=string)
+  environment: _ @tag(environment, type=string)
+  component:   _ @tag(component, type=string)
+  name:        _ @tag(name, type=string)
+}
+```
+
+```go
+type Tags struct {
+    // Name represents the BuildPlan metadata.name field injected from the Platform.
+    Name string `json:"name" cue:"string | *\"no-name\""`
+    // Cluster represents the cluster name injected from
+    Cluster string `json:"cluster" cue:"string | *\"no-cluster\""`
+    // Environment represents the build plan environment.
+    Environment string `json:"environment" cue:"string | *\"no-environment\""`
+    // Component represents the path of the component relative to the platform root.
+    Component string `json:"component" cue:"string | *\"no-component\""`
+}
+```
+
+<a name="Transformer"></a>
+## type Transformer {#Transformer}
+
+Transformer transforms [Generator](<#Generator>) manifests within a [Artifact](<#Artifact>).
+
+```go
+type Transformer struct {
+    // Kind represents the kind of transformer. Must be Kustomize, or Join.
+    Kind string `json:"kind" cue:"\"Kustomize\" | \"Join\""`
+    // Inputs represents the files to transform. The Output of prior Generators
+    // and Transformers.
+    Inputs []FilePath `json:"inputs"`
+    // Output represents a file for a subsequent Transformer or Artifact to
+    // consume.
+    Output FilePath `json:"output"`
+    // Kustomize transformer. Ignored unless kind is Kustomize.
+    Kustomize Kustomize `json:"kustomize,omitempty"`
+    // Join transformer. Ignored unless kind is Join.
+    Join Join `json:"join,omitempty"`
+}
+```
+
+<a name="Values"></a>
+## type Values {#Values}
+
+Values represents [Helm](<#Helm>) Chart values generated from CUE.
+
+```go
+type Values map[string]any
+```
+
+Generated by [gomarkdoc](<https://github.com/princjef/gomarkdoc>)
--- a/doc/md/archive/guides/2024-09-15-quickstart.mdx
+++ b/doc/md/archive/guides/2024-09-15-quickstart.mdx
@@ -0,0 +1,724 @@
+---
+description: Try Holos with this quick start guide.
+slug: /archive/2024-09-15-quickstart
+sidebar_position: 100
+---
+
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+import Admonition from '@theme/Admonition';
+
+# Quickstart
+
+In this guide, you'll experience how Holos makes the process of operating a
+Platform safer, easier, and more consistent. We'll use Holos to manage a
+vendor-provided Helm chart as a Component. Next, we'll mix in our own custom
+resources to manage the Component with GitOps. Finally, you'll see how Holos
+makes it safer and easier to maintain software over time by surfacing the exact
+changes that will be applied when upgrading the vendor's chart to a new version,
+before they are actually made.
+
+The [Concepts](/docs/concepts) page defines capitalized terms such as Platform
+and Component.
+
+## What you'll need {#requirements}
+
+You'll need the following tools installed to complete this guide.
+
+1. [holos](/docs/install) - to build the Platform.
+2. [helm](https://helm.sh/docs/intro/install/) - to render Holos Components that
+wrap upstream Helm charts.
+
+Optionally, if you'd like to apply the rendered manifests to a real Cluster,
+first complete the [Local Cluster Guide](/docs/guides/local-cluster).
+
+## Install Holos
+
+Install Holos with the following command or other methods listed on the
+[Installation](/docs/install/) page.
+
+```bash
+go install github.com/holos-run/holos/cmd/holos@latest
+```
+
+## Create a Git Repository
+
+Start by initializing an empty Git repository. Holos operates on local files
+stored in a Git repository.
+
+<Tabs groupId="init">
+  <TabItem value="command" label="Command">
+    ```bash
+    mkdir holos-quickstart
+    cd holos-quickstart
+    git init
+    ```
+  </TabItem>
+  <TabItem value="output" label="Output">
+    ```txt
+    Initialized empty Git repository in /holos-quickstart/.git/
+    ```
+  </TabItem>
+</Tabs>
+
+This guide assumes you will run commands from the root directory of the Git
+repository unless stated otherwise.
+
+## Generate the Platform {#Generate-Platform}
+
+Generate the Platform code in the repository root. A Platform refers to the
+entire set of software holistically integrated to provide a software development
+platform for your organization. In this guide, the Platform will include a
+single Component to demonstrate how the concepts fit together.
+
+```bash
+holos generate platform quickstart
+```
+
+Commit the generated platform config to the repository.
+
+<Tabs groupId="commit-platform">
+  <TabItem value="command" label="Command">
+    ```bash
+    git add .
+    git commit -m "holos generate platform quickstart - $(holos --version)"
+    ```
+  </TabItem>
+  <TabItem value="output" label="Output">
+    ```txt
+    [main (root-commit) 0b17b7f] holos generate platform quickstart
+     213 files changed, 72349 insertions(+)
+     ...
+    ```
+  </TabItem>
+</Tabs>
+
+## Generate a Component {#generate-component}
+
+The platform you generated is currently empty. Run the following command to
+generate the CUE code that defines a Helm Component.
+
+<Tabs groupId="gen-podinfo">
+  <TabItem value="command" label="Command">
+    ```bash
+    holos generate component podinfo --component-version 6.6.1
+    ```
+  </TabItem>
+  <TabItem value="output" label="Output">
+    ```txt
+    generated component
+    ```
+  </TabItem>
+</Tabs>
+
+The --component-version 6.6.1 flag intentionally installs an older release.
+You'll see how Holos assists with software upgrades later in this guide.
+
+The generate component command creates two files: a leaf file,
+`components/podinfo/podinfo.gen.cue`, and a root file, `podinfo.gen.cue`. Holos
+leverages the fact that [order is
+irrelevant](https://cuelang.org/docs/tour/basics/order-irrelevance/) in CUE to
+register the component with the Platform by adding a file to the root of the Git
+repository. The second file defines the component in the leaf component
+directory.
+
+<Tabs groupId="podinfo-files">
+  <TabItem value="components/podinfo/podinfo.gen.cue" label="Leaf">
+    `components/podinfo/podinfo.gen.cue`
+    ```cue showLineNumbers
+    package holos
+
+    // Produce a helm chart build plan.
+    (#Helm & Chart).Output
+
+    let Chart = {
+      Name:      "podinfo"
+      Version:   "6.6.1"
+      Namespace: "default"
+
+      Repo: name: "podinfo"
+      Repo: url:  "https://stefanprodan.github.io/podinfo"
+
+      Values: {}
+    }
+    ```
+  </TabItem>
+  <TabItem value="podinfo.gen.cue" label="Root">
+    `podinfo.gen.cue`
+    ```cue showLineNumbers
+    package holos
+
+    // Manage podinfo on workload clusters only
+    for Cluster in #Fleets.workload.clusters {
+      #Platform: Components: "\(Cluster.name)/podinfo": {
+        path:    "components/podinfo"
+        cluster: Cluster.name
+      }
+    }
+    ```
+  </TabItem>
+</Tabs>
+
+In this example, we provide the minimal information needed to manage the Helm
+chart: the name, version, Kubernetes namespace for deployment, and the chart
+repository location.
+
+This chart deploys cleanly without any values provided, but we include an empty
+Values struct to show how Holos improves consistency and safety in Helm by
+leveraging the strong type-checking in CUE. You can safely pass shared values,
+such as the organization’s domain name, to all Components across all clusters in
+the Platform by defining them at the root of the configuration.
+
+Commit the generated component config to the repository.
+
+<Tabs groupId="commit-component">
+  <TabItem value="command" label="Command">
+    ```bash
+    git add .
+    git commit -m "holos generate component podinfo - $(holos --version)"
+    ```
+  </TabItem>
+  <TabItem value="output" label="Output">
+    ```txt
+    [main cc0e90c] holos generate component podinfo
+     2 files changed, 24 insertions(+)
+     create mode 100644 components/podinfo/podinfo.gen.cue
+     create mode 100644 podinfo.gen.cue
+    ```
+  </TabItem>
+</Tabs>
+
+## Render the Component
+
+You can render individual components without adding them to a Platform, which is
+helpful when developing a new component.
+
+<Tabs groupId="render-podinfo">
+  <TabItem value="command" label="Command">
+    ```bash
+    holos render component ./components/podinfo --cluster-name=default
+    ```
+  </TabItem>
+  <TabItem value="output" label="Output">
+    ```txt
+    cached
+    rendered podinfo
+    ```
+  </TabItem>
+</Tabs>
+
+First, the command caches the Helm chart locally to speed up subsequent
+renderings. Then, the command runs Helm to produce the output and writes it into
+the deploy directory.
+
+<Tabs groupId="tree-podinfo">
+  <TabItem value="command" label="Command">
+    ```bash
+    tree deploy
+    ```
+  </TabItem>
+  <TabItem value="output" label="Output">
+    ```txt
+    deploy
+    └── clusters
+        └── default
+            └── components
+                └── podinfo
+                    └── podinfo.gen.yaml
+
+    5 directories, 1 file
+    ```
+  </TabItem>
+</Tabs>
+
+The component deploys to one cluster named `default`. In practice, the same
+component is often deployed to multiple clusters, such as `east` and `west` to
+provide redundancy and increase availability.
+
+:::tip
+This example is equivalent to running `helm template` on the chart and saving
+the output to a file. Holos simplifies this task, making it safer and more
+consistent when managing many charts.
+:::
+
+## Mix in an ArgoCD Application
+
+We've seen how Holos works with Helm, but we haven't yet explored how Holos
+makes it easier to consistently and safely manage all of the software in a
+Platform.
+
+Holos allows you to easily mix in resources that differentiate your Platform.
+We'll use this feature to mix in an ArgoCD [Application][application] to manage
+the podinfo Component with GitOps. We'll define this configuration in a way that
+can be automatically and consistently reused across all future Components added
+to the Platform.
+
+Create a new file named `argocd.cue` in the root of your Git repository with the
+following contents:
+
+<Tabs groupId="argocd-config">
+  <TabItem value="command" label="argocd.cue">
+    ```cue showLineNumbers
+    package holos
+
+    #ArgoConfig: {
+      Enabled: true
+      RepoURL: "https://github.com/holos-run/holos-quickstart-guide"
+    }
+    ```
+  </TabItem>
+</Tabs>
+
+:::tip
+If you plan to apply the rendered output to a real cluster, change the
+`example.com` RepoURL to the URL of the Git repository you created in this
+guide. You don't need to change the example if you're just exploring Holos by
+inspecting the rendered output without applying it to a live cluster.
+:::
+
+With this file in place, render the component again.
+
+<Tabs groupId="render-podinfo-argocd">
+  <TabItem value="command" label="Command">
+    ```bash
+    holos render component ./components/podinfo --cluster-name=default
+    ```
+  </TabItem>
+  <TabItem value="output" label="Output">
+    ```txt
+    wrote deploy file
+    rendered gitops/podinfo
+    rendered podinfo
+    ```
+  </TabItem>
+</Tabs>
+
+Holos uses the locally cached chart to improve performance and reliability. It
+then renders the Helm template output along with an ArgoCD Application resource
+for GitOps.
+
+:::tip
+By defining the ArgoCD configuration at the root, we again take advantage of the
+fact that [order is
+irrelevant](https://cuelang.org/docs/tour/basics/order-irrelevance/) in CUE.
+:::
+
+Defining the configuration at the root ensures all future leaf Components take
+the ArgoCD configuration and render an Application manifest for GitOps
+management.
+
+<Tabs groupId="tree-podinfo-argocd">
+  <TabItem value="command" label="Command">
+    ```bash
+    tree deploy
+    ```
+  </TabItem>
+  <TabItem value="output" label="Output">
+    ```txt
+    deploy
+    └── clusters
+        └── default
+            ├── components
+            │   └── podinfo
+            │       └── podinfo.gen.yaml
+            └── gitops
+                └── podinfo.application.gen.yaml
+
+    6 directories, 2 files
+    ```
+  </TabItem>
+</Tabs>
+
+Notice the new `podinfo.application.gen.yaml` file created by enabling ArgoCD in
+the Helm component. The Application resource in the file looks like this:
+
+<Tabs groupId="podinfo-application">
+  <TabItem value="file" label="podinfo.application.gen.yaml">
+    ```yaml showLineNumbers
+    apiVersion: argoproj.io/v1alpha1
+    kind: Application
+    metadata:
+      name: podinfo
+      namespace: argocd
+    spec:
+      destination:
+        server: https://kubernetes.default.svc
+      project: default
+      source:
+        path: ./deploy/clusters/default/components/podinfo
+        repoURL: https://example.com/holos-quickstart.git
+        targetRevision: main
+    ```
+  </TabItem>
+</Tabs>
+
+:::tip
+Holos generates a similar Application resource for every additional Component
+added to your Platform.
+:::
+
+Finally, add and commit the results to your Platform's Git repository.
+
+<Tabs groupId="commit-argo">
+  <TabItem value="command" label="Command">
+    ```bash
+    git add .
+    git commit -m "holos render component ./components/podinfo --cluster-name=default"
+    ```
+  </TabItem>
+  <TabItem value="output" label="Output">
+    ```txt
+    [main f95cef1] holos render component ./components/podinfo --cluster-name=default
+     3 files changed, 134 insertions(+)
+     create mode 100644 argocd.cue
+     create mode 100644 deploy/clusters/default/components/podinfo/podinfo.gen.yaml
+     create mode 100644 deploy/clusters/default/gitops/podinfo.application.gen.yaml
+    ```
+  </TabItem>
+</Tabs>
+
+In this section, we learned how Holos simplifies mixing resources into
+Components, like an ArgoCD Application. Holos ensures consistency by managing an
+Application resource for every Component added to the Platform through the
+configuration you define in `argocd.cue` at the root of the repository.
+
+## Define Workload Clusters {#workload-clusters}
+
+We've generated a Component to manage podinfo and integrated it with our
+Platform, but rendering the Platform doesn't render podinfo. Podinfo isn't
+rendered because we haven't assigned any Clusters to the workload Fleet.
+
+Define two new clusters, `east` and `west`, and assign them to the workload
+Fleet. Create a new file named `clusters.cue` in the root of your Git repository
+with the following contents:
+
+<Tabs groupId="clusters">
+  <TabItem value="clusters.cue" label="clusters.cue">
+    ```cue showLineNumbers
+    package holos
+
+    // Define two workload clusters for disaster recovery.
+    #Fleets: workload: clusters: {
+      // In CUE _ indicates values are defined elsewhere.
+      east: _
+      west: _
+    }
+    ```
+  </TabItem>
+</Tabs>
+
+This example shows how Holos simplifies configuring multiple clusters with
+similar configuration by grouping them into a Fleet.
+
+:::tip
+Fleets help segment a group of Clusters into one leader and multiple followers
+by designating one cluster as the primary. Holos makes it safer, easier, and
+more consistent to reconfigure which cluster is the primary. The primary can be
+set to automatically restore persistent data from backups, while non-primary
+clusters can be configured to automatically replicate from the primary.
+
+Automatic database backup, restore, and streaming replication is an advanced
+topic enabled by Cloud Native PG and CUE. Check back for a guide on this and
+other Day 2 operations topics.
+:::
+
+## Render the Platform {#render-platform}
+
+Render the Platform to render the podinfo Component for each of the workload
+clusters.
+
+<Tabs groupId="render-platform">
+  <TabItem value="command" label="Command">
+    ```bash
+    holos render platform ./platform
+    ```
+  </TabItem>
+  <TabItem value="output" label="Output">
+    ```txt
+    rendered components/podinfo for cluster west in 99.480792ms
+    rendered components/podinfo for cluster east in 99.882667ms
+    ```
+  </TabItem>
+</Tabs>
+
+The render platform command iterates over every Cluster in the Fleet and renders
+each Component assigned to the Fleet. Notice the two additional subdirectories
+created under the deploy directory, one for each cluster: `east` and `west`.
+
+<Tabs groupId="tree-platform">
+  <TabItem value="command" label="Command">
+    ```bash
+    tree deploy
+    ```
+  </TabItem>
+  <TabItem value="output" label="Output">
+    ```txt
+    deploy
+    └── clusters
+        ├── default
+        │   ├── components
+        │   │   └── podinfo
+        │   │       └── podinfo.gen.yaml
+        │   └── gitops
+        │       └── podinfo.application.gen.yaml
+        # highlight-next-line
+        ├── east
+        │   ├── components
+        │   │   └── podinfo
+        │   │       └── podinfo.gen.yaml
+        │   └── gitops
+        │       └── podinfo.application.gen.yaml
+        # highlight-next-line
+        └── west
+            ├── components
+            │   └── podinfo
+            │       └── podinfo.gen.yaml
+            └── gitops
+                └── podinfo.application.gen.yaml
+
+    14 directories, 6 files
+    ```
+  </TabItem>
+</Tabs>
+
+Holos ensures consistency and safety by defining the ArgoCD Application once,
+with strong type checking, at the configuration root.
+
+New Application resources are automatically generated for the `east` and `west`
+workload Clusters.
+
+<Tabs groupId="applications">
+  <TabItem value="east" label="east">
+  `deploy/clusters/east/gitops/podinfo.application.gen.yaml`
+```yaml showLineNumbers
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: podinfo
+  namespace: argocd
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    # highlight-next-line
+    path: ./deploy/clusters/east/components/podinfo
+    repoURL: https://example.com/holos-quickstart.git
+    targetRevision: main
+```
+  </TabItem>
+  <TabItem value="west" label="west">
+  `deploy/clusters/west/gitops/podinfo.application.gen.yaml`
+```yaml showLineNumbers
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: podinfo
+  namespace: argocd
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    # highlight-next-line
+    path: ./deploy/clusters/west/components/podinfo
+    repoURL: https://example.com/holos-quickstart.git
+    targetRevision: main
+```
+  </TabItem>
+  <TabItem value="default" label="default">
+  `deploy/clusters/default/gitops/podinfo.application.gen.yaml`
+```yaml showLineNumbers
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: podinfo
+  namespace: argocd
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    # highlight-next-line
+    path: ./deploy/clusters/default/components/podinfo
+    repoURL: https://example.com/holos-quickstart.git
+    targetRevision: main
+```
+  </TabItem>
+</Tabs>
+
+Add and commit the rendered Platform and workload Clusters.
+
+<Tabs groupId="commit-render-platform">
+  <TabItem value="command" label="Command">
+    ```bash
+    git add .
+    git commit -m "holos render platform ./platform - $(holos --version)"
+    ```
+  </TabItem>
+  <TabItem value="output" label="Output">
+    ```txt
+    [main 5aebcf5] holos render platform ./platform - 0.93.2
+     5 files changed, 263 insertions(+)
+     create mode 100644 clusters.cue
+     create mode 100644 deploy/clusters/east/components/podinfo/podinfo.gen.yaml
+     create mode 100644 deploy/clusters/east/gitops/podinfo.application.gen.yaml
+     create mode 100644 deploy/clusters/west/components/podinfo/podinfo.gen.yaml
+     create mode 100644 deploy/clusters/west/gitops/podinfo.application.gen.yaml
+    ```
+  </TabItem>
+</Tabs>
+
+## Upgrade a Helm Chart
+
+Holos is designed to ease the burden of Day 2 operations. With Holos, upgrading
+software, integrating new software, and making safe platform-wide configuration
+changes become easier.
+
+Let's upgrade the podinfo Component to see how this works in practice. First,
+update the Component version field to the latest upstream Helm chart version.
+
+<Tabs groupId="gen-podinfo">
+  <TabItem value="command" label="Command">
+    ```bash
+    holos generate component podinfo --component-version 6.6.2
+    ```
+  </TabItem>
+  <TabItem value="output" label="Output">
+    ```txt
+    generated component
+    ```
+  </TabItem>
+</Tabs>
+
+Remove the cached chart version.
+
+<Tabs groupId="gen-podinfo">
+  <TabItem value="command" label="Command">
+    ```bash
+    rm -rf components/podinfo/vendor
+    ```
+  </TabItem>
+</Tabs>
+
+Now re-render the Platform.
+
+<Tabs groupId="render-platform2">
+  <TabItem value="command" label="Command">
+    ```bash
+    holos render platform ./platform
+    ```
+  </TabItem>
+  <TabItem value="output" label="Output">
+    ```txt
+    rendered components/podinfo for cluster east in 327.10475ms
+    rendered components/podinfo for cluster west in 327.796541ms
+    ```
+  </TabItem>
+</Tabs>
+
+Notice we're still using the upstream chart without modifying it. The Holos
+component wraps around the chart to mix in additional resources and integrate
+the component with the broader Platform.
+
+## Visualize the Changes
+
+Holos makes it easier to see exactly what changes are made and which resources
+will be applied to the API server. By design, Holos operates on local files,
+leaving the task of applying them to ecosystem tools like `kubectl` and ArgoCD.
+This allows platform operators to inspect changes during code review, or before
+committing the change at all.
+
+For example, using `git diff`, we see that the only functional change when
+upgrading this Helm chart is the deployment of a new container image tag to each
+cluster.  Additionally, we can roll out this change gradually by applying it to
+the east cluster first, then to the west cluster, limiting the potential blast
+radius of a problematic change.
+
+<Tabs groupId="git-diff">
+  <TabItem value="command" label="Command">
+    ```bash
+    git diff deploy/clusters/east
+    ```
+  </TabItem>
+  <TabItem value="output" label="Output">
+```diff showLineNumbers
+diff --git a/deploy/clusters/east/components/podinfo/podinfo.gen.yaml b/deploy/clusters/east/components/podinfo/podinfo.gen.yaml
+index 7cc3332..8c1647d 100644
+--- a/deploy/clusters/east/components/podinfo/podinfo.gen.yaml
+++ b/deploy/clusters/east/components/podinfo/podinfo.gen.yaml
+@@ -5,9 +5,9 @@ kind: Service
+ metadata:
+   name: podinfo
+   labels:
+-    helm.sh/chart: podinfo-6.6.1
+    helm.sh/chart: podinfo-6.6.2
+     app.kubernetes.io/name: podinfo
+-    app.kubernetes.io/version: "6.6.1"
+    app.kubernetes.io/version: "6.6.2"
+     app.kubernetes.io/managed-by: Helm
+ spec:
+   type: ClusterIP
+@@ -29,9 +29,9 @@ kind: Deployment
+ metadata:
+   name: podinfo
+   labels:
+-    helm.sh/chart: podinfo-6.6.1
+    helm.sh/chart: podinfo-6.6.2
+     app.kubernetes.io/name: podinfo
+-    app.kubernetes.io/version: "6.6.1"
+    app.kubernetes.io/version: "6.6.2"
+     app.kubernetes.io/managed-by: Helm
+ spec:
+   replicas: 1
+@@ -53,7 +53,7 @@ spec:
+       terminationGracePeriodSeconds: 30
+       containers:
+         - name: podinfo
+         # highlight-next-line
+-          image: "ghcr.io/stefanprodan/podinfo:6.6.1"
+         # highlight-next-line
+          image: "ghcr.io/stefanprodan/podinfo:6.6.2"
+           imagePullPolicy: IfNotPresent
+           command:
+             - ./podinfo
+```
+  </TabItem>
+</Tabs>
+
+:::tip
+Holos is designed to surface the _fully rendered_ manifests intended for the
+Kubernetes API server, making it easier to see and reason about platform-wide
+configuration changes.
+:::
+
+## Recap {#recap}
+
+In this quickstart guide, we learned how Holos makes it easier, safer, and more
+consistent to manage a Platform composed of multiple Clusters and upstream Helm
+charts.
+
+We covered how to:
+
+1. Generate a Git repository for the Platform config.
+2. Wrap the unmodified upstream podinfo Helm chart into a Component.
+3. Render an individual Component.
+4. Mix-in your Platform's unique resources to all Components.  For example, ArgoCD Application resources.
+5. Define multiple similar, but not identical, workload clusters.
+6. Render the manifests for the entire Platform with the `holos render platform` command.
+7. Upgrade a Helm chart to the latest version as an important Day 2 task.
+8. Visualize and surface the details of planned changes Platform wide.
+
+## Dive Deeper
+
+If you'd like to dive deeper, check out the [Schema API][schema] and [Core
+API][core] reference docs. The main difference between the schema and core
+packages is that the schema is used by users to write refined CUE, while the
+core package is what the schema produces for `holos` to execute. Users rarely
+need to interact with the Core API when on the happy path, but can use the core
+package as an escape hatch when the happy path doesn't go where you want.
+
+
+[application]: https://argo-cd.readthedocs.io/en/stable/user-guide/application-specification/
+[schema]: /docs/api/author/v1alpha3/
+[core]: /docs/api/core/v1alpha3/
--- a/doc/md/archive/guides/2024-09-17-manage-a-project.mdx
+++ b/doc/md/archive/guides/2024-09-17-manage-a-project.mdx
@@ -0,0 +1,106 @@
+---
+description: Self service platform resource management for project teams.
+slug: /archive/guides/2024-09-17-manage-a-project
+sidebar_position: 250
+---
+
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+import Admonition from '@theme/Admonition';
+
+# Manage a Project
+
+In this guide we'll explore how Holos easily, safely, and consistently manages
+platform resources for teams to develop the projects they're working on.
+
+Intended Audience: Platform Engineers and Software Engineers.
+
+Goal is to demonstrate how the platform team can consistently, easily, and
+safely provide platform resources to software engineers.
+
+Assumption is software engineers have a container they want to deploy onto the
+platform and make accessible.  We'll use httpbin as a stand-in for the dev
+team's container.
+
+Project is roughly equivalent to Dev Team for the purpose of this guide, but in
+practice multiple teams work on a given project over the lifetime of the
+project, so we structure the files into projects instead of teams.
+
+## What you'll need {#requirements}
+
+You'll need the following tools installed to complete this guide.
+
+1. [holos](/docs/install) - to build the Platform.
+2. [helm](https://helm.sh/docs/intro/install/) - to render Helm Components.
+3. [kubectl](https://kubernetes.io/docs/tasks/tools/) - to render Kustomize Components.
+
+If you'd like to apply the manifests we render in this guide complete the
+following optional, but recommended, steps.
+
+a. Complete the [Local Cluster] guide to set up a local cluster to work with.
+b. You'll need a GitHub account to fork the repository associated with this
+guide.
+
+## Fork the Guide Repository
+
+<Tabs groupId="fork">
+  <TabItem value="command" label="Command">
+```bash
+```
+  </TabItem>
+  <TabItem value="output" label="Output">
+```txt showLineNumbers
+```
+  </TabItem>
+</Tabs>
+
+This guide assumes you will run commands from the root directory of this
+repository unless stated otherwise.
+
+[Quickstart]: /docs/quickstart
+[Local Cluster]: /docs/guides/local-cluster
+
+## Render the Platform
+
+So we can build the basic platform.  Don't dwell on the platform bits.
+
+## Apply the Manifests
+
+Deploy ArgoCD, but not any of the Application resources.
+
+## Browse to ArgoCD
+
+Note there is nothing here yet.
+
+## Switch to your Fork
+
+Note all of the Applications change consistently.
+
+## Apply the Applications
+
+Note how ArgoCD takes over management, no longer need to k apply.
+
+## Create a Project
+
+Project is a conceptual, not technical, thing in Holos.  Mainly about how components are laid out in the filesystem tree.
+
+We use a schematic built into holos as an example, the platform team could use the same or provide a similar template and instructions for development teams to self-serve.
+
+## Render the Platform
+
+Notice:
+
+1. Project is registered with the platform at the root.
+2. HTTPRoute and Namespace resources are added close to the root in `projects`
+3. Deployment and Service resources are added at the leaf in `projects/httpbin/backend`
+
+## Update the image tag
+
+Add a basic schematic to demonstrate this.  May need to add two new flags for image url and image tag to the generate subcommand, but should just be two new fields on the struct.
+
+## Dive Deeper
+
+Set the stage for constraints.  Ideas: Limit what resources can be added,
+namespaces can be operated in, enforce labels, etc...
+
+Simple, consistent, easy constraints.
--- a/doc/md/archive/guides/argocd/argocd-apps-2.png
+++ b/doc/md/archive/guides/argocd/argocd-apps-2.png
--- a/doc/md/archive/guides/argocd/argocd-apps.png
+++ b/doc/md/archive/guides/argocd/argocd-apps.png
--- a/doc/md/archive/guides/argocd/argocd-auto-sync-ok.png
+++ b/doc/md/archive/guides/argocd/argocd-auto-sync-ok.png
--- a/doc/md/archive/guides/argocd/argocd-diff.png
+++ b/doc/md/archive/guides/argocd/argocd-diff.png
--- a/doc/md/archive/guides/argocd/argocd-login-signedout.png
+++ b/doc/md/archive/guides/argocd/argocd-login-signedout.png
--- a/doc/md/archive/guides/argocd/argocd-login.png
+++ b/doc/md/archive/guides/argocd/argocd-login.png
--- a/doc/md/archive/guides/argocd/argocd-out-of-sync.png
+++ b/doc/md/archive/guides/argocd/argocd-out-of-sync.png
--- a/doc/md/archive/guides/argocd/argocd-sync-ok.png
+++ b/doc/md/archive/guides/argocd/argocd-sync-ok.png
--- a/doc/md/archive/guides/argocd/argocd-sync.png
+++ b/doc/md/archive/guides/argocd/argocd-sync.png
--- a/doc/md/archive/guides/argocd/index.mdx
+++ b/doc/md/archive/guides/argocd/index.mdx
--- a/doc/md/archive/guides/backstage/index.md
+++ b/doc/md/archive/guides/backstage/index.md
--- a/doc/md/archive/guides/expose-a-service.mdx
+++ b/doc/md/archive/guides/expose-a-service.mdx
--- a/doc/md/archive/guides/observability/index.md
+++ b/doc/md/archive/guides/observability/index.md
--- a/doc/md/archive/guides/overview.md
+++ b/doc/md/archive/guides/overview.md
--- a/doc/md/archive/guides/register.md
+++ b/doc/md/archive/guides/register.md
--- a/doc/md/archive/guides/try-holos/form-pushed.png
+++ b/doc/md/archive/guides/try-holos/form-pushed.png
--- a/doc/md/archive/guides/try-holos/form.png
+++ b/doc/md/archive/guides/try-holos/form.png
--- a/doc/md/archive/guides/try-holos/index.mdx
+++ b/doc/md/archive/guides/try-holos/index.mdx
@@ -671,10 +671,10 @@ foundation of a software development platform that:

 Dive deeper with the following resources that build on the foundation you have now.

- 1. Explore the [Rendering Process](/docs/design/rendering) in Holos.
+ 1. Explore the [Rendering Process](/docs/concepts#rendering) in Holos.
 2. Dive deeper into the [Platform Manifests](./platform-manifests) rendered in this guide.
- 3. Deploy [ArgoCD](/docs/guides/argocd) onto the foundation you built.
- 4. Deploy [Backstage](/docs/guides/backstage) as a portal to the integrated platform components.
+ 3. Deploy [ArgoCD](../argocd) onto the foundation you built.
+ 4. Deploy [Backstage](../backstage) as a portal to the integrated platform components.

 ## Clean-Up

--- a/doc/md/archive/guides/try-holos/platform-manifests.md
+++ b/doc/md/archive/guides/try-holos/platform-manifests.md
@@ -2,7 +2,7 @@

 This document provides an example of how Holos uses CUE and Helm to unify and
 render the platform configuration.  It refers to the manifests rendered in the
-[Try Holos Locally](/docs/guides/try-holos/) guide.
+Try Holos Locally guide.

 Take a moment to review the manifests `holos` rendered to build the platform.

--- a/doc/md/archive/local-development.md
+++ b/doc/md/archive/local-development.md
@@ -2,7 +2,7 @@

 This document captures notes on locally developing Holos.

-Follow the steps in [Try Holos Locally](/docs/guides/try-holos), but take care
+Follow the steps in [Try Holos Locally](../guides/try-holos), but take care
 to select `Develop` tabs when creating the k3d cluster so you have a local
 registry to push to.

--- a/doc/md/comparison.md
+++ b/doc/md/comparison.md
@@ -1,65 +0,0 @@
-# Comparison with other tools
-
-:::tip
-
-Holos is designed to complement and improve, not replace, existing tools in the cloud native ecosystem.
-
-:::
-
-## Helm
-
-### Chart Users
-
-Describe how things are different when using an upstream helm chart.
-
-### Chart Authors
-
-Describe how things are different when writing a new helm chart.
-
-## Kustomize
-
-TODO
-
-## ArgoCD
-
-TODO
-
-## Flux
-
-TODO
-
-## Timoni
-
-| Aspect | Timoni | Holos | Comment |
-| -- | -- | -- | -- |
-| Language | CUE | CUE | Like Holos, Timoni is also built on CUE. |
-| Artifact | OCI Image | Plain YAML Files | The Holos Authors find plain files easier to work with and reason about than OCI images. |
-| Outputs to | OCI Image Repository | Local Git repository | Holos is designed for use with existing GitOps tools. |
-| Concept | Module | Component | A Timoni Module is analogous to a Holos Component. |
-| Concept | Bundle | Platform | A Timoni Bundle is somewhat similar, but smaller in scope to a Holos Platform. |
-
-:::important
-
-The Holos Authors are deeply grateful to Stefan and Timoni for the capability of
-importing Kubernetes custom resource definitions into CUE.  Without this
-functionality, much of the Kubernetes ecosystem would be more difficult to
-manage in CUE and therefore in Holos.
-
-:::
-
-
-## KubeVela
-
-1. Also built on CUE.
-2. Intended to create an Application abstraction.
-3. Holos prioritizes composition over abstraction.
-4. An abstraction of an Application acts as a filter that removes all but the lowest common denominator functionality.  The Holos Authors have found this filtering effect to create excessive friction for software developers.
-5. Holos focuses instead on composition to empower developers and platform engineers to leverage the unique features and functionality of their software and platform.
-
-## Pulumi
-
-TODO
-
-## Jsonnet
-
-TODO
--- a/doc/md/design/rendering.md
+++ b/doc/md/design/rendering.md
@@ -1,47 +0,0 @@
-# Rendering
-
-:::tip
-
-This document provides a brief overview of the rendering process, a core design
-element in Holos.
-
-:::
-
-Holos uses the Kubernetes resource model to manage configuration.  The `holos`
-command line interface is the primary method you'll use to manage your platform.
-Holos uses CUE to provide a unified configuration model of the platform.  This
-unified configuration is built up from components packaged with Helm, Kustomize,
-CUE, or any other tool that can produce Kubernetes resource manifests as output.
-
-This process can be thought of as a data **rendering pipeline**.  The key
-concept is that `holos` will always produce fully rendered output, but delegates
-the _application_ of the configuration to other tools like `kubectl apply`,
-ArgoCD, or Flux.
-
-```mermaid
---
-title: Figure 2 - Render Pipeline
---
-graph LR
-    PS[<a href="/docs/api/core/v1alpha2#PlatformSpec">PlatformSpec</a>]
-    BP[<a href="/docs/api/core/v1alpha2#BuildPlan">BuildPlan</a>]
-    HC[<a href="/docs/api/core/v1alpha2#HolosComponent">HolosComponent</a>]
-
-    H[<a href="/docs/api/core/v1alpha2#HelmChart">HelmChart</a>]
-    K[<a href="/docs/api/core/v1alpha2#KustomizeBuild">KustomizeBuild</a>]
-    O[<a href="/docs/api/core/v1alpha2#KubernetesObjects">KubernetesObjects</a>]
-
-    P[<a href="/docs/api/core/v1alpha2#Kustomize">Kustomize</a>]
-    Y[Kubernetes <br>Resources]
-    G[GitOps <br>Resource]
-
-    C[Kube API Server]
-
-    PS --> BP --> HC
-    HC --> H --> P
-    HC --> K --> P
-    HC --> O --> P
-
-    P --> Y --> C
-    P --> G --> C
-```
--- a/doc/md/guides.md
+++ b/doc/md/guides.md
@@ -0,0 +1,29 @@
+import DocCardList from '@theme/DocCardList';
+
+# Guides
+
+## Technical Overview
+
+Please see the [Technical Overview] to learn about Holos.  If you're ready to
+drive in and try Holos, please work through the following guides.
+
+## Bank of Holos
+The guides are organized as a progression.  We'll use Holos to manage a
+fictional bank's platform, the Bank of Holos in each of the guides.  In doing so
+we'll take the time to explain the foundational concepts of Holos.
+
+1. [Quickstart] covers the foundational concepts of Holos.
+2. [Deploy a Service] explains how to deploy a containerized service using an
+existing Helm chart.  This guide then explains how to deploy a similar service
+safely and consistently with CUE instead of Helm.
+3. [Change a Service] covers the day two task of making configuration changes to
+deployed services safely and consistently.
+
+---
+
+<DocCardList />
+
+[Quickstart]: /docs/quickstart/
+[Deploy a Service]: /docs/guides/deploy-a-service/
+[Change a Service]: /docs/guides/change-a-service/
+[Technical Overview]: /docs/technical-overview/
--- a/doc/md/guides/change-a-service.mdx
+++ b/doc/md/guides/change-a-service.mdx
@@ -0,0 +1,735 @@
+---
+description: Change a service on your platform.
+slug: /guides/change-a-service
+sidebar_position: 300
+---
+
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+import Admonition from '@theme/Admonition';
+
+# Change a Service
+
+In this guide, we'll explore how Holos supports the frontend development team at [Bank of Holos] in reconfiguring an already deployed service. Along the way, we'll demonstrate how simple configuration changes are made safer with type checking, and how rendering the complete platform provides clear visibility into those changes.
+
+This guide builds on the concepts covered in the [Quickstart] and [Deploy a Service] guides.
+
+## What you'll need {#requirements}
+
+Like our other guides, this guide is intended to be useful without needing to
+run each command.  If you'd like to apply the manifests to a real Cluster,
+complete the [Local Cluster Guide](/docs/guides/local-cluster) before this
+guide.
+
+You'll need the following tools installed to run the commands in this guide.
+
+1. [holos](/docs/install) - to build the Platform.
+2. [helm](https://helm.sh/docs/intro/install/) - to render Holos Components that
+wrap Helm charts.
+3. [kubectl](https://kubernetes.io/docs/tasks/tools/) - to render Holos
+Components that render with Kustomize.
+
+## Fork the Git Repository
+
+If you haven't already done so, [fork the Bank of
+Holos](https://github.com/holos-run/bank-of-holos/fork) then clone the
+repository to your local machine.
+
+<Tabs groupId="git-clone">
+  <TabItem value="command" label="Command">
+```bash
+# Change YourName
+git clone https://github.com/YourName/bank-of-holos
+cd bank-of-holos
+```
+  </TabItem>
+  <TabItem value="output" label="Output">
+```txt
+Cloning into 'bank-of-holos'...
+remote: Enumerating objects: 1177, done.
+remote: Counting objects: 100% (1177/1177), done.
+remote: Compressing objects: 100% (558/558), done.
+remote: Total 1177 (delta 394), reused 1084 (delta 303), pack-reused 0 (from 0)
+Receiving objects: 100% (1177/1177), 2.89 MiB | 6.07 MiB/s, done.
+Resolving deltas: 100% (394/394), done.
+```
+  </TabItem>
+</Tabs>
+
+Run the rest of the commands in this guide from the root of the repository.
+
+If you plan to apply the changes we make, you can delete and re-create your
+local platform synced to the start of this guide.
+
+```bash
+./scripts/reset-cluster
+./scripts/apply
+```
+
+## Rename the Bank
+
+Let's imagine the bank recently re-branded from The Bank of Holos to The
+Holistic Bank.  The software development team responsible for the front end
+website needs to update the branding accordingly.
+
+Let's explore how Holos catches errors early, before they land in production,
+then guides the team to the best place to make a change.
+
+The bank front end web service is managed by the
+`projects/bank-of-holos/frontend/components/bank-frontend/` component which
+refers to the organization display name in `schema.gen.cue`.
+
+<Tabs groupId="F5B546EB-566F-4B83-84C3-C55B40F55555">
+  <TabItem value="schema.cue" label="schema.cue">
+```cue showLineNumbers
+package holos
+
+import api "github.com/holos-run/holos/api/author/v1alpha4"
+
+// Define the default organization name.
+_Organization: api.#OrganizationStrict & {
+	DisplayName: string | *"Bank of Holos"
+	Name:        string | *"bank-of-holos"
+	Domain:      string | *"holos.localhost"
+}
+
+// Projects represents a way to organize components into projects with owners.
+// https://holos.run/docs/api/author/v1alpha4/#Projects
+_Projects: api.#Projects
+
+// ArgoConfig represents the configuration of ArgoCD Application resources for
+// each component.
+// https://holos.run/docs/api/author/v1alpha4/#ArgoConfig
+_ArgoConfig: api.#ArgoConfig
+
+#ComponentConfig: api.#ComponentConfig & {
+	Name:      _Tags.name
+	Component: _Tags.component
+	Cluster:   _Tags.cluster
+	ArgoConfig: _ArgoConfig & {
+		if _Tags.project != "no-project" {
+			AppProject: _Tags.project
+		}
+	}
+	Resources: #Resources
+
+	// Mix in project labels if the project is defined by the platform.
+	if _Tags.project != "no-project" {
+		CommonLabels: _Projects[_Tags.project].CommonLabels
+	}
+}
+
+// https://holos.run/docs/api/author/v1alpha4/#Kubernetes
+#Kubernetes: close({
+	#ComponentConfig
+	api.#Kubernetes
+})
+
+// https://holos.run/docs/api/author/v1alpha4/#Kustomize
+#Kustomize: close({
+	#ComponentConfig
+	api.#Kustomize
+})
+
+// https://holos.run/docs/api/author/v1alpha4/#Helm
+#Helm: close({
+	#ComponentConfig
+	api.#Helm
+})
+```
+  </TabItem>
+  <TabItem value="projects/bank-of-holos/frontend/components/bank-frontend/bank-frontend.cue" label="projects/bank-of-holos/frontend/components/bank-frontend/bank-frontend.cue">
+```cue showLineNumbers
+package holos
+
+// Produce a kubernetes objects build plan.
+(#Kubernetes & Objects).BuildPlan
+
+let Objects = {
+	Name:      "bank-frontend"
+	Namespace: _BankOfHolos.Frontend.Namespace
+
+	// Ensure resources go in the correct namespace
+	Resources: [_]: [_]: metadata: namespace: Namespace
+
+	// https://github.com/GoogleCloudPlatform/bank-of-anthos/blob/release/v0.6.5/kubernetes-manifests/frontend.yaml
+	Resources: {
+		Service: frontend: {
+			metadata: name: "frontend"
+			metadata: labels: {
+				application: "bank-of-holos"
+				environment: "development"
+				team:        "frontend"
+				tier:        "web"
+			}
+			spec: {
+				selector: {
+					app:         "frontend"
+					application: "bank-of-holos"
+					environment: "development"
+					team:        "frontend"
+					tier:        "web"
+				}
+				_ports: http: {
+					name:       "http"
+					port:       80
+					targetPort: 8080
+					protocol:   "TCP"
+				}
+				ports: [for x in _ports {x}]
+			}
+		}
+
+		Deployment: frontend: {
+			metadata: name: "frontend"
+			metadata: labels: {
+				application: "bank-of-holos"
+				environment: "development"
+				team:        "frontend"
+				tier:        "web"
+			}
+			spec: {
+				selector: matchLabels: {
+					app:         "frontend"
+					application: "bank-of-holos"
+					environment: "development"
+					team:        "frontend"
+					tier:        "web"
+				}
+				template: {
+					metadata: labels: {
+						app:         "frontend"
+						application: "bank-of-holos"
+						environment: "development"
+						team:        "frontend"
+						tier:        "web"
+					}
+					spec: {
+						securityContext: {
+							seccompProfile: type: "RuntimeDefault"
+							fsGroup:      1000
+							runAsGroup:   1000
+							runAsNonRoot: true
+							runAsUser:    1000
+						}
+						serviceAccountName:            "bank-of-holos"
+						terminationGracePeriodSeconds: 5
+						containers: [{
+							env: [{
+								name:  "BANK_NAME"
+								value: _Organization.DisplayName
+							}, {
+								name:  "ENV_PLATFORM"
+								value: "local"
+							}, {
+								name:  "VERSION"
+								value: "v0.6.5"
+							}, {
+								name:  "PORT"
+								value: "8080"
+							}, {
+								name:  "ENABLE_TRACING"
+								value: "false"
+							}, {
+								name:  "SCHEME"
+								value: "https"
+							}, {
+								name:  "LOG_LEVEL"
+								value: "info"
+							}, {
+								name: "DEFAULT_USERNAME"
+								valueFrom: configMapKeyRef: {
+									key:  "DEMO_LOGIN_USERNAME"
+									name: "demo-data-config"
+								}
+							}, {
+								name: "DEFAULT_PASSWORD"
+								valueFrom: configMapKeyRef: {
+									key:  "DEMO_LOGIN_PASSWORD"
+									name: "demo-data-config"
+								}
+							}, {
+								name: "REGISTERED_OAUTH_CLIENT_ID"
+								valueFrom: configMapKeyRef: {
+									key:      "DEMO_OAUTH_CLIENT_ID"
+									name:     "oauth-config"
+									optional: true
+								}
+							}, {
+								name: "ALLOWED_OAUTH_REDIRECT_URI"
+								valueFrom: configMapKeyRef: {
+									key:      "DEMO_OAUTH_REDIRECT_URI"
+									name:     "oauth-config"
+									optional: true
+								}
+							}]
+							envFrom: [{
+								configMapRef: name: "environment-config"
+							}, {
+								configMapRef: name: "service-api-config"
+							}]
+							image: "us-central1-docker.pkg.dev/bank-of-anthos-ci/bank-of-anthos/frontend:v0.6.5@sha256:d72050f70d12383e4434ad04d189b681dc625f696087ddf0b5df641645c9dafa"
+							livenessProbe: {
+								httpGet: {
+									path: "/ready"
+									port: 8080
+								}
+								initialDelaySeconds: 60
+								periodSeconds:       15
+								timeoutSeconds:      30
+							}
+							name: "front"
+							readinessProbe: {
+								httpGet: {
+									path: "/ready"
+									port: 8080
+								}
+								initialDelaySeconds: 10
+								periodSeconds:       5
+								timeoutSeconds:      10
+							}
+							resources: {
+								limits: {
+									cpu:    "250m"
+									memory: "128Mi"
+								}
+								requests: {
+									cpu:    "100m"
+									memory: "64Mi"
+								}
+							}
+							securityContext: {
+								allowPrivilegeEscalation: false
+								capabilities: drop: ["all"]
+								privileged:             false
+								readOnlyRootFilesystem: true
+							}
+							volumeMounts: [{
+								mountPath: "/tmp"
+								name:      "tmp"
+							}, {
+								mountPath: "/tmp/.ssh"
+								name:      "publickey"
+								readOnly:  true
+							}]
+						}]
+						volumes: [
+							{
+								emptyDir: {}
+								name: "tmp"
+							},
+							{
+								name: "publickey"
+								secret: {
+									items: [{key: "jwtRS256.key.pub", path: "publickey"}]
+									secretName: "jwt-key"
+								}
+							},
+						]
+					}
+				}
+			}
+		}
+
+		// Allow HTTPRoutes in the ingress gateway namespace to reference Services
+		// in this namespace.
+		ReferenceGrant: grant: _ReferenceGrant & {
+			metadata: namespace: Namespace
+		}
+
+		// Include shared resources
+		_BankOfHolos.Resources
+	}
+}
+```
+  </TabItem>
+</Tabs>
+
+Line 7 of the `schema.cue` file defines the _default_ value for
+`_Organization.DisplayName` by using `string | *"..."`.  In CUE, the `*`
+asterisk character denotes a [default value].
+
+Line 78 of the `bank-frontend.cue` file refers to `_Organization.DisplayName` to
+configure the front end web container.
+
+Let's change the name of the bank by defining a new value for
+`_Organization.DisplayName` at the root of the configuration.  Create
+`projects/organization.cue` with the following content.
+
+<Tabs groupId="B386181F-EBE7-469D-8CB5-37631067669B">
+  <TabItem value="projects/organization.cue" label="projects/organization.cue">
+```cue showLineNumbers
+package holos
+
+_Organization: DisplayName: "The Holistic-Bank"
+```
+  </TabItem>
+</Tabs>
+
+Let's render the platform and see if this changes the name.
+
+<Tabs groupId="A014333C-3271-4C22-87E6-2B7BF898EA3E">
+  <TabItem value="command" label="Command">
+```bash
+holos render platform ./platform
+```
+  </TabItem>
+  <TabItem value="output" label="Output">
+```txt
+could not run: could not marshal json projects/platform/components/istio/cni: cue: marshal error: _Organization.DisplayName: 2 errors in empty disjunction: (and 2 more errors) at internal/builder/builder.go:63
+_Organization.DisplayName: _Organization.DisplayName: 2 errors in empty disjunction: (and 2 more errors)
+could not run: could not marshal json projects/platform/components/argocd/crds: cue: marshal error: _Organization.DisplayName: 2 errors in empty disjunction: (and 2 more errors) at internal/builder/builder.go:63
+_Organization.DisplayName: _Organization.DisplayName: 2 errors in empty disjunction: (and 2 more errors)
+could not run: could not render component: exit status 1 at builder/v1alpha4/builder.go:95
+```
+  </TabItem>
+</Tabs>
+
+:::warning Whoops
+The development team defined a value that isn't allowed by the
+configuration.
+:::
+
+Someone else in the organization placed a [constraint] on the
+configuration to ensure the display name contains only letters, numbers, and
+spaces.  This constraint is expressed as a [regular expression].
+
+:::tip
+CUE provides clear visibility where to start looking to resolve conflicts.  Each
+file and line number listed is a place the `#Organization.DisplayName` field is
+defined.
+:::
+
+Let's try again, this time replacing the hyphen with a space.
+
+<Tabs groupId="F93B34FA-C0C6-4793-A32F-DAD094403208">
+  <TabItem value="projects/organization.cue" label="projects/organization.cue">
+```cue showLineNumbers
+package holos
+
+_Organization: DisplayName: "The Holistic Bank"
+```
+  </TabItem>
+</Tabs>
+
+<Tabs groupId="5FD68778-476A-4F82-8817-71CEE205216E">
+  <TabItem value="command" label="Command">
+```bash
+holos render platform ./platform
+```
+  </TabItem>
+  <TabItem value="output" label="Output">
+```txt
+rendered bank-ledger-db for cluster workload in 139.863625ms
+rendered bank-accounts-db for cluster workload in 151.74875ms
+rendered bank-balance-reader for cluster workload in 154.356083ms
+rendered bank-ledger-writer for cluster workload in 161.209541ms
+rendered bank-userservice for cluster workload in 163.373417ms
+rendered bank-backend-config for cluster workload in 179.271208ms
+rendered bank-secrets for cluster workload in 204.35625ms
+rendered gateway for cluster workload in 118.707583ms
+rendered httproutes for cluster workload in 140.981541ms
+rendered bank-transaction-history for cluster workload in 156.066875ms
+rendered bank-frontend for cluster workload in 300.102292ms
+rendered bank-contacts for cluster workload in 159.89625ms
+rendered cni for cluster workload in 150.754458ms
+rendered istiod for cluster workload in 222.922625ms
+rendered app-projects for cluster workload in 118.422792ms
+rendered ztunnel for cluster workload in 142.840625ms
+rendered cert-manager for cluster workload in 190.938834ms
+rendered base for cluster workload in 340.679416ms
+rendered local-ca for cluster workload in 107.120334ms
+rendered external-secrets for cluster workload in 145.020834ms
+rendered argocd for cluster workload in 299.690917ms
+rendered namespaces for cluster workload in 115.862334ms
+rendered gateway-api for cluster workload in 225.783833ms
+rendered external-secrets-crds for cluster workload in 339.741166ms
+rendered crds for cluster workload in 421.849041ms
+rendered platform in 718.015959ms
+```
+  </TabItem>
+</Tabs>
+
+:::tip Success
+Great, the platform rendered.  We know the display name is valid according to
+the constraints.
+:::
+
+Let's see if the new display name value updated the configuration for the bank
+frontend.
+
+<Tabs groupId="6C068651-2061-4262-BE1E-7BB3E7EB66CB">
+  <TabItem value="command" label="Command">
+```bash
+git status
+```
+  </TabItem>
+  <TabItem value="output" label="Output">
+```txt
+On branch main
+Your branch and 'jeffmccune/main' have diverged,
+and have 2 and 4 different commits each, respectively.
+  (use "git pull" to merge the remote branch into yours)
+
+Changes not staged for commit:
+  (use "git add <file>..." to update what will be committed)
+  (use "git restore <file>..." to discard changes in working directory)
+        // highlight-next-line
+        modified:   deploy/clusters/workload/components/app-projects/app-projects.gen.yaml
+        modified:   deploy/clusters/workload/components/bank-frontend/bank-frontend.gen.yaml
+
+Untracked files:
+  (use "git add <file>..." to include in what will be committed)
+        projects/organization.cue
+
+no changes added to commit (use "git add" and/or "git commit -a")
+```
+  </TabItem>
+</Tabs>
+
+<Tabs groupId="4A20831E-461B-4EDE-8F6E-E73C3AEC12DB">
+  <TabItem value="command" label="Command">
+```bash
+git diff
+```
+  </TabItem>
+  <TabItem value="output" label="Output">
+```diff
+diff --git a/deploy/clusters/workload/components/app-projects/app-projects.gen.yaml b/deploy/clusters/workload/components/app-projects/app-projects.gen.yaml
+index 7914756..250c660 100644
+--- a/deploy/clusters/workload/components/app-projects/app-projects.gen.yaml
+++ b/deploy/clusters/workload/components/app-projects/app-projects.gen.yaml
+@@ -9,7 +9,7 @@ spec:
+   clusterResourceWhitelist:
+     - group: '*'
+       kind: '*'
+-  description: Holos managed AppProject for Bank of Holos
+  description: Holos managed AppProject for The Holistic Bank
+   destinations:
+     - namespace: '*'
+       server: '*'
+@@ -26,7 +26,7 @@ spec:
+   clusterResourceWhitelist:
+     - group: '*'
+       kind: '*'
+-  description: Holos managed AppProject for Bank of Holos
+  description: Holos managed AppProject for The Holistic Bank
+   destinations:
+     - namespace: '*'
+       server: '*'
+@@ -43,7 +43,7 @@ spec:
+   clusterResourceWhitelist:
+     - group: '*'
+       kind: '*'
+-  description: Holos managed AppProject for Bank of Holos
+  description: Holos managed AppProject for The Holistic Bank
+   destinations:
+     - namespace: '*'
+       server: '*'
+@@ -60,7 +60,7 @@ spec:
+   clusterResourceWhitelist:
+     - group: '*'
+       kind: '*'
+-  description: Holos managed AppProject for Bank of Holos
+  description: Holos managed AppProject for The Holistic Bank
+   destinations:
+     - namespace: '*'
+       server: '*'
+diff --git a/deploy/clusters/workload/components/bank-frontend/bank-frontend.gen.yaml b/deploy/clusters/workload/components/bank-frontend/bank-frontend.gen.yaml
+index dae6f93..d41516b 100644
+--- a/deploy/clusters/workload/components/bank-frontend/bank-frontend.gen.yaml
+++ b/deploy/clusters/workload/components/bank-frontend/bank-frontend.gen.yaml
+@@ -71,7 +71,7 @@ spec:
+       containers:
+         - env:
+             - name: BANK_NAME
+-              value: Bank of Holos
+              value: The Holistic Bank
+             - name: ENV_PLATFORM
+               value: local
+             - name: VERSION
+
+```
+  </TabItem>
+</Tabs>
+
+:::danger
+The new display name changed the frontend container, but it _also_ affected the
+app-projects component owned by the platform team.
+:::
+
+Submitting a pull request would trigger a code review from the platform
+engineering team who manages the app-projects component.  Let's see how to
+narrow the change down to limit the scope to the bank's user facing services.
+All of these services are managed under `projects/bank-of-holos/` Move the
+`organization.cue` file into this folder to limit the scope of configuration to
+the the components contained within.
+
+```bash
+mv projects/organization.cue projects/bank-of-holos/
+```
+
+Render the platform and let's see what changed.
+
+<Tabs groupId="0FFEC244-B59B-4136-9C82-837985DC2AB8">
+  <TabItem value="command" label="Command">
+```bash
+holos render platform ./platform
+```
+  </TabItem>
+  <TabItem value="output" label="Output">
+```txt
+rendered bank-ledger-db for cluster workload in 163.814917ms
+rendered bank-accounts-db for cluster workload in 163.960208ms
+rendered bank-userservice for cluster workload in 164.1625ms
+rendered bank-ledger-writer for cluster workload in 169.185291ms
+rendered bank-balance-reader for cluster workload in 174.5455ms
+rendered bank-backend-config for cluster workload in 178.092125ms
+rendered bank-secrets for cluster workload in 202.305334ms
+rendered gateway for cluster workload in 122.81725ms
+rendered httproutes for cluster workload in 134.121084ms
+rendered bank-contacts for cluster workload in 146.4185ms
+rendered bank-frontend for cluster workload in 311.35425ms
+rendered bank-transaction-history for cluster workload in 160.103ms
+rendered cni for cluster workload in 145.762083ms
+rendered istiod for cluster workload in 216.0065ms
+rendered app-projects for cluster workload in 117.684333ms
+rendered ztunnel for cluster workload in 144.555292ms
+rendered cert-manager for cluster workload in 178.247917ms
+rendered base for cluster workload in 336.679ms
+rendered external-secrets for cluster workload in 142.21825ms
+rendered local-ca for cluster workload in 101.249ms
+rendered argocd for cluster workload in 280.54525ms
+rendered namespaces for cluster workload in 106.822042ms
+rendered gateway-api for cluster workload in 200.459791ms
+rendered external-secrets-crds for cluster workload in 470.125833ms
+rendered crds for cluster workload in 844.388666ms
+rendered platform in 1.154937084s
+```
+  </TabItem>
+</Tabs>
+
+<Tabs groupId="DE4FEEE5-FC53-48A6-BC6F-D0EA1DBFD00C">
+  <TabItem value="command" label="Command">
+```bash
+git diff
+```
+  </TabItem>
+  <TabItem value="output" label="Output">
+```diff
+diff --git a/deploy/clusters/workload/components/bank-frontend/bank-frontend.gen.yaml b/deploy/clusters/workload/components/bank-frontend/bank-frontend.gen.yaml
+index dae6f93..d41516b 100644
+--- a/deploy/clusters/workload/components/bank-frontend/bank-frontend.gen.yaml
+++ b/deploy/clusters/workload/components/bank-frontend/bank-frontend.gen.yaml
+@@ -71,7 +71,7 @@ spec:
+       containers:
+         - env:
+             - name: BANK_NAME
+-              value: Bank of Holos
+              value: The Holistic Bank
+             - name: ENV_PLATFORM
+               value: local
+             - name: VERSION
+
+```
+  </TabItem>
+</Tabs>
+
+:::tip Success
+Great!  This time, the only manifest affected is our `bank-frontend.gen.yaml`.
+:::
+
+The `BANK_NAME` environment variable will change as we expect, and only the dev
+teams managing the bank services components are affected by the change.
+
+Let's commit and push this change and see if it works.
+
+<Tabs groupId="435D9C60-F841-4CF1-A947-506422E6BAC9">
+  <TabItem value="command" label="Command">
+```bash
+git add .
+git commit -m 'frontend: rename bank to The Holistic Bank'
+git push
+```
+  </TabItem>
+  <TabItem value="output" label="Output">
+```txt
+[main fda74ec] frontend: rename bank to The Holistic Bank
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+ create mode 100644 projects/bank-of-holos/organization.cue
+```
+  </TabItem>
+</Tabs>
+
+Now that we've pushed the change, let's apply the change to the platform.
+
+## Apply the Change
+
+Once we've pushed the change, navigate to the [bank-frontend GitOps
+Application](https://argocd.holos.localhost/applications/argocd/bank-frontend?view=tree&resource=).
+We can see the Deployment needs to sync to the desired state we just pushed.
+
+![bank-frontend out of sync](./img/change-a-service-out-of-sync.png)
+
+Clicking on the frontend Deployment, we see the diff with the change we expect.
+
+![bank-frontend diff](./img/change-a-service-diff.png)
+
+Sync the change, ArgoCD applies the desired configuration state to the cluster
+and Kubernetes handles rolling out the updated Deployment resource.
+
+![bank-frontend progressing](./img/change-a-service-progressing.png)
+
+Soon, the deployment finishes and the component is in sync again.
+
+![bank-frontend in sync](./img/change-a-service-in-sync.png)
+
+Finally, let's see if the name actually changed on the website.  Navigate to
+https://bank.holos.localhost/.
+
+![bank-frontend login page](./img/change-a-service-login-page.png)
+
+:::tip Success
+We successfully made our change and successfully applied the changed
+configuration to the platform.
+:::
+
+Thanks for taking the time to work through this guide which covered:
+
+- How multiple teams could be impacted by defining configuration at the
+`projects/` path.
+- How to scope our change to only affect components within the
+`projects/bank-of-holos/` path, eliminating the impact on other teams.
+- How CUE can [constrain] values in Holos, increasing safety.
+- How to handle a [default value] in CUE.
+- How CUE surfaces the file and line number of _every_ place to look for where a
+value is defined, making it faster and easier to troubleshoot problems.
+
+
+[Quickstart]: /docs/quickstart/
+[Deploy a Service]: /docs/guides/deploy-a-service/
+[Change a Service]: /docs/guides/change-a-service/
+[Helm]: /docs/api/author/v1alpha3/#Helm
+[Kubernetes]: /docs/api/author/v1alpha3/#Kubernetes
+[Kustomize]: /docs/api/author/v1alpha3/#Kustomize
+[ComponentFields]: /docs/api/author/v1alpha3/#ComponentFields
+[platform-files]: /docs/quickstart/#how-platform-rendering-works
+[AppProject]: https://argo-cd.readthedocs.io/en/stable/user-guide/projects/
+[unification operator]: https://cuelang.org/docs/reference/spec/#unification
+[code-owners]: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
+[Kustomization API]: https://github.com/kubernetes-sigs/kustomize/blob/release-kustomize-v5.2/api/types/kustomization.go#L34
+[cue import]: https://cuelang.org/docs/reference/command/cue-help-import/
+[cue get go]: https://cuelang.org/docs/concept/how-cue-works-with-go/
+[timoni-crds]: https://timoni.sh/cue/module/custom-resources/
+[HTTPRoute]: https://gateway-api.sigs.k8s.io/api-types/httproute/?h=filter
+[Ingress]: https://kubernetes.io/docs/concepts/services-networking/ingress/
+[hidden field]: https://cuelang.org/docs/tour/references/hidden/
+[comprehension]: https://cuelang.org/docs/reference/spec/#comprehensions
+[code owners]: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
+[ReferenceGrant]: https://gateway-api.sigs.k8s.io/api-types/referencegrant/
+[Local Cluster Guide]: /docs/guides/local-cluster
+[Bank of Holos]: https://github.com/holos-run/bank-of-holos
+[default value]: https://cuelang.org/docs/tour/types/defaults/
+[constrain]: https://cuelang.org/docs/tour/basics/constraints/
+[constraint]: https://cuelang.org/docs/tour/basics/constraints/
+[regular expression]: https://cuelang.org/docs/tour/expressions/regexp/
--- a/doc/md/guides/deploy-a-service.mdx
+++ b/doc/md/guides/deploy-a-service.mdx
--- a/doc/md/guides/helm.mdx
+++ b/doc/md/guides/helm.mdx
--- a/doc/md/guides/img/bank-home.png
+++ b/doc/md/guides/img/bank-home.png
--- a/doc/md/guides/img/change-a-service-diff.png
+++ b/doc/md/guides/img/change-a-service-diff.png
--- a/doc/md/guides/img/change-a-service-in-sync.png
+++ b/doc/md/guides/img/change-a-service-in-sync.png
--- a/doc/md/guides/img/change-a-service-login-page.png
+++ b/doc/md/guides/img/change-a-service-login-page.png
--- a/doc/md/guides/img/change-a-service-out-of-sync.png
+++ b/doc/md/guides/img/change-a-service-out-of-sync.png
--- a/doc/md/guides/img/change-a-service-progressing.png
+++ b/doc/md/guides/img/change-a-service-progressing.png
--- a/doc/md/guides/img/deploy-a-service-podinfo-deployed.png
+++ b/doc/md/guides/img/deploy-a-service-podinfo-deployed.png
--- a/doc/md/guides/img/deploy-a-service-podinfo-greetings.png
+++ b/doc/md/guides/img/deploy-a-service-podinfo-greetings.png
--- a/doc/md/guides/img/deploy-a-service-podinfo-missing.png
+++ b/doc/md/guides/img/deploy-a-service-podinfo-missing.png
--- a/doc/md/guides/img/deploy-a-service-podinfo-sync.png
+++ b/doc/md/guides/img/deploy-a-service-podinfo-sync.png
--- a/doc/md/guides/img/helm-editor-constraints.png
+++ b/doc/md/guides/img/helm-editor-constraints.png
--- a/doc/md/guides/img/helm-prometheus-httpbin.png
+++ b/doc/md/guides/img/helm-prometheus-httpbin.png
--- a/doc/md/guides/local-cluster.mdx
+++ b/doc/md/guides/local-cluster.mdx
@@ -0,0 +1,277 @@
+---
+description: Build a local Cluster to use with these guides.
+slug: /guides/local-cluster
+sidebar_position: 999
+---
+
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+import Admonition from '@theme/Admonition';
+
+# Local Cluster
+
+In this guide we'll set up a local k3d cluster to apply and explore the
+configuration described in our other guides.  After completing this guide you'll
+have a standard Kubernetes API server with proper DNS and TLS certificates.
+You'll be able to easily reset the cluster to a known good state to iterate on
+your own Platform.
+
+The [Concepts](/docs/concepts) page defines capitalized terms such as Platform
+and Component.
+
+## Reset the Cluster
+
+If you've already followed this guide, reset the cluster by running the
+following commands.  Skip this section if you're creating a cluster for the
+first time.
+
+First, delete the cluster.
+
+<Tabs groupId="k3d-cluster-delete">
+  <TabItem value="command" label="Command">
+```bash
+k3d cluster delete workload
+```
+  </TabItem>
+  <TabItem value="output" label="Output">
+```txt showLineNumbers
+INFO[0000] Deleting cluster 'workload'
+INFO[0000] Deleting cluster network 'k3d-workload'
+INFO[0000] Deleting 1 attached volumes...
+INFO[0000] Removing cluster details from default kubeconfig...
+INFO[0000] Removing standalone kubeconfig file (if there is one)...
+INFO[0000] Successfully deleted cluster workload!
+```
+  </TabItem>
+</Tabs>
+
+Then create the cluster again.
+
+<Tabs groupId="k3d-cluster-create">
+  <TabItem value="command" label="Command">
+```bash
+k3d cluster create workload \
+  --registry-use k3d-registry.holos.localhost:5100 \
+  --port "443:443@loadbalancer" \
+  --k3s-arg "--disable=traefik@server:0"
+```
+  </TabItem>
+  <TabItem value="output" label="Output">
+```txt showLineNumbers
+INFO[0000] portmapping '443:443' targets the loadbalancer: defaulting to [servers:*:proxy agents:*:proxy]
+INFO[0000] Prep: Network
+INFO[0000] Created network 'k3d-workload'
+INFO[0000] Created image volume k3d-workload-images
+INFO[0000] Starting new tools node...
+INFO[0000] Starting node 'k3d-workload-tools'
+INFO[0001] Creating node 'k3d-workload-server-0'
+INFO[0001] Creating LoadBalancer 'k3d-workload-serverlb'
+INFO[0001] Using the k3d-tools node to gather environment information
+INFO[0001] HostIP: using network gateway 172.17.0.1 address
+INFO[0001] Starting cluster 'workload'
+INFO[0001] Starting servers...
+INFO[0001] Starting node 'k3d-workload-server-0'
+INFO[0003] All agents already running.
+INFO[0003] Starting helpers...
+INFO[0003] Starting node 'k3d-workload-serverlb'
+INFO[0009] Injecting records for hostAliases (incl. host.k3d.internal) and for 3 network members into CoreDNS configmap...
+INFO[0012] Cluster 'workload' created successfully!
+INFO[0012] You can now use it like this:
+kubectl cluster-info
+```
+  </TabItem>
+</Tabs>
+
+Finally, add your trusted certificate authority.
+
+<Tabs groupId="apply-local-ca">
+  <TabItem value="command" label="Command">
+```bash
+kubectl apply --server-side=true -f "$(mkcert -CAROOT)/namespace.yaml"
+kubectl apply --server-side=true -n cert-manager -f "$(mkcert -CAROOT)/local-ca.yaml"
+```
+  </TabItem>
+  <TabItem value="output" label="Output">
+```txt showLineNumbers
+namespace/cert-manager serverside-applied
+secret/local-ca serverside-applied
+```
+  </TabItem>
+</Tabs>
+
+You're back to the same state as the first time you completed this guide.
+
+## What you'll need {#requirements}
+
+You'll need the following tools installed to complete this guide.
+
+1. [holos](/docs/install) - to build the platform.
+2. [helm](https://helm.sh/docs/intro/install/) - to render Holos components that wrap upstream Helm charts.
+3. [k3d](https://k3d.io/#installation) - to provide a k8s api server.
+4. [OrbStack](https://docs.orbstack.dev/install) or [Docker](https://docs.docker.com/get-docker/) - to use k3d.
+5. [kubectl](https://kubernetes.io/docs/tasks/tools/) - to interact with the k8s api server.
+6. [mkcert](https://github.com/FiloSottile/mkcert?tab=readme-ov-file#installation) - to make trusted TLS certificates.
+7. [jq](https://jqlang.github.io/jq/download/) - to fiddle with JSON output.
+
+## Configure DNS {#configure-dns}
+
+Configure your machine to resolve `*.holos.localhost` to your loopback
+interface.  This is necessary for requests to reach the workload cluster.  Save
+this script to a file and execute it.
+
+```bash showLineNumbers
+#! /bin/bash
+#
+
+set -euo pipefail
+
+tmpdir="$(mktemp -d)"
+finish() {
+  [[ -d "$tmpdir" ]] && rm -rf "$tmpdir"
+}
+trap finish EXIT
+cd "$tmpdir"
+
+brew install dnsmasq
+
+cat <<EOF >"$(brew --prefix)/etc/dnsmasq.d/holos.localhost.conf"
+# Refer to https://holos.run/docs/tutorial/local/k3d/
+address=/holos.localhost/127.0.0.1
+EOF
+
+if [[ -r /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist ]]; then
+  echo "dnsmasq already configured"
+else
+  sudo cp "$(brew list dnsmasq | grep 'dnsmasq.plist$')" \
+    /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist
+  sudo launchctl unload /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist
+  sudo launchctl load /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist
+  dscacheutil -flushcache
+  echo "dnsmasq configured"
+fi
+
+sudo mkdir -p /etc/resolver
+sudo tee /etc/resolver/holos.localhost <<EOF
+domain holos.localhost
+nameserver 127.0.0.1
+EOF
+sudo killall -HUP mDNSResponder
+
+echo "all done."
+```
+
+## Create the Cluster {#create-the-cluster}
+
+The Workload Cluster is where your applications and services will be deployed.
+In production this is usually an EKS, GKE, or AKS cluster.
+
+:::tip
+
+Holos supports all compliant Kubernetes clusters. Holos was developed and tested
+on GKE, EKS, Talos, k3s, and Kubeadm clusters.
+
+:::
+
+Create a local registry to speed up image builds and pulls.
+
+```bash
+k3d registry create registry.holos.localhost --port 5100
+```
+
+Create the workload cluster configured to use the local registry.
+
+```bash
+k3d cluster create workload \
+  --registry-use k3d-registry.holos.localhost:5100 \
+  --port "443:443@loadbalancer" \
+  --k3s-arg "--disable=traefik@server:0"
+```
+
+Traefik is disabled because Istio provides the same functionality.
+
+## Setup Root CA {#setup-root-ca}
+
+Platforms most often use cert-manager to issue tls certificates.  The browser
+and tools we're using need to trust these certificates to work together.
+Generate a local, trusted root certificate authority with the following script.
+
+Admin access is necessary for `mkcert` to manage the certificate into your trust
+stores.
+
+```bash
+sudo -v
+```
+
+Manage the local CA and copy the CA key to the workload cluster so that cert
+manager can manage trusted certificates.
+
+Save this script to a file and execute it to configure a trusted certificate
+authority.
+
+```bash showLineNumbers
+#! /bin/bash
+#
+
+set -euo pipefail
+
+mkcert --install
+
+tmpdir="$(mktemp -d)"
+finish() {
+  [[ -d "$tmpdir" ]] && rm -rf "$tmpdir"
+}
+trap finish EXIT
+cd "$tmpdir"
+
+# Create the local CA Secret with ca.crt, tls.crt, tls.key
+
+mkdir local-ca
+cd local-ca
+CAROOT="$(mkcert -CAROOT)"
+cp -p "${CAROOT}/rootCA.pem" ca.crt
+cp -p "${CAROOT}/rootCA.pem" tls.crt
+cp -p "${CAROOT}/rootCA-key.pem" tls.key
+kubectl create secret generic --from-file=.  --dry-run=client -o yaml local-ca > ../local-ca.yaml
+echo 'type: kubernetes.io/tls' >> ../local-ca.yaml
+
+cd ..
+
+cat <<EOF > namespace.yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    kubernetes.io/metadata.name: cert-manager
+  name: cert-manager
+spec:
+  finalizers:
+  - kubernetes
+EOF
+kubectl apply --server-side=true -f namespace.yaml
+kubectl apply -n cert-manager --server-side=true -f local-ca.yaml
+
+# Save the Secret to easily reset the cluster later.
+install -m 0644 namespace.yaml "${CAROOT}/namespace.yaml"
+install -m 0600 local-ca.yaml "${CAROOT}/local-ca.yaml"
+```
+
+:::warning
+
+Take care to run the local-ca script each time you create the workload cluster
+so that Certificates are issued correctly.
+
+:::
+
+## Clean Up {#clean-up}
+
+If you'd like to clean up the resources you created in this guide, remove them
+with:
+
+```bash
+k3d cluster delete workload
+```
+
+## Next Steps
+
+Now that you have a real cluster, apply and explore the manifests Holos renders
+in the [Quickstart](/docs/quickstart) guide.
--- a/doc/md/guides/quickstart.mdx
+++ b/doc/md/guides/quickstart.mdx
--- a/doc/md/intro.md
+++ b/doc/md/intro.md
@@ -1,64 +0,0 @@
-# Introduction
-
-⚡️ Holos will help you build your **software development platform in no time.**
-
-💸 Building a software development platform is **time consuming and expensive**.  Spend more time building features for your customers and less time managing your development platform.
-
-💥 Already have a platform?  Add new features and services to your platform easily with Holos.
-
-🧐 Holos is a platform builder. It builds a hollistic software development platform composed of best-of-breed cloud native open source projects.  Holos is also a tool to make it easier to manage cloud infrastructure by providing a typed alternative to yaml templates.
-
-## Features
-
-Holos was built to solve two main problems:
-
- 1. Building a platform usually takes 3 engineers 6-9 months of effort.  Holos provides a reference platform that enables you to deploy and customize your platform in a fraction of the time.
- 2. Configuration changes often cause outages.  Existing tools like Helm make it difficult to understand the impact a configuration change will have.  Holos provides a unique, unified configuration model powered by CUE that makes it safer and easier to roll out configuration changes.
-
-A core principle of Holos is that organizations gain value from owning the the platform they build on.  Avoid vendor lock-in, future price hikes, and expensive licensing changes by building on a solid foundation of open source, cloud native computing foundation backed projects.
-
-The following features are built into the Holos reference platform.
-
-:::tip
-
-Don't see your preferred technology in the stack?  Holos is designed to enable you to swap out components of the platform tech stack.
-
-:::
-
- **Continuous Delivery**
-  - Holos builds a GitOps workflow for each application running in the platform.
-  - Developers push changes which are automatically deployed.
-  - Powered by [ArgoCD](https://argo-cd.readthedocs.io/en/stable/)
- **Identity and Access Management** (IAM)
-  - Holos builds a standard OIDC identity provider for you.
-  - Integrates with your exisitng IAM and SSO system, or works independently.
-  - Powerful customer identity and access management features.
-  - Role based access control.
-  - Powered by [ZITADEL](https://zitadel.com/)
- **Zero Trust**
-  - Authenticate and Authorize users at the platform layer instead of or in addition to the application layer.
-  - Integrated with observability to measure and alert about problems before customers complain.
-  - Powered by [Istio](https://istio.io/)
- **Observability**
-  - Holos collects performance and availability metrics automatically, without requiring application changes.
-  - Optional, deeper integration into the application layer.
-  - Distributed Tracing
-  - Logging
-  - Powered by Prometheus, Grafana, Loki, and OpenTelemetry.
- **Data Platform**
-  - Integrated management of PostgreSQL
-  - Automatic backups
-  - Automatic restore from backup
-  - Quickly fail over across multiple regions
- **Multi-Region**
-  - Holos is designed to operate in multiple regions and multiple clouds.
-  - Keep customer data in the region that makes the most sense for your business.
-  - Easily cut over from one region to another for redundancy and business continuity.
-
-## Development Status
-
-Holos is being actively developed by [Open Infrastructure Services](https://openinfrastructure.co).  Release can be found [here](https://github.com/holos-run/holos/releases).
-
-## Adoption
-
-Organizations who have officially adopted Holos can be found [here](https://github.com/holos-run/holos/blob/main/ADOPTERS.md).
--- a/doc/md/introduction.md
+++ b/doc/md/introduction.md
@@ -0,0 +1,53 @@
+---
+description: Holos Documentation
+slug: /
+---
+
+# Introduction
+
+Welcome to Holos.  Holos is an open source tool to manage software development
+platforms safely, easily, and consistently.  We built Holos to help engineering
+teams work more efficiently together by empowering them to build golden paths
+and paved roads for other teams to leverage for quicker delivery.
+
+## Documentation
+
+- [Guides] are organized into example use-cases of how Holos helps engineering
+teams at the fictional Bank of Holos deliver business value on the bank's
+platform.
+- The [API Reference] is a technical reference for when you're writing CUE code to define your platform.
+
+## Backstory
+
+At [Open Infrastructure Services], we've each helped dozens of companies build and operate their software development platforms. During the U.S. presidential election just before the pandemic, our second-largest client, Twitter, experienced a global outage that lasted nearly a full day. We were managing their production configuration system, allowing the core infrastructure team to focus on business-critical objectives. This gave us a front-row seat to the incident.
+
+A close friend and engineer on the team made a trivial one-line change to the firewall configuration. Less than 30 minutes later, everything was down. That change, which passed code review, caused the host firewall to revert to its default state on hundreds of thousands of servers, blocking all connections globally—except for SSH, thankfully. Even a Presidential candidate complained loudly.
+
+This incident forced us to reconsider key issues with Twitter's platform:
+
+1. **Lack of Visibility** - Engineers couldn't foresee the impact of even a small change, making it difficult to assess risks.
+2. **Large Blast Radius** - Small changes affected the entire global fleet in under 30 minutes. There was no way to limit the impact of a single change.
+3. **Incomplete Tooling** - The right processes were in place, but the tooling didn't fully support them. The change was tested and reviewed, but critical information wasn't surfaced in time.
+
+Over the next few years, we built features to address these issues. Meanwhile, I began exploring how these solutions could work in the Kubernetes and cloud-native space.
+
+As Google Cloud partners, we worked with large customers to understand how they built their platforms on Kubernetes. During the pandemic, we built a platform using CNCF projects like ArgoCD, Prometheus Stack, Istio, Cert Manager, and External Secrets Operator, integrating them into a cohesive platform. We started with upstream recommendations—primarily Helm charts—and wrote scripts to integrate each piece into the platform. For example, we passed Helm outputs to Kustomize to add labels or fix bugs, and wrote umbrella charts to add Ingress, HTTPRoute, and ExternalSecret resources.
+
+These scripts served as necessary glue to hold everything together but became difficult to manage across multiple environments, regions, and cloud providers. YAML templates and nested loops created friction, making them hard to troubleshoot. The scripts themselves made it difficult to see what was happening and to fix issues affecting the entire platform.
+
+Still, the scripts had a key advantage: they produced fully rendered manifests in plain text, committed to version control, and applied via ArgoCD. This clarity made troubleshooting easier and reduced errors in production.
+
+Despite the makeshift nature of the scripts, I kept thinking about the "[Why are we templating YAML]?" post on Hacker News. I wanted to replace our scripts and charts with something more robust and easier to maintain—something that addressed Twitter's issues head-on.
+
+I rewrote our scripts and charts using CUE and Go, replacing the glue layer. The result is **Holos**—a tool designed to complement Helm, Kustomize, and Jsonnet, making it easier and safer to define golden paths and paved roads without bespoke scripts or templates.
+
+Thanks for reading. Take Holos for a spin on your local machine with our [Quickstart] guide.
+
+[Guides]: /docs/guides/
+[API Reference]: /docs/api/
+[Quickstart]: /docs/quickstart/
+[CUE]: https://cuelang.org/
+[Author API]: /docs/api/author/
+[Core API]: /docs/api/core/
+[Open Infrastructure Services]: https://openinfrastructure.co/
+[Why are we templating YAML]: https://hn.algolia.com/?dateRange=all&page=0&prefix=false&query=https%3A%2F%2Fleebriggs.co.uk%2Fblog%2F2019%2F02%2F07%2Fwhy-are-we-templating-yaml&sort=byDate&type=story
--- a/doc/md/quickstart/index.mdx
+++ b/doc/md/quickstart/index.mdx
@@ -1,393 +0,0 @@
-import Tabs from '@theme/Tabs';
-import TabItem from '@theme/TabItem';
-import Admonition from '@theme/Admonition';
-
-# Quickstart Guide
-
-This guide shows you the basics of how Holos.  You'll deploy a Helm chart to
-Kubernetes using a Component to see how Holos makes the process safer, easier,
-and more consistent.
-
-## What you'll need {#Requirements}
-
-You'll need the following tools installed to complete this guide.
-
-1. [holos](/docs/install) - to build the platform.
-2. [helm](https://helm.sh/docs/intro/install/) - to render Holos components that
-wrap upstream Helm charts.
-
-Optionally, if you'd like to apply the rendered manifests to a real cluster
-you'll need:
-
-1. [k3d](https://k3d.io/#installation) - to provide a Kubernetes API server.
-2. [OrbStack](https://docs.orbstack.dev/install) or
-[Docker](https://docs.docker.com/get-docker/) - to use k3d.
-3. [kubectl](https://kubernetes.io/docs/tasks/tools/) - to interact with
-kubernetes.
-
-## Install Holos
-
-Install Holos with the following command or other methods listed on the
-[Installation](/docs/install/) page.
-
-```bash
-go install github.com/holos-run/holos/cmd/holos@latest
-```
-
-## Git repository
-
-Start by initializing an empty Git repository.  Holos is designed to operate
-against local files in a Git repository.
-
-<Tabs groupId="init">
-  <TabItem value="command" label="Command">
-    ```bash
-    mkdir holos-quickstart
-    cd holos-quickstart
-    git init
-    ```
-  </TabItem>
-  <TabItem value="output" label="Output">
-    ```txt
-    Initialized empty Git repository in /holos-quickstart/.git/
-    ```
-  </TabItem>
-</Tabs>
-
-This guide assumes commands are run from the root directory of this Git
-repository unless otherwise stated.
-
-## Generate the Platform {#Generate-Platform}
-
-Generate the Platform code in the repository root.  A Platform refers to all of
-the software holistically integrated to provide a software development platform
-for your organization.  In this guide the platform will contain a single
-Component to demonstrate how the concepts fit together.
-
-```bash
-holos generate platform quickstart
-```
-
-Commit the generated platform config to the repository.
-
-<Tabs groupId="commit-platform">
-  <TabItem value="command" label="Command">
-    ```bash
-    git add .
-    git commit -m "holos generate platform quickstart - $(holos --version)"
-    ```
-  </TabItem>
-  <TabItem value="output" label="Output">
-    ```txt
-    [main (root-commit) 0b17b7f] holos generate platform quickstart
-     213 files changed, 72349 insertions(+)
-     ...
-    ```
-  </TabItem>
-</Tabs>
-
-## Generate a Component {#generate-component}
-
-The platform you generated is empty.  Generate the CUE code definition for a
-Component that wraps the podinfo Helm chart.
-
-<Tabs groupId="gen-podinfo">
-  <TabItem value="command" label="Command">
-    ```bash
-    holos generate component helm podinfo
-    ```
-  </TabItem>
-  <TabItem value="output" label="Output">
-    ```txt
-    generated component
-    ```
-  </TabItem>
-</Tabs>
-
-This command produces two files.  A leaf `components/podinfo/podinfo.gen.cue`
-file, and a root `podinfo.gen.cue` file.  Holos takes advantage of the fact that
-[order is irrelevant](https://cuelang.org/docs/tour/basics/order-irrelevance/)
-in CUE to register the component with the Platform specification by adding a
-file to the root of the Git repository in addition to defining the component
-itself in the leaf component directory.
-
-The Helm chart Component is defined in the `components/podinfo/podinfo.cue`
-file, for example:
-
-<Tabs groupId="podinfo-files">
-  <TabItem value="components/podinfo/podinfo.gen.cue" label="Leaf">
-    `components/podinfo/podinfo.gen.cue`
-    ```cue
-    package holos
-
-    // Produce a helm chart build plan.
-    (#Helm & Chart).Output
-
-    let Chart = {
-      Name:      "podinfo"
-      Version:   "6.6.2"
-      Namespace: "default"
-
-      Repo: name: "podinfo"
-      Repo: url:  "https://stefanprodan.github.io/podinfo"
-
-      Values: {}
-    }
-    ```
-  </TabItem>
-  <TabItem value="podinfo.gen.cue" label="Root">
-    `podinfo.gen.cue`
-    ```cue
-    package holos
-
-    // Manage podinfo on workload clusters only
-    for Cluster in #Fleets.workload.clusters {
-      #Platform: Components: "\(Cluster.name)/podinfo": {
-        path:    "components/podinfo"
-        cluster: Cluster.name
-      }
-    }
-    ```
-  </TabItem>
-</Tabs>
-
-In this example we're providing the minimal information about the Helm chart we
-want to manage.  The name, version, Kubernetes namespace to deploy into, and the
-chart repository location.
-
-This chart deploys cleanly with no values provided, but we include an empty
-Values struct to illustrate how Holos improves the consistency and safety of
-Helm by taking advantage the strong type checking in CUE.  Shared values,
-such as the organization domain name, can safely be passed to all Components
-across all clusters in the Platform by defining them at the root of the
-configuration.
-
-Commit the generated component config to the repository.
-
-<Tabs groupId="commit-component">
-  <TabItem value="command" label="Command">
-    ```bash
-    git add .
-    git commit -m "holos generate component helm podinfo - $(holos --version)"
-    ```
-  </TabItem>
-  <TabItem value="output" label="Output">
-    ```txt
-    [main cc0e90c] holos generate component helm podinfo
-     2 files changed, 24 insertions(+)
-     create mode 100644 components/podinfo/podinfo.gen.cue
-     create mode 100644 podinfo.gen.cue
-    ```
-  </TabItem>
-</Tabs>
-
-## Render the Component
-
-Individual components can be rendered without needing to be included in a
-Platform spec, useful when developing a new component.
-
-<Tabs groupId="render-podinfo">
-  <TabItem value="command" label="Command">
-    ```bash
-    holos render component ./components/podinfo --cluster-name=default
-    ```
-  </TabItem>
-  <TabItem value="output" label="Output">
-    ```txt
-    cached
-    rendered podinfo
-    ```
-  </TabItem>
-</Tabs>
-
-First, the command caches the helm chart locally to speed up subsequent
-renderings.  Then the command executes helm to produce the output which is
-written into the deploy directory.
-
-<Tabs groupId="tree-podinfo">
-  <TabItem value="command" label="Command">
-    ```bash
-    tree deploy
-    ```
-  </TabItem>
-  <TabItem value="output" label="Output">
-    ```txt
-    deploy
-    └── clusters
-        └── default
-            └── components
-                └── podinfo
-                    └── podinfo.gen.yaml
-
-    5 directories, 1 file
-    ```
-  </TabItem>
-</Tabs>
-
-The component is deployed to one cluster named default. The same component is
-often deployed to multiple clusters, for example east and west for reliability.
-
-:::tip
-
-This example is equivalent to executing `helm template` on the chart and saving
-the output to a file.  Holos simplifies this task by making it safer and more
-consistent across multiple charts.
-
-:::
-
-## Mix in an ArgoCD Application
-
-So far we've seen how Holos is a convenient wrapper around Helm, but we haven't
-yet seen how it makes it easier to consistently and safely manage all of the
-software that goes into a platform.  We'll mix in an ArgoCD
-[Application][application] resource to manage the podinfo Component with GitOps.
-We'll define this configuration in a way that is automatically and consistently
-re-used across all Components added to the Platform in the future, including
-Components which are not Helm charts.
-
-Create a new file named `argocd.cue` in the root of your git repository with the
-following contents:
-
-<Tabs groupId="argocd-config">
-  <TabItem value="command" label="File: argocd.cue">
-    ```cue
-    package holos
-
-    #ArgoConfig: {
-      Enabled: true
-      RepoURL: "https://example.com/holos-quickstart.git"
-    }
-    ```
-  </TabItem>
-  <TabItem value="note" label="Note">
-    If you plan to apply the rendered output to a real cluster, change the RepoURL
-    to the url of the git repository you created in this guide.  It is sufficient to
-    keep the example URL if you're getting a feel for Holos and inspecting the
-    rendered output without applying it to a live cluster.
-  </TabItem>
-</Tabs>
-
-With this file in place, render the component again.
-
-<Tabs groupId="render-podinfo-argocd">
-  <TabItem value="command" label="Command">
-    ```bash
-    holos render component ./components/podinfo --cluster-name=default
-    ```
-  </TabItem>
-  <TabItem value="output" label="Output">
-    ```txt
-    wrote deploy file
-    rendered gitops/podinfo
-    rendered podinfo
-    ```
-  </TabItem>
-</Tabs>
-
-Holos uses the locally cached copy of the chart to render the output to improve
-performance and reliability.  Then, the Helm template output is rendered along
-with an additional ArgoCD Application resource for GitOps in the
-`podinfo.application.gen.yaml` file.
-
-:::tip
-
-By defining the ArgoCD configuration at the root, we again take advantage of the
-fact that [order is
-irrelevant](https://cuelang.org/docs/tour/basics/order-irrelevance/) in CUE.
-
-:::
-
-Defining the configuration at the root causes all of the leaf Components to take
-on the ArgoCD configuration and render an Application resource for the
-Component.
-
-<Tabs groupId="tree-podinfo-argocd">
-  <TabItem value="command" label="Command">
-    ```bash
-    tree deploy
-    ```
-  </TabItem>
-  <TabItem value="output" label="Output">
-    ```txt
-    deploy
-    └── clusters
-        └── default
-            ├── components
-            │   └── podinfo
-            │       └── podinfo.gen.yaml
-            └── gitops
-                └── podinfo.application.gen.yaml
-
-    6 directories, 2 files
-    ```
-  </TabItem>
-</Tabs>
-
-Note the new `podinfo.application.gen.yaml` created by enabling the ArgoCD in
-the Helm component.  The Application resource in the file looks like the
-following.
-
-<Tabs groupId="podinfo-application">
-  <TabItem value="file" label="podinfo.application.gen.yaml">
-    ```yaml
-    apiVersion: argoproj.io/v1alpha1
-    kind: Application
-    metadata:
-      name: podinfo
-      namespace: argocd
-    spec:
-      destination:
-        server: https://kubernetes.default.svc
-      project: default
-      source:
-        path: ./deploy/clusters/default/components/podinfo
-        repoURL: https://example.com/holos-quickstart.git
-        targetRevision: main
-    ```
-  </TabItem>
-</Tabs>
-
-:::tip
-
-Holos will generate a similar Application resource for all additional Components
-added to your Platform.
-
-:::
-
-Finally, add and commit the results to your platform Git repository.
-
-<Tabs groupId="commit-argo">
-  <TabItem value="command" label="Command">
-    ```bash
-    git add .
-    git commit -m "holos render component ./components/podinfo --cluster-name=default"
-    ```
-  </TabItem>
-  <TabItem value="output" label="Output">
-    ```txt
-    [main f95cef1] holos render component ./components/podinfo --cluster-name=default
-     3 files changed, 134 insertions(+)
-     create mode 100644 argocd.cue
-     create mode 100644 deploy/clusters/default/components/podinfo/podinfo.gen.yaml
-     create mode 100644 deploy/clusters/default/gitops/podinfo.application.gen.yaml
-    ```
-  </TabItem>
-</Tabs>
-
-In this section we learned how Holos provides a simple way to add an ArgoCD
-Application resource for the podinfo Component which wraps a Helm chart.  Holos
-provides consistency by managing an Application resource for every Component
-added to the platform, all by defining the configuration of ArgoCD in the
-`argocd.cue` file in the root of the Git repository.
-
-## Quickstart Recap {#quickstart-recap}
-
-In this guide we learned how to:
-
-1. Install Holos.
-2. Generate a Git repository for the Platform config.
-3. Create a Component that wraps the upstream podinfo Helm Chart without modifications.
-4. Render individual components.
-5. Mix in an ArgoCD Application resource to every Component in the Platform.
-
-[application]: https://argo-cd.readthedocs.io/en/stable/user-guide/application-specification/
--- a/doc/md/start.md
+++ b/doc/md/start.md
@@ -0,0 +1,13 @@
+import DocCardList from '@theme/DocCardList';
+
+# Get Started
+
+## Start with the [Quickstart] guide
+
+---
+
+These documents provide additional context to supplement the [Quickstart] guide.
+
+<DocCardList />
+
+[Quickstart]: /docs/quickstart/
--- a/doc/md/start/comparison.md
+++ b/doc/md/start/comparison.md
@@ -0,0 +1,15 @@
+---
+description: Compare Holos with other tools in the ecosystem.
+slug: /comparison
+sidebar_position: 300
+---
+
+# Comparison
+
+## Helm
+
+## Kustomize
+
+## ArgoCD
+
+## Flux
--- a/doc/md/start/concepts.md
+++ b/doc/md/start/concepts.md
@@ -1,3 +1,9 @@
+---
+description: Learn the concepts and domain language Holos uses.
+slug: /concepts
+sidebar_position: 200
+---
+
 # Concepts

 ## Introduction
@@ -23,21 +29,34 @@ platform engineers.
 - [Platform](<#platform>) - A collection of Components integrated into a software development platform.
 - [Model](<#model>) - Structured data included in the Platform specification, available to all Components.  For example, your organization's domain name.
 - [Rendering](<#rendering>) - Holos is a tool that makes the process of rendering Kubernetes manifests safer, easier, and consistent.
+- [Cluster](<#cluster>) - A Kubernetes cluster.  Components are rendered for and applied to a Cluster.
+- [Fleet](<#fleet>) - A collection of Clusters with a similar purpose.  A Platform is typically composed of two Fleets, one for management the second for workloads.

 ```mermaid
-graph BT
+graph TB
    Platform[<a href="#platform">Platform</a>]
-    Component[<a href="#component">Components</a>]
+    Cluster[<a href="#cluster">Cluster</a>]
+    Fleet[<a href="#fleet">Fleet</a>]
+    Component[<a href="#component">Component</a>]
    Helm[<a href="#component">Helm</a>]
    Kustomize[<a href="#component">Kustomize</a>]
    CUE[<a href="#component">CUE</a>]

-    Component --> Platform
+    Fleet --> Platform
+    Cluster --> Fleet
+    Component --> Cluster
    Helm --> Component
    Kustomize --> Component
    CUE --> Component
 ```

+:::tip
+This graph is organized as a tree.  We often say configuration at the root
+defines the broad Platform.  Configuration at a leaf defines a Component of the
+Platform.  The concept of a tree also reflects the filesystem organization of
+the configuration.
+:::
+
 <!--

 ```mermaid
@@ -305,28 +324,28 @@ ArgoCD, or Flux.

 ```mermaid
 ---
-title: Figure 2 - Render Pipeline
+title: Figure 1 - Render Pipeline
 ---
 graph LR
-    PS[<a href="/docs/api/core/v1alpha2#PlatformSpec">PlatformSpec</a>]
-    BP[<a href="/docs/api/core/v1alpha2#BuildPlan">BuildPlan</a>]
-    HC[<a href="/docs/api/core/v1alpha2#HolosComponent">Components</a>]
+    PS[<a href="/docs/api/author/v1alpha3/#Platform">Platform</a>]
+    HC[<a href="/docs/api/author/v1alpha3/#ComponentFields">Components</a>]
+    BP[<a href="/docs/api/core/v1alpha3#BuildPlan">BuildPlan</a>]

-    H[<a href="/docs/api/core/v1alpha2#HelmChart">HelmChart</a>]
-    K[<a href="/docs/api/core/v1alpha2#KustomizeBuild">KustomizeBuild</a>]
-    O[<a href="/docs/api/core/v1alpha2#KubernetesObjects">KubernetesObjects</a>]
+    H[<a href="/docs/api/author/v1alpha3/#Helm">Helm</a>]
+    K[<a href="/docs/api/author/v1alpha3/#Kustomize">Kustomize</a>]
+    O[<a href="/docs/api/author/v1alpha3/#Kubernetes">Kubernetes</a>]

-    P[<a href="/docs/api/core/v1alpha2#Kustomize">Kustomize</a>]
+    P[<a href="/docs/api/core/v1alpha3#Kustomize">Kustomize</a>]
    Y[Kubernetes <br/>Resources]
    G[GitOps <br/>Resource]
    FS[Local Files]

    C[Kube API Server]

-    PS --> BP --> HC
-    HC --> H --> P
-    HC --> K --> P
-    HC --> O --> P
+    PS --> HC --> BP
+    BP --> H --> P
+    BP --> K --> P
+    BP --> O --> P

    P --> Y --> FS
    P --> G --> FS
@@ -336,6 +355,16 @@ graph LR
    FS --> kubectl --> C
 ```

+## Cluster
+
+A Cluster represents a Kubernetes cluster.  One component may be reused across
+multiple different Clusters.
+
+## Fleet
+
+A Fleet represents a group of Clusters that share a similar purpose.  A Platform
+typically has two Fleets, one for management and one for workloads.
+
 [krm]: https://docs.google.com/document/d/1RmHXdLhNbyOWPW_AtnnowaRfGejw-qlKQIuLKQWlwzs/view#heading=h.sa6p0aye4ide
 [Platform]: /docs/api/core/v1alpha2/#Platform
 [BuildPlan]: /docs/api/core/v1alpha2/#BuildPlan
--- a/doc/md/start/install.md
+++ b/doc/md/start/install.md
@@ -1,3 +1,9 @@
+---
+description: Install the Holos executable.
+slug: /install
+sidebar_position: 100
+---
+
 # Installation

 Holos is distributed as a single file executable.
--- a/doc/md/start/support.md
+++ b/doc/md/start/support.md
@@ -0,0 +1,23 @@
+---
+description: Get Support for Holos
+slug: /support
+sidebar_position: 900
+---
+
+# Support
+
+## Community Support
+
+You can ask questions in our community forums in [GitHub Discussions](https://github.com/holos-run/holos/discussions), [Discord](https://discord.gg/JgDVbNpye7), or [Google Groups](https://groups.google.com/g/holos-discuss).
+
+## Commercial Support and Services
+
+### Open Infrastructure Services
+
+[Open Infrastructure Services] are the primary stewards of Holos.  Contact Open
+Infrastructure Services for training, support, and services related to Holos,
+platform engineering, and cloud infrastructure automation.
+
+Please email holos-support@openinfrastructure.co for more information.
+
+[Open Infrastructure Services]: https://openinfrastructure.co/
--- a/doc/md/technical-overview.md
+++ b/doc/md/technical-overview.md
@@ -0,0 +1,690 @@
+---
+slug: technical-overview
+title: Technical Overview
+description: Learn how Holos makes it easier for platform teams to integrate software into their platform.
+---
+
+<head>
+  <meta property="og:title" content="Technical Overview | Holos" />
+  <meta property="og:image" content="/img/cards/technical-overview.png" />
+</head>
+
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+import Admonition from '@theme/Admonition';
+
+## Overview
+
+Holos makes it easier for platform teams to integrate software into their
+platform.  Existing tools in the Kubernetes ecosystem are narrowly focused on
+application management.  Holos takes a holistic approach, focusing on the broad
+integration layer where applications are joined into the platform.  Holos
+improves cross team collaboration through well defined, typed structures at the
+integration layer.  These definitions provide golden paths for other teams to
+easily integrate their own services into the platform.
+
+<!-- truncate -->
+
+## The Problem
+
+Platform teams need to develop and maintain significant glue code to integrate
+Helm charts and YAML manifests into a platform built on Kubernetes.  This glue
+code is often implemented with home grown umbrella charts and scripts.
+Maintaining these charts and scripts takes time and effort that could otherwise
+be spent improving the platform.  The need for each organization to develop and
+maintain this glue code indicates a gap in the Kubernetes ecosystem.  Holos is a
+Go command line tool leveraging [CUE] to fill this gap.
+
+## Key Features
+
+1. Holos enables teams to provide simple definitions for other teams to use as golden paths.
+2. Define integrations in [CUE] with strong type checking.  No more text templates or bash scripts.
+3. Simplify complex integration.  Order does not matter.  Validation is early and quick.
+4. Reuse your existing Helm charts and Kustomize bases.
+5. Implement the [rendered manifests pattern].  Changes are clearly visible platform-wide.
+6. Fully render manifests to plain files.  Use your existing GitOps tools and processes.
+7. Post-process with Kustomize from CUE instead of plain text files.  Customize your Kustomizations.
+8. Mix in resources to Helm charts and Kustomize bases, for example ExternalSecrets.
+9. Render all of Helm, Kustomize, CUE, JSON, and YAML consistently with the same process.
+
+## Rendering Pipeline
+
+```mermaid
+---
+title: Figure 1 - v1alpha4 Rendered Manifest Pipeline
+---
+graph LR
+    Platform[<a href="/docs/api/author/v1alpha4/#Platform">Platform</a>]
+    Component[<a href="/docs/api/author/v1alpha4/#ComponentConfig">Components</a>]
+
+    Helm[<a href="/docs/api/author/v1alpha4/#Helm">Helm</a>]
+    Kustomize[<a href="/docs/api/author/v1alpha4/#Kustomize">Kustomize</a>]
+    Kubernetes[<a href="/docs/api/author/v1alpha4/#Kubernetes">Kubernetes</a>]
+
+    BuildPlan[<a href="/docs/api/core/v1alpha4/#buildplan">BuildPlan</a>]
+
+    ResourcesArtifact[<a href="/docs/api/core/v1alpha4/#artifact">Resources<br/>Artifact</a>]
+    GitOpsArtifact[<a href="/docs/api/core/v1alpha4/#artifact">GitOps<br/>Artifact</a>]
+
+    Generators[<a href="/docs/api/core/v1alpha4/#generators">Generators</a>]
+    Transformers[<a href="/docs/api/core/v1alpha4/#transformer">Transformers</a>]
+    Files[Manifest<br/>Files]
+
+    Platform --> Component
+    Component --> Helm --> BuildPlan
+    Component --> Kubernetes --> BuildPlan
+    Component --> Kustomize --> BuildPlan
+
+    BuildPlan --> ResourcesArtifact --> Generators
+    BuildPlan --> GitOpsArtifact --> Generators
+
+    Generators --> Transformers --> Files
+```
+
+## Use Case
+
+One of the development teams at the fictional Bank of Holos wants to deploy a
+simple web app for an experimental project they're working on.
+
+The platform team at the bank wants to build a simple golden path for teams to
+provision projects consistently and easily in compliance with the bank's
+policies.
+
+### Platform Team
+
+The platform team builds a golden path for development teams to register their
+project with the platform.  In compliance with bank policy, the platform team
+needs to manage important security resources for each new project.  All of these
+resources can be derived from only 3 pieces of information.
+
+1. The name of the project the dev team is working on.
+2. The name of the team who currently owns the project.
+3. The services, if any, the project is exposing.
+
+The platform team defines a structure for the dev team to register this
+information.  This structure provides the golden path for the dev team.
+
+The development team registers their experimental project, creatively named
+"experiment" by submitting a pull request that contains this information.
+
+<Tabs groupId="EB9C9AF1-F1AA-4189-B746-A5B8E3043F87">
+  <TabItem value="projects/experiment.cue" label="projects/experiment.cue">
+```cue showLineNumbers
+package holos
+
+// The development team registers a project name.
+_Projects: experiment: {
+  // The project owner must be named.
+  Owner: Name: "dev-team"
+  // Expose Service podinfo at https://podinfo.example.com
+  Hostnames: podinfo: Port: 9898
+}
+```
+  </TabItem>
+</Tabs>
+
+The platform team uses these three pieces of information to derive all of the
+platform resources necessary to support the development team.
+
+1. **Namespace** for the project resources.
+2. **RoleBinding** to grant the dev team access to the project namespace.
+3. **SecretStore** which implements the secret management policy for the bank.
+4. **ReferenceGrant** to expose the project services through the Gateway API.
+5. **HTTPRoutes** to expose the project services, if any.
+6. **AppProject** to deploy and manage the project Applications with ArgoCD.
+7. **Common Labels** to ensure every resource is labeled for resource accounting.
+
+Rendering the platform generates fully rendered manifests for all of these
+resources.  These manifests are derived from the three pieces of information the
+dev team provided.
+
+Note the platform team must manage these resources across multiple namespaces.
+The first four reside in the project namespace owned by the dev team.  The
+HTTPRoute and AppProject go into two namespaces managed by the platform team.
+Holos makes it easier for the platform team to organize these resources into
+different components with different owners.
+
+:::important
+Holos supports [CODEOWNERS] by clearly defining the teams responsible for each
+platform component.
+:::
+
+<Tabs groupId="2E46EA1C-B118-44BF-AE20-752E8D1CE131">
+  <TabItem value="command" label="Command">
+```bash
+holos render platform ./platform
+```
+  </TabItem>
+  <TabItem value="output" label="Output">
+```txt
+rendered httproutes for cluster overview in 177.823625ms
+rendered app-projects for cluster overview in 180.946834ms
+rendered projects for cluster overview in 181.98725ms
+rendered namespaces for cluster overview in 182.30725ms
+rendered platform in 182.31075ms
+```
+:::tip
+If you'd like to try this for yourself, `cd` into [examples/tech-overview] and
+render the platform.
+:::
+
+  </TabItem>
+</Tabs>
+
+The fully rendered manifests are written into the `deploy/` directory organized
+by cluster and component for GitOps.
+
+<Tabs groupId="07FBE14E-E9EA-437B-9FA1-C6D8806524AD">
+  <TabItem value="deploy/clusters/local/components/namespaces/namespaces.gen.yaml" label="namespaces">
+```
+cat deploy/clusters/local/components/namespaces/namespaces.gen.yaml
+```
+```yaml showLineNumbers
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    argocd.argoproj.io/instance: namespaces
+    example.com/owner.email: sg-dev-team@example.com
+    example.com/owner.name: dev-team
+    example.com/project.name: experiment
+    holos.run/component.name: namespaces
+    kubernetes.io/metadata.name: experiment
+  name: experiment
+```
+  </TabItem>
+  <TabItem value="deploy/clusters/local/components/projects/projects.gen.yaml" label="projects">
+```
+cat deploy/clusters/local/components/projects/projects.gen.yaml
+```
+```yaml showLineNumbers
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    argocd.argoproj.io/instance: projects
+    example.com/owner.email: sg-dev-team@example.com
+    example.com/owner.name: dev-team
+    example.com/project.name: experiment
+    holos.run/component.name: projects
+  name: admin
+  namespace: experiment
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: admin
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: oidc:sg-dev-team@example.com
+---
+apiVersion: external-secrets.io/v1beta1
+kind: SecretStore
+metadata:
+  labels:
+    argocd.argoproj.io/instance: projects
+    example.com/owner.email: sg-dev-team@example.com
+    example.com/owner.name: dev-team
+    example.com/project.name: experiment
+    holos.run/component.name: projects
+  name: default
+  namespace: experiment
+spec:
+  provider:
+    kubernetes:
+      auth:
+        token:
+          bearerToken:
+            key: token
+            name: eso-reader
+      remoteNamespace: experiment
+      server:
+        caBundle: LS0tLS1CRUd...QVRFLS0tLS0K
+        url: https://management.example.com:6443
+---
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: ReferenceGrant
+metadata:
+  labels:
+    argocd.argoproj.io/instance: projects
+    example.com/owner.email: sg-dev-team@example.com
+    example.com/owner.name: dev-team
+    example.com/project.name: experiment
+    holos.run/component.name: projects
+  name: istio-ingress
+  namespace: experiment
+spec:
+  from:
+  - group: gateway.networking.k8s.io
+    kind: HTTPRoute
+    namespace: istio-ingress
+  to:
+  - group: ""
+    kind: Service
+```
+  </TabItem>
+  <TabItem value="deploy/clusters/local/components/httproutes/httproutes.gen.yaml" label="httproutes">
+```
+cat deploy/clusters/local/components/httproutes/httproutes.gen.yaml
+```
+```yaml showLineNumbers
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  labels:
+    argocd.argoproj.io/instance: httproutes
+    example.com/owner.email: sg-dev-team@example.com
+    example.com/owner.name: dev-team
+    example.com/project.name: experiment
+    holos.run/component.name: httproutes
+  name: podinfo.example.com
+  namespace: istio-ingress
+spec:
+  hostnames:
+  - podinfo.example.com
+  parentRefs:
+  - name: default
+    namespace: istio-ingress
+  rules:
+  - backendRefs:
+    - name: podinfo
+      namespace: experiment
+      port: 9898
+    matches:
+    - path:
+        type: PathPrefix
+        value: /
+```
+  </TabItem>
+</Tabs>
+
+The rendered manifests are derived from the project registration information by
+definitions implemented by the platform team.  The [Author API] provides a
+[Project] schema, but does not define an implementation.  The platform team
+implements the [Project] schema by adding a `_Projects` struct to manage
+resources according to bank policies.
+
+:::important
+The Author API is intended as a convenient, ergonomic reference for component
+authors.  Definitions **are not** confined to the Author API.
+:::
+
+The following example shows how the platform team wrote the `_Projects`
+definition to derive the Namespace from the project registration provided by the
+dev team.
+
+<Tabs groupId="5732727B-295E-46E1-B851-F8A1C5D7DF88">
+  <TabItem value="projects/platform/components/namespaces/namespaces.cue" label="Namespaces Component">
+```txt
+projects/platform/components/namespaces/namespaces.cue
+```
+```cue showLineNumbers
+package holos
+
+_Kubernetes: #Kubernetes & {
+	Name: "namespaces"
+	Resources: Namespace: _Namespaces
+}
+
+// Produce a kubernetes objects build plan.
+_Kubernetes.BuildPlan
+```
+
+1. This is the namespaces component which manages a collection of Namespace resources derived from the project registration data shown in the second tab.
+2. Line 5 manages a Namespace for each value of the `#Namespaces` struct.  See the second tab for how the platform team defines this structure.
+  </TabItem>
+  <TabItem value="projects/projects.cue" label="Projects Definition">
+```txt
+projects/projects.cue
+```
+```cue showLineNumbers
+package holos
+
+import api "github.com/holos-run/holos/api/author/v1alpha4"
+
+// Projects defines the structure other teams register with to manage project
+// resources.  The platform team defines the schema, development teams provide
+// the values.
+_Projects: api.#Projects & {
+	[NAME=string]: {
+		Name: NAME
+		// The platform team requires the development teams to indicate an owner of
+		// the project.
+		Owner: Name: string
+		// The default value for the owner email address is derived from the owner
+		// name, but development teams can provide a different email address if
+		// needed.
+		Owner: Email: string | *"sg-\(Owner.Name)@\(_Organization.Domain)"
+		// The platform team constrains the project to a single namespace.
+		Namespaces: close({(NAME): Name: NAME})
+		// The platform team constrains the exposed services to the project
+		// namespace.
+		Hostnames: [HOST=string]: {
+			Name:      HOST
+			Namespace: Namespaces[NAME].Name
+			Service:   HOST
+			Port:      number | *80
+		}
+
+		CommonLabels: {
+			"\(_Organization.Domain)/project.name": Name
+			"\(_Organization.Domain)/owner.name":   Owner.Name
+			"\(_Organization.Domain)/owner.email":  Owner.Email
+		}
+	}
+}
+
+for Project in _Projects {
+	// Register project namespaces with the namespaces component.
+	_Namespaces: {
+		for Namespace in Project.Namespaces {
+			(Namespace.Name): metadata: labels: Project.CommonLabels
+		}
+	}
+}
+```
+
+1. On lines 8-35 the platform team derives most fields from the project name (line 9), and the owner name (line 13).  The purpose is to fill in the remaining fields defined by the Author API.
+2. Line 13 The dev team is expected to provide a concrete owner name, indicated by the `string` value.
+3. Line 17 The platform team provides a default value for the email address.  The project team may define a different value.
+4. Line 19 The Author API allows a project to have many namespaces.  The platform team constrains this down to one namespace per project by closing the struct.  The namespace name must be the same as the project name.
+5. Lines 22-27 The platform team derives values for a Gateway API [BackendObjectReference] from the hostname provided by the project team.  These values are used later to build HTTPRoutes to expose their service.
+6. Lines 30-32 Common labels are derived to mix into resources associated with this project.
+7. Lines 37-44 The platform team adds a namespace with common labels for each project to the struct we saw in the first tab.
+
+  </TabItem>
+</Tabs>
+
+The RoleBinding, SecretScore, and ReferenceGrant are managed in the
+[projects](https://github.com/holos-run/bank-of-holos/blob/v0.4.1/examples/tech-overview/projects/platform/components/projects/projects.cue)
+component, similar to the previous namespaces example.
+The HTTPRoute is managed separately in the
+[httproutes](https://github.com/holos-run/bank-of-holos/blob/v0.4.1/examples/tech-overview/projects/platform/components/httproutes/httproutes.cue)
+component.
+
+All components are registered with the platform in the
+[platform](https://github.com/holos-run/bank-of-holos/tree/v0.4.1/examples/tech-overview/platform)
+directory.
+
+:::important
+Multiple components, potentially owned by different teams, derive fully rendered
+resources from the same three project values.  The dev team added these three
+values to the `_Projects` struct.  The platform team wrote the definition to
+integrate software according to bank policies.  CUE powers this _unified_
+platform configuration model.
+:::
+
+:::tip
+Components map 1:1 to ArgoCD Applications or Flux Kustomizations.
+:::
+
+### Development Team
+
+The development team has the platform resources they need, but they still need
+to deploy their container.  The development team submits a pull request adding
+the following two files to deploy their existing Helm chart.
+
+<Tabs groupId="7AD1DDA9-8001-462B-8BE0-D9410EB51233">
+  <TabItem value="projects/experiment/components/podinfo/podinfo.cue" label="Helm Component">
+```txt
+projects/experiment/components/podinfo/podinfo.cue
+```
+```cue showLineNumbers
+package holos
+
+// Produce a helm chart build plan.
+_HelmChart.BuildPlan
+
+_HelmChart: #Helm & {
+	Name: "podinfo"
+	Chart: {
+		version: "6.6.2"
+		repository: {
+			name: "podinfo"
+			url:  "https://stefanprodan.github.io/podinfo"
+		}
+	}
+}
+```
+This file represents a Helm chart component to add to the platform.  The second
+tab registers this component with the platform.
+  </TabItem>
+  <TabItem value="platform/podinfo.cue" label="Component Registration">
+```
+platform/podinfo.cue
+```
+```cue showLineNumbers
+package holos
+
+// Manage the component on every workload Cluster, but not management clusters.
+for Cluster in _Fleets.workload.clusters {
+	_Platform: Components: "\(Cluster.name):podinfo": {
+		name:      "podinfo"
+		component: "projects/experiment/components/podinfo"
+		cluster:   Cluster.name
+		tags: project: "experiment"
+	}
+}
+```
+This file registers the component with the platform.  When the platform is
+rendered the dev team's Helm chart will be rendered on all workload clusters
+across the platform.
+  </TabItem>
+</Tabs>
+
+The project tag links the component to the same field of the `_Projects` struct.
+
+:::important
+You can add your own key=value tags in your platform specification to inject
+values into components.  This feature is useful to reuse one component path for
+several environments or customers.
+:::
+
+Once the dev team's component is registered, rendering the platform will render
+their component.
+
+<Tabs groupId="1BAF7AD2-BBCD-4797-A3A6-55A626732845">
+  <TabItem value="command" label="Command">
+```bash
+holos render platform ./platform
+```
+  </TabItem>
+  <TabItem value="output" label="Output">
+```txt
+rendered namespaces for cluster overview in 185.64075ms
+rendered app-projects for cluster overview in 186.729292ms
+rendered httproutes for cluster overview in 195.222833ms
+rendered projects for cluster overview in 195.217125ms
+// highlight-next-line
+rendered podinfo for cluster overview in 195.830042ms
+rendered platform in 195.90275ms
+```
+  </TabItem>
+</Tabs>
+
+<Tabs groupId="77BF500B-105A-4AB4-A615-DEC19F501AE1">
+  <TabItem value="command" label="Command">
+```bash
+cat deploy/clusters/local/components/podinfo/podinfo.gen.yaml
+```
+  </TabItem>
+  <TabItem value="output" label="Output">
+```yaml showLineNumbers
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: podinfo
+    app.kubernetes.io/version: 6.6.2
+    argocd.argoproj.io/instance: podinfo
+    example.com/owner.email: sg-dev-team@example.com
+    example.com/owner.name: dev-team
+    example.com/project.name: experiment
+    helm.sh/chart: podinfo-6.6.2
+    holos.run/component.name: podinfo
+  name: podinfo
+spec:
+  ports:
+  - name: http
+    port: 9898
+    protocol: TCP
+    targetPort: http
+  - name: grpc
+    port: 9999
+    protocol: TCP
+    targetPort: grpc
+  selector:
+    app.kubernetes.io/name: podinfo
+    argocd.argoproj.io/instance: podinfo
+    example.com/owner.email: sg-dev-team@example.com
+    example.com/owner.name: dev-team
+    example.com/project.name: experiment
+    holos.run/component.name: podinfo
+  type: ClusterIP
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: podinfo
+    app.kubernetes.io/version: 6.6.2
+    argocd.argoproj.io/instance: podinfo
+    example.com/owner.email: sg-dev-team@example.com
+    example.com/owner.name: dev-team
+    example.com/project.name: experiment
+    helm.sh/chart: podinfo-6.6.2
+    holos.run/component.name: podinfo
+  name: podinfo
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: podinfo
+      argocd.argoproj.io/instance: podinfo
+      example.com/owner.email: sg-dev-team@example.com
+      example.com/owner.name: dev-team
+      example.com/project.name: experiment
+      holos.run/component.name: podinfo
+  strategy:
+    rollingUpdate:
+      maxUnavailable: 1
+    type: RollingUpdate
+  template:
+    metadata:
+      annotations:
+        prometheus.io/port: "9898"
+        prometheus.io/scrape: "true"
+      labels:
+        app.kubernetes.io/name: podinfo
+        argocd.argoproj.io/instance: podinfo
+        example.com/owner.email: sg-dev-team@example.com
+        example.com/owner.name: dev-team
+        example.com/project.name: experiment
+        holos.run/component.name: podinfo
+    spec:
+      containers:
+      - command:
+        - ./podinfo
+        - --port=9898
+        - --cert-path=/data/cert
+        - --port-metrics=9797
+        - --grpc-port=9999
+        - --grpc-service-name=podinfo
+        - --level=info
+        - --random-delay=false
+        - --random-error=false
+        env:
+        - name: PODINFO_UI_COLOR
+          value: '#34577c'
+        image: ghcr.io/stefanprodan/podinfo:6.6.2
+        imagePullPolicy: IfNotPresent
+        livenessProbe:
+          exec:
+            command:
+            - podcli
+            - check
+            - http
+            - localhost:9898/healthz
+          failureThreshold: 3
+          initialDelaySeconds: 1
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 5
+        name: podinfo
+        ports:
+        - containerPort: 9898
+          name: http
+          protocol: TCP
+        - containerPort: 9797
+          name: http-metrics
+          protocol: TCP
+        - containerPort: 9999
+          name: grpc
+          protocol: TCP
+        readinessProbe:
+          exec:
+            command:
+            - podcli
+            - check
+            - http
+            - localhost:9898/readyz
+          failureThreshold: 3
+          initialDelaySeconds: 1
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 5
+        resources:
+          limits: null
+          requests:
+            cpu: 1m
+            memory: 16Mi
+        volumeMounts:
+        - mountPath: /data
+          name: data
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - emptyDir: {}
+        name: data
+```
+  </TabItem>
+</Tabs>
+
+Note the rendered Helm chart resources have consistent project labels.  The
+platform team added a constraint to the project so all Helm charts are post
+processed with Kustomize to add these common labels.  The platform team
+accomplishes this by adding a constraint in the project directory.  This can be
+seen in
+[schema.cue](https://github.com/holos-run/bank-of-holos/blob/v0.4.1/schema.cue#L35-L38)
+where the platform team configures all component kinds for the platform.
+
+We've covered how the platform team provides a golden path for development teams
+to register their projects by defining a Projects structure.  We've also covered
+how the development team deploys their existing Helm chart onto the platform.
+
+## Support & Resources
+
+1. See our [Quickstart] guide to get started with Holos.
+2. Check out our other [Guides] which cover specific topics.
+3. Refer to the [Author API] when writing components.
+4. Consider the [Core API] if you need to do something more advanced than the Author API supports.
+5. Community and commercial [Support] is available.
+6. [Discussions Forum](https://github.com/holos-run/holos/discussions)
+
+[Support]: /docs/support/
+[Guides]: /docs/guides/
+[API Reference]: /docs/api/
+[Quickstart]: /docs/quickstart/
+[CUE]: https://cuelang.org/
+[Author API]: /docs/api/author/
+[Core API]: /docs/api/core/
+[Open Infrastructure Services]: https://openinfrastructure.co/
+[Why are we templating YAML]: https://hn.algolia.com/?dateRange=all&page=0&prefix=false&query=https%3A%2F%2Fleebriggs.co.uk%2Fblog%2F2019%2F02%2F07%2Fwhy-are-we-templating-yaml&sort=byDate&type=story
+[Holos]: https://holos.run/
+[Quickstart]: /docs/quickstart/
+[rendered manifests pattern]: https://akuity.io/blog/the-rendered-manifests-pattern/
+[examples/tech-overview]: https://github.com/holos-run/bank-of-holos/tree/v0.2.0/examples/tech-overview
+[BackendObjectReference]: https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1.BackendObjectReference
+[CODEOWNERS]: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
+[Project]: /docs/api/author/v1alpha3/#Project
--- a/doc/website/blog/2024-07-03-welcome/index.md
+++ b/doc/website/blog/2024-07-03-welcome/index.md
@@ -1,8 +0,0 @@
---
-slug: welcome
-title: Welcome
-authors: [jeff]
-tags: [holos]
---
-
-TODO - Coming Soon
--- a/doc/website/blog/2024-10-28-holos.md
+++ b/doc/website/blog/2024-10-28-holos.md
@@ -0,0 +1,125 @@
+---
+slug: announcing-holos
+title: Announcing Holos
+authors: [jeff]
+tags: [holos, launch]
+image: /img/cards/announcing-holos.png
+description: Holistically manage Helm and Kustomize with CUE
+---
+
+<head>
+  <title>Announcing Holos</title>
+  <meta property="og:title" content="Announcing Holos" />
+</head>
+
+I'm excited to share Holos, a Go command line tool we developed to make it
+easier to manage a platform built on Kubernetes.  Holos implements the rendered
+manifests pattern as a data pipeline to fully render manifests generated from
+[Helm], [Kustomize], or [CUE] in a holistic way.
+
+[Helm]: https://helm.sh/
+[Kustomize]: https://kustomize.io/
+[CUE]: https://cuelang.org/
+
+```mermaid
+---
+title: Rendered Manifest Pipeline
+---
+graph LR
+    Platform[<a href="/docs/api/author/v1alpha4/#Platform">Platform</a>]
+    Component[<a href="/docs/api/author/v1alpha4/#ComponentConfig">Components</a>]
+
+    Helm[<a href="/docs/api/author/v1alpha4/#Helm">Helm</a>]
+    Kustomize[<a href="/docs/api/author/v1alpha4/#Kustomize">Kustomize</a>]
+    Kubernetes[<a href="/docs/api/author/v1alpha4/#Kubernetes">Kubernetes</a>]
+
+    BuildPlan[<a href="/docs/api/core/v1alpha4/#buildplan">BuildPlan</a>]
+
+    ResourcesArtifact[<a href="/docs/api/core/v1alpha4/#artifact">Resources<br/>Artifact</a>]
+    GitOpsArtifact[<a href="/docs/api/core/v1alpha4/#artifact">GitOps<br/>Artifact</a>]
+
+    Generators[<a href="/docs/api/core/v1alpha4/#generators">Generators</a>]
+    Transformers[<a href="/docs/api/core/v1alpha4/#transformer">Transformers</a>]
+    Files[Manifest<br/>Files]
+
+    Platform --> Component
+    Component --> Helm --> BuildPlan
+    Component --> Kubernetes --> BuildPlan
+    Component --> Kustomize --> BuildPlan
+
+    BuildPlan --> ResourcesArtifact --> Generators
+    BuildPlan --> GitOpsArtifact --> Generators
+
+    Generators --> Transformers --> Files
+```
+
+<!-- truncate -->
+
+At the start of the pandemic I was migrating our platform from VMs managed by
+Puppet to Kubernetes.  My primary goal was to build an observability system
+similar to what we had when we managed Puppet at Twitter prior to the
+acquisition.  I started building the observability system with the official
+[prometheus community charts], but quickly ran into issues where the
+individual charts didn’t work with each other.  I was frustrated with how
+complicated and difficult to configure these charts were.  They weren’t well
+integrated, so I switched to the [kube-prometheus-stack] umbrella chart which
+attempts to solve this integration problem.
+
+The umbrella chart got us further, as long as we didn’t stray too far from the
+default values, but we quickly ran into operational challenges.  Upgrading the
+chart introduced breaking changes we couldn’t see until they were applied,
+causing incidents.  We needed to manage secrets securely so we mixed in
+ExternalSecrets with many of the charts.  We decided to handle these
+customizations by implementing the [rendered manifests pattern] using scripts in
+our CI pipeline.
+
+These scripts got us further, but we found them costly to maintain.
+Teammates needed to be careful to execute them with the same context they were
+executed in CI.  We realized we were reinventing Hiera to manage a hierarchy of
+helm values.yaml files to inject into multiple charts.
+
+At this point I started looking for a more holistic solution to this problem of
+integrating multiple charts together.  We saw the value in the rendered
+manifests pattern, but we couldn’t find an agreed upon implementation.  We built
+a Go command line tool to implement the pattern as a data pipeline.  I’d been
+thinking about the comments from the [Why are we templating YAML] posts and
+wondering what an answer to this question would look like.
+
+The Go command line tool was an incremental improvement over the CI scripts, but
+we still didn’t have a good way to handle the data values.  We were still
+templating YAML which didn’t catch errors early enough.  It was too easy to
+render invalid resources Kubernetes rejected, causing deployment problems.  I
+searched for a solution to manage helm values, something like Hiera which we
+knew well from Puppet, but not hierarchical because we knew it was important to
+trace where config values came from in an outage.  A few HN comments mentioned
+CUE, and an engineer we worked with at Twitter used CUE to configure Envoy at
+scale, so I gave it a try.  I quickly appreciated how CUE provides both strong
+type checking and validation of constraints, unifies all configuration data, and
+provides clarity into where values originate from.
+
+Take a look at Holos if you’re looking to implement the rendered manifests
+pattern or can’t shake that feeling it should be easier to integrate third party
+software into Kubernetes like we felt.
+
+1. [Helm Guide] Walks through how we solved the challenges we faced with the prometheus Helm charts.
+2. [Quickstart] Works through how a platform team can define golden paths for other teams using CUE.
+3. [Author API] provides an ergonomic way to work with Helm, Kustomize, and CUE resources.
+
+[Helm Guide]: /docs/guides/helm/
+[Guides]: /docs/guides/
+[API Reference]: /docs/api/
+[Quickstart]: /docs/quickstart/
+[Author API]: /docs/api/author/
+[Core API]: /docs/api/core/
+[Open Infrastructure Services]: https://openinfrastructure.co/
+[Why are we templating YAML]: https://hn.algolia.com/?dateRange=all&page=0&prefix=false&query=https%3A%2F%2Fleebriggs.co.uk%2Fblog%2F2019%2F02%2F07%2Fwhy-are-we-templating-yaml&sort=byDate&type=story
+
+[Holos]: https://holos.run/
+[Quickstart]: /docs/quickstart/
+
+[Helm]: https://helm.sh/
+[Kustomize]: https://kustomize.io/
+[CUE]: https://cuelang.org/
+[rendered manifests pattern]: https://akuity.io/blog/the-rendered-manifests-pattern/
+[prometheus community charts]: https://github.com/prometheus-community/helm-charts
+[kube-prometheus-stack]: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack
--- a/doc/website/blog/2024-10-28-why-cue.md
+++ b/doc/website/blog/2024-10-28-why-cue.md
@@ -0,0 +1,123 @@
+---
+slug: why-cue-for-configuration
+title: Why CUE for Configuration
+authors: [jeff]
+tags: [holos, cue]
+image: /img/cards/why-cue.png
+description: Why we use CUE for configuration in Holos
+date: 2024-10-28T16:00
+---
+
+We selected [CUE](https://cuelang.org/) as the configuration language in Holos
+for a number of reasons described in this post.  The process was a combination
+of process by elimination and the unique way CUE _unifies_ configuration.
+
+<!-- truncate -->
+We evaluated a number of domain specific and general purpose languages before
+deciding on CUE.  The CUE website, GitHub issues, and Marcel's videos do a great
+job of explaining most of these reasons, so I'll summarize and cite them here.
+
+## DSL or GPL
+
+The first decision was if we should use a turing complete general purpose
+language, or a domain specific language (DSL).  We decided to use a DSL because
+we knew from hard won experience configuration with general purpose languages
+invites too many problems over time.
+
+1. Configuration easily becomes non-deterministic, especially when remote procedure calls are involved.
+2. Many general purpose languages support type checking, but few support constraints and validation of data.  We must write our own validation logic which often means validation happens haphazardly, if at all.
+3. Data is usually mutable, making it difficult to know where an output value came from.
+4. Configuration code is read much more frequently, and at more critical times like an outage, than it's written.  I felt this pain and I don't want anyone using Holos to feel that way.
+
+For these reasons we sought a domain specific language that focused on
+simplicity, readability, and data validation.  This quote from Marcel got my attention focused on CUE.
+
+> I would argue that for configuration languages maintainability and readability are more important even than for programming languages, because they are ofter viewed by a larger group, often need to be changed in emergency conditions, and also as they are supposed to convey a certain contract. Most configuration languages, like GCL (my own doing), are more like scripting languages, making it easier to crank out definitions of large swats of data compactly, but being harder to comprehend and modify later.
+
+Source: [Comparisons between CUE, Jsonnet, Shall, OPA, etc.](https://github.com/cuelang/cue/discussions/669#discussioncomment-306811)
+
+## Other DSLs
+
+### Template Engines
+
+Template engines are not exactly a domain specific language, but they're
+similar.  We already used Go templates in Helm to produce YAML, and previously
+used Jinja2 and ERB templates extensively for configuration tasks.
+
+The fundamental problem with text template engines is that they manipulate text,
+not data.  As a result, output is often rendered without error or indication the
+configuration is invalid until it is applied to the live system.  Errors need
+to be handled faster and earlier, ideally immediately as we're writing in our
+editor.
+
+For these reasons we can set aside all tools based on text templating.
+
+### Jsonnet
+
+Marcel and the CUE website explain this much better than I can.  We used Jsonnet
+to configure the kubernetes prometheus stack and experienced Jsonnet's lack of
+validation features first hand.
+
+> Like Jsonnet, CUE is a superset of JSON. They also are both influenced by GCL. CUE, in turn is influenced by Jsonnet. This may give the semblance that the languages are very similar. At the core, though, they are very different.
+> 
+> CUE’s focus is data validation whereas Jsonnet focuses on data templating (boilerplate removal). Jsonnet was not designed with validation in mind.
+> 
+> Jsonnet and GCL can be quite powerful at reducing boilerplate. The goal of CUE is not to be better at boilerplate removal than Jsonnet or GCL. CUE was designed to be an answer to two major shortcomings of these approaches: complexity and lack of typing. Jsonnet reduces some of the complexities of GCL, but largely falls into the same category. For CUE, the tradeoff was to add typing and reduce complexity (for humans and machines), at the expense of giving up flexibility.
+
+Source: [CUE Configuration Use Case - Jsonnet / GCL](https://cuelang.org/docs/concept/configuration-use-case/#jsonnet-gcl)
+
+Marcel answered this question in more depth earlier:
+
+> Jsonnet is based on BCL, an internal language at Google. It fixes a few things relative to BCL, but is mostly the same. This means it copies the biggest mistakes of BCL. Even though BCL is still widely used at Google, its issues are clear. It was just that the alternatives weren't that much better.
+> 
+> There are a myriad of issues with BCL (and Jsonnet and pretty much all of its descendants), but I will mention a couple:
+> 
+> 1. Most notably, the basic operation of composition of BCL/Jsonnet, inheritance, is not commutative and idempotent in the general case. In other words, order matters. This makes it, for humans, hard to track where values are coming from. But also, it makes it very complicated, if not impossible, to do any kind of automation. The complexity of inheritance is compounded by the fact that values can enter an object from one of several directions (super, overlay, etc.), and the order in which this happens matters. The basic operation of CUE is commutative, associative and idempotent. This order independence helps both humans and machines. The resulting model is much less complex.  
+> 2. Typing: most of the BCL offshoots do not allow for schema definitions. This makes it hard to detect any kind of typos or user errors. For a large code bases, no one will question a requirement to have a compiled/typed language. Why should we not require the same kind of rigor for data? Some offshoots of BCL internal to Google and also external have tried to address this a bit, but none quite satisfactory. In CUE types and values are the same thing. This makes things both easier than schema-based languages (less concepts to learn), but also more powerful. It allows for intuitive but also precise typing.  
+> 
+> There are many other issues, like handling cycles, unprincipled workarounds for hermeticity, poor tooling and so forth that make BCL and offsprings often awkward.  
+> 
+> So why CUE? Configuration is still largely an unsolved problem. We have tried using code to generate configs, or hybrid languages, but that often results in a mess. Using generators on databases doesn't allow keeping it sync with revision control. Simpler approaches like HCL and Kustomize recognize the complexity issue by removing a lot of it, but then sometimes become too weak, and actually also reintroduce some of this complexity with overlays (a poor man's inheritance, if you will, but with some of the same negative consequences). Other forms of removing complexity, for instance by just introducing simpler forms/ abstraction layers of configuration, may work within certain context but are domain-specific and relatively hard to maintain.  
+> 
+> So inheritance-based languages, for all its flaws, were the best we had. The idea behind CUE is to recognize that a declarative language is the best approach for many (not all) configuration problems, but to tackle the fundamental issues of these languages.  
+> 
+> The idea for CUE is actually not new. It was invented about 30 years ago and has been in use and further developed since that time in the field of computational linguistics, where the concept is used to encode entire lexicons as well as very detailed grammars of human languages. If you think about it, these are huge configurations that are often maintained by both computer scientists and linguists. You can see this as a proof of concept that large-scale, declarative configuration for a highly complex domain can work.  
+> 
+> CUE is a bit different from the languages used in linguistics and more tailored to the general configuration issue as we've seen it at Google. But under the hood it adheres strictly to the concepts and principles of these approaches and we have been careful not to make the same mistakes made in BCL (which then were copied in all its offshoots). It also means that CUE can benefit from 30 years of research on this topic. For instance, under the hood, CUE uses a first-order unification algorithm, allowing us to build template extractors based on anti-unification (see issue #7 and #15), something that is not very meaningful or even possible with languages like BCL and Jsonnet.
+
+Source: [how CUE differs from jsonnet](https://github.com/cuelang/cue/issues/33#issuecomment-483615374)
+
+### Dhall
+
+> Dhall addresses some of the issues of GCL and Jsonnet (like lack of typing), but lacks the detailed typing of CUE. But it still misses the most important property of CUE: its model of composability. Some of the benefits are explained in the above link. Conceptually, CUE is an aspect-oriented and constraint-based language. It allows you to specify fine-grained constraints on what are valid values. These constraints then double as templates, allowing to remove boilerplate often with the same efficacy as inheritance, even if it works very differently.
+
+Source [Comparisons between CUE, Jsonnet, Dhall, OPA, etc.](https://github.com/cuelang/cue/discussions/669#discussioncomment-306811)
+
+### Rego (OPA)
+
+> CUE also can be used for policy specification, like Rego (OPA).CUE unifies values, types, and constraints in a single continuum. As it is a constraint-based language first and foremost, it is well suited for defining policy. It is less developed in that area than Rego, but it I expect it will ultimately be better suited for policy. Note that Rego is based on Datalog, which is more of a query language at hart, giving it quite a different feel for defining policy than CUE. Both are logic programming languages, though, and share many of the same properties.
+
+Source [Comparisons between CUE, Jsonnet, Dhall, OPA, etc.](https://github.com/cuelang/cue/discussions/669#discussioncomment-306811)
+
+### PKL
+
+I didn't look deeply into [Pkl](https://github.com/apple/pkl) primarily because
+CUE, like Holos, is written in Go.  It was straight forward to integrate CUE 
+into Holos.
+
+### HCL
+
+I have extensive experience with HCL and found it challenging to work with at medium to large scales.
+
+See also: [CUE Configuration Use Case - HCL](https://cuelang.org/docs/concept/configuration-use-case/#hcl)
+
+## Editor Integration
+
+CUE has good support today for Visual Studio Code, and better support coming,
+see the [CUE LSP Roadmap](https://github.com/orgs/cue-lang/projects/15)
+
+## Additional Resources
+
+The video [Large-Scale Engineering of Configuration with Unification (Marcel van
+Lohuizen)](https://www.youtube.com/watch?v=jSRXobu1jHk) motivated me to go
+deeper and invest significant time into CUE.
--- a/doc/website/blog/authors.yml
+++ b/doc/website/blog/authors.yml
@@ -1,6 +1,6 @@
 jeff:
  name: Jeff McCune
-  title: Holos maintainer & creator
+  title: Holos maintainer & author
  url: https://github.com/jeffmccune
  image_url: https://github.com/jeffmccune.png

--- a/doc/website/blog/tags.yml
+++ b/doc/website/blog/tags.yml
@@ -2,3 +2,8 @@ holos:
  label: Holos
  permalink: /holos
  description: Holos Platform
+
+tech:
+  label: Technical
+  permalink: /tech
+  description: Technical Articles
--- a/doc/website/docusaurus.config.ts
+++ b/doc/website/docusaurus.config.ts
@@ -4,7 +4,7 @@ import type * as Preset from '@docusaurus/preset-classic';

 const config: Config = {
  title: 'Holos',
-  tagline: 'The Holistic Package Manager for Cloud Native Applications',
+  tagline: 'An easier way for platform teams to integrate software into their platform',
  favicon: 'img/favicon.ico',

  // Set the production url of your site here
@@ -12,6 +12,7 @@ const config: Config = {
  // Set the /<baseUrl>/ pathname under which your site is served
  // For GitHub pages deployment, it is often '/<projectName>/'
  baseUrl: '/',
+  // trailing slash is necessary for Cloudflare pages.
  trailingSlash: true,

  // GitHub pages deployment config.
@@ -41,12 +42,7 @@ const config: Config = {
    [
      '@docusaurus/plugin-client-redirects',
      {
-        redirects: [
-          {
-            from: "/docs/tutorial/local/k3d/",
-            to: "/docs/guides/try-holos/",
-          },
-        ],
+        redirects: [],
      },
    ],
  ],
@@ -70,13 +66,17 @@ const config: Config = {
          blogSidebarTitle: "All posts",
          feedOptions: {
            type: 'all',
-            copyright: `Copyright © ${new Date().getFullYear()}, The Holos Authors.`,
+            copyright: `Copyright © ${new Date().getFullYear()}, The Holos Authors`,
          },
          showReadingTime: false,
        },
        theme: {
          customCss: './src/css/custom.css',
        },
+        gtag: {
+          trackingID: 'G-M00QMB1N05',
+          anonymizeIP: true,
+        }
      } satisfies Preset.Options,
    ],
  ],
@@ -98,32 +98,27 @@ const config: Config = {
      items: [
        {
          type: 'doc',
-          docId: 'quickstart/index',
+          docId: 'guides/quickstart',
          position: 'left',
-          label: 'Try Holos',
+          label: 'Quickstart',
        },
+        { to: '/docs/technical-overview', label: 'Docs', position: 'left' },
+        { to: '/docs/guides', label: 'Guides', position: 'left' },
        {
          type: 'doc',
-          docId: 'concepts',
-          position: 'left',
-          label: 'Docs',
-        },
-        {
-          type: 'docSidebar',
-          sidebarId: 'api',
+          docId: 'api',
          position: 'left',
          label: 'API',
        },
        { to: '/blog', label: 'Blog', position: 'left' },
        {
-          "href": "https://pkg.go.dev/github.com/holos-run/holos?tab=doc",
-          "label": "GoDoc",
-          "position": "left",
-          "className": "header-godoc-link",
+          href: 'https://github.com/holos-run',
+          label: 'GitHub',
+          position: 'right',
        },
        {
-          href: 'https://github.com/holos-run/holos',
-          label: 'GitHub',
+          href: 'https://discord.gg/JgDVbNpye7',
+          label: 'Discord',
          position: 'right',
        },
      ],
@@ -135,7 +130,7 @@ const config: Config = {
          title: 'Docs',
          items: [
            {
-              label: 'Get Started',
+              label: 'Quickstart',
              to: '/docs/quickstart',
            },
            {
@@ -144,11 +139,11 @@ const config: Config = {
            },
            {
              label: 'Documentation',
-              to: '/docs/intro',
+              to: '/docs',
            },
            {
              label: 'API Reference',
-              to: '/docs/api/core/v1alpha2',
+              to: '/docs/api',
            },
          ],
        },
@@ -156,7 +151,19 @@ const config: Config = {
          title: 'Community',
          items: [
            {
-              label: 'Discuss',
+              label: 'Support',
+              href: '/docs/support',
+            },
+            {
+              label: 'Discord',
+              href: 'https://discord.gg/JgDVbNpye7',
+            },
+            {
+              label: 'Discussion List',
+              href: 'https://groups.google.com/g/holos-discuss',
+            },
+            {
+              label: 'Discussion Forum',
              href: 'https://github.com/holos-run/holos/discussions',
            },
          ],
@@ -172,6 +179,10 @@ const config: Config = {
              label: 'GitHub',
              href: 'https://github.com/holos-run/holos',
            },
+            {
+              label: 'GoDoc',
+              href: 'https://pkg.go.dev/github.com/holos-run/holos?tab=doc',
+            }
          ],
        },
      ],
--- a/doc/website/sidebars.ts
+++ b/doc/website/sidebars.ts
@@ -12,30 +12,64 @@ import type { SidebarsConfig } from '@docusaurus/plugin-content-docs';
 */
 const sidebars: SidebarsConfig = {
  doc: [
-    'quickstart/index',
-    'concepts',
-    'install',
-    'comparison',
-  ],
-  api: [
+    'introduction',
+    'technical-overview',
    {
-      label: 'Schema',
-      type: 'category',
-      collapsed: false,
-      items: [
-        'api/schema/v1alpha3',
-      ],
-    },
-    {
-      label: 'Core API',
+      label: 'Getting Started',
      type: 'category',
      collapsed: true,
+      link: { type: 'doc', id: 'start' },
      items: [
-        'api/core/v1alpha3',
-        'api/core/v1alpha2',
+        {
+          type: 'autogenerated',
+          dirName: 'start',
+        },
      ],
    },
-    'cli',
+    {
+      label: 'Guides',
+      type: 'category',
+      collapsed: false,
+      link: { type: 'doc', id: 'guides' },
+      items: [
+        {
+          type: 'autogenerated',
+          dirName: 'guides',
+        },
+      ],
+    },
+    {
+      label: 'API Reference',
+      type: 'category',
+      collapsed: true,
+      link: { type: 'doc', id: 'api' },
+      items: [
+        {
+          label: 'Author API',
+          type: 'category',
+          link: { type: 'doc', id: 'api/author' },
+          collapsed: true,
+          items: [
+            {
+              type: 'autogenerated',
+              dirName: 'api/author',
+            },
+          ]
+        },
+        {
+          label: 'Core API',
+          type: 'category',
+          link: { type: 'doc', id: 'api/core' },
+          collapsed: true,
+          items: [
+            {
+              type: 'autogenerated',
+              dirName: 'api/core',
+            },
+          ]
+        },
+      ]
+    },
  ],
 };

--- a/doc/website/src/components/HomepageFeatures/index.tsx
+++ b/doc/website/src/components/HomepageFeatures/index.tsx
@@ -8,53 +8,56 @@ type FeatureItem = {
  description: JSX.Element;
 };

-// TODO: Consider focusing on the three pillars of Safe, Easy, Consistent.
+// We don't focus on features, but rather problems and solutions.
 const FeatureList: FeatureItem[] = [
  {
-    title: 'Kustomize Helm',
-    Svg: require('@site/static/img/base00/undraw_together_re_a8x4.svg').default,
+    title: 'For Platform Engineers',
+    Svg: require('@site/static/img/base00/undraw_software_engineer_re_tnjc.svg').default,
    description: (
      <>
-        Super charge your existing Helm charts by providing well defined,
-        validated input values, post-processing the output with Kustomize,
-        and mixing in your own custom resources.  All without modifying upstream
-        charts to alleviate the pain of upgrades.
+        <p align="left">
+          <ul>
+            <li>Provide simple definitions for other teams to use as golden paths.</li>
+            <li>Define integrations in <a href="https://cuelang.org/">CUE</a> with strong type checking. No more text templates or bash scripts.</li>
+            <li>Reuse your existing Helm charts and Kustomize bases.</li>
+          </ul>
+        </p>
+        <a href="/docs/technical-overview">Learn More</a>
      </>
    ),
  },
  {
-    title: 'Unified Data Model',
-    Svg: require('@site/static/img/base00/undraw_fitting_pieces_re_nss7.svg').default,
+    title: 'For Software Developers',
+    Svg: require('@site/static/img/base00/undraw_through_the_park_lxnl.svg').default,
    description: (
      <>
-        Unify all of your platform components into one well-defined, strongly
-        typed data model with CUE.  Holos makes it easier and safer to integrate
-        seamlessly with software distributed with current and future tools that
-        produce Kubernetes resource manifests.
+        <p align="left">
+          <ul>
+            <li>Move faster using paved paths from your platform and security teams.</li>
+            <li>Develop locally or in the cloud.</li>
+            <li>Spend more time developing software and fewer cycles fighting infrastructure challenges.</li>
+          </ul>
+        </p>
+        <a href="/docs/technical-overview">Learn More</a>
      </>
    ),
  },
  {
-    title: 'Deep Insights',
-    Svg: require('@site/static/img/base00/undraw_code_review_re_woeb.svg').default,
+    title: 'For Security Teams',
+    Svg: require('@site/static/img/base00/undraw_security_on_re_e491.svg').default,
    description: (
      <>
-        Reduce risk and increase confidence in your configuration changes.
-        Holos offers clear visibility into complete resource configuration
-        <i>before</i> being applied.
+        <p align="left">
+          <ul>
+            <li>Define security policy as reusable, typed configurations.</li>
+            <li>Automatically enforce security policy on new projects.</li>
+            <li>Ensure a consistent security posture cross-platform with fewer code changes.</li>
+          </ul>
+        </p>
+        <a href="/docs/technical-overview">Learn More</a>
      </>
    ),
-  },
-  {
-    title: 'Interoperable',
-    Svg: require('@site/static/img/base00/undraw_version_control_re_mg66.svg').default,
-    description: (
-      <>
-        Holos is designed for compatibility with your preferred tools and
-        processes, for example git diff and code reviews.
-      </>
-    ),
-  },
+  }
 ];

 function Feature({ title, Svg, description }: FeatureItem) {
--- a/doc/website/src/css/custom.css
+++ b/doc/website/src/css/custom.css
@@ -4,6 +4,43 @@
 * work well for content-centric websites.
 */

+/* Enable wrapping by default for mobile */
+/* pre code {
+  white-space: pre-wrap;
+  overflow-wrap: anywhere;
+} */
+
+.hero__title {
+  text-align: left;
+}
+
+.hero__subtitle {
+  text-align: left;
+}
+
+.projectDesc {
+  text-align: left;
+}
+
+.hero__buttons {
+  float: left
+}
+
+/* Ensure img in hero banner scales well even on mobile */
+@media screen and (max-width: 996px) {
+  div.diagramImg {
+    width: 100%;
+    max-width: 100px;
+    height: auto;
+  }
+}
+
+div.diagramImg {
+  width: 30%;
+  min-width: 300px;
+  float: right;
+}
+
 /* You can override the default Infima variables here. */
 :root {
  --ifm-link-color: #268bd2;
--- a/doc/website/src/pages/index.tsx
+++ b/doc/website/src/pages/index.tsx
@@ -12,30 +12,30 @@ function HomepageHeader() {
  return (
    <header className={clsx('hero hero--primary', styles.heroBanner)}>
      <div className="container">
+        <div className="diagramImg">
+          <img src="./img/holos-diagram-color-transparent.svg" alt="Holos Diagram" />
+        </div>
        <Heading as="h1" className="hero__title">
          {siteConfig.title}
        </Heading>
        <p className="hero__subtitle">{siteConfig.tagline}</p>
-        <p className="projectDesc">
-          Holos adds CUE's type safety, unified structure, and strong validation
-          features to your current software packages, including Helm and
-          Kustomize.  These features make the experience of integrating software
-          packages into a holistic platform a pleasant journey.
-        </p>
-        <div className={styles.buttons}>
-          <Link
-            className="button button--secondary button--lg"
-            to="docs/quickstart">
-            Get Started
-          </Link>
-          <span className={styles.divider}></span>
-          <Link
-            className="button button--primary button--lg"
-            to="docs/concepts">
-            Learn More
-          </Link>
+        <div className="hero__buttons">
+          <div className={styles.buttons}>
+            <Link
+              className="button button--secondary button--lg"
+              to="docs/quickstart">
+              Get Started
+            </Link>
+            <span className={styles.divider}></span>
+            <Link
+              className="button button--primary button--lg"
+              to="docs/technical-overview/">
+              Learn More
+            </Link>
+            <span className={styles.divider}></span>
+            </div>
        </div>
-      </div>
+      </div >
    </header >
  );
 }
@@ -44,8 +44,8 @@ export default function Home(): JSX.Element {
  const { siteConfig } = useDocusaurusContext();
  return (
    <Layout
-      title={`${siteConfig.title} Package Manager`}
-      description="Holos adds CUE's type safety, unified structure, and strong validation features to your current software packages, including Helm and Kustomize.">
+      title={`${siteConfig.title} Platform Manager`}
+      description="Holos adds CUE's type safety, unified structure, and strong validation features to your Kubernetes configuration manifests, including Helm and Kustomize.">
      <HomepageHeader />
      <main>
        <HomepageFeatures />
--- a/doc/website/static/.well-known/atproto-did
+++ b/doc/website/static/.well-known/atproto-did
@@ -0,0 +1 @@
+did:plc:7jly72mfd42u4fj4mfyovxqz
--- a/doc/website/static/img/cards/announcing-holos.png
+++ b/doc/website/static/img/cards/announcing-holos.png
--- a/doc/website/static/img/cards/background.png
+++ b/doc/website/static/img/cards/background.png
--- a/doc/website/static/img/cards/guides-helm-2.png
+++ b/doc/website/static/img/cards/guides-helm-2.png
--- a/doc/website/static/img/cards/guides-helm.png
+++ b/doc/website/static/img/cards/guides-helm.png
--- a/doc/website/static/img/cards/launch.jpg
+++ b/doc/website/static/img/cards/launch.jpg
--- a/doc/website/static/img/cards/technical-overview.png
+++ b/doc/website/static/img/cards/technical-overview.png
--- a/doc/website/static/img/cards/why-cue.png
+++ b/doc/website/static/img/cards/why-cue.png
--- a/doc/website/static/img/github-mark-white.png
+++ b/doc/website/static/img/github-mark-white.png
--- a/doc/website/static/img/github-mark-white.svg
+++ b/doc/website/static/img/github-mark-white.svg
@@ -0,0 +1 @@
+<svg width="98" height="96" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M48.854 0C21.839 0 0 22 0 49.217c0 21.756 13.993 40.172 33.405 46.69 2.427.49 3.316-1.059 3.316-2.362 0-1.141-.08-5.052-.08-9.127-13.59 2.934-16.42-5.867-16.42-5.867-2.184-5.704-5.42-7.17-5.42-7.17-4.448-3.015.324-3.015.324-3.015 4.934.326 7.523 5.052 7.523 5.052 4.367 7.496 11.404 5.378 14.235 4.074.404-3.178 1.699-5.378 3.074-6.6-10.839-1.141-22.243-5.378-22.243-24.283 0-5.378 1.94-9.778 5.014-13.2-.485-1.222-2.184-6.275.486-13.038 0 0 4.125-1.304 13.426 5.052a46.97 46.97 0 0 1 12.214-1.63c4.125 0 8.33.571 12.213 1.63 9.302-6.356 13.427-5.052 13.427-5.052 2.67 6.763.97 11.816.485 13.038 3.155 3.422 5.015 7.822 5.015 13.2 0 18.905-11.404 23.06-22.324 24.283 1.78 1.548 3.316 4.481 3.316 9.126 0 6.6-.08 11.897-.08 13.526 0 1.304.89 2.853 3.316 2.364 19.412-6.52 33.405-24.935 33.405-46.691C97.707 22 75.788 0 48.854 0z" fill="#fff"/></svg>
--- a/doc/website/static/img/github-mark.png
+++ b/doc/website/static/img/github-mark.png
--- a/doc/website/static/img/github-mark.svg
+++ b/doc/website/static/img/github-mark.svg
@@ -0,0 +1 @@
+<svg width="98" height="96" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M48.854 0C21.839 0 0 22 0 49.217c0 21.756 13.993 40.172 33.405 46.69 2.427.49 3.316-1.059 3.316-2.362 0-1.141-.08-5.052-.08-9.127-13.59 2.934-16.42-5.867-16.42-5.867-2.184-5.704-5.42-7.17-5.42-7.17-4.448-3.015.324-3.015.324-3.015 4.934.326 7.523 5.052 7.523 5.052 4.367 7.496 11.404 5.378 14.235 4.074.404-3.178 1.699-5.378 3.074-6.6-10.839-1.141-22.243-5.378-22.243-24.283 0-5.378 1.94-9.778 5.014-13.2-.485-1.222-2.184-6.275.486-13.038 0 0 4.125-1.304 13.426 5.052a46.97 46.97 0 0 1 12.214-1.63c4.125 0 8.33.571 12.213 1.63 9.302-6.356 13.427-5.052 13.427-5.052 2.67 6.763.97 11.816.485 13.038 3.155 3.422 5.015 7.822 5.015 13.2 0 18.905-11.404 23.06-22.324 24.283 1.78 1.548 3.316 4.481 3.316 9.126 0 6.6-.08 11.897-.08 13.526 0 1.304.89 2.853 3.316 2.364 19.412-6.52 33.405-24.935 33.405-46.691C97.707 22 75.788 0 48.854 0z" fill="#24292f"/></svg>
--- a/doc/website/static/img/holos-diagram-color-non-transparent.svg
+++ b/doc/website/static/img/holos-diagram-color-non-transparent.svg
--- a/doc/website/static/img/holos-diagram-color-transparent.svg
+++ b/doc/website/static/img/holos-diagram-color-transparent.svg
--- a/doc/website/static/img/holos-logo.png
+++ b/doc/website/static/img/holos-logo.png
--- a/doc/website/static/img/holos-social-card.png
+++ b/doc/website/static/img/holos-social-card.png
--- a/doc/website/static/img/logo-holos-dark.svg
+++ b/doc/website/static/img/logo-holos-dark.svg
@@ -0,0 +1,4 @@
+<svg width="200" height="200" xmlns="http://www.w3.org/2000/svg">
+  <circle cx="100" cy="100" r="90" fill="#FDF6E3" stroke="#073642" stroke-width="4" />
+  <text x="50%" y="50%" text-anchor="middle" fill="#073642" font-size="96" dy=".35em" font-family="Arial, sans-serif" font-weight="bold">H</text>
+</svg>
--- a/doc/website/static/img/logo-holos.svg
+++ b/doc/website/static/img/logo-holos.svg
@@ -0,0 +1,4 @@
+<svg width="200" height="200" xmlns="http://www.w3.org/2000/svg">
+  <circle cx="100" cy="100" r="90" stroke="#FDF6E3" fill="#073642" stroke-width="4" />
+  <text x="50%" y="50%" text-anchor="middle" fill="#FDF6E3" font-size="96" dy=".35em" font-family="Arial, sans-serif" font-weight="bold">H</text>
+</svg>
--- a/doc/website/static/img/logo-ois-dark.svg
+++ b/doc/website/static/img/logo-ois-dark.svg
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Created with Vectornator (http://vectornator.io/) -->
+<svg style="fill-rule:nonzero;clip-rule:evenodd;stroke-linecap:round;stroke-linejoin:round;" version="1.1" viewBox="0 0 605.044 336.948" xmlns="http://www.w3.org/2000/svg" xmlns:vectornator="http://vectornator.io" xmlns:xlink="http://www.w3.org/1999/xlink">
+<defs/>
+<g id="Logo" vectornator:layerName="Logo">
+<g opacity="1">
+<path d="M591.109 167.89C580.229 111.687 546.936 77.6261 491.282 65.5687C433.469 53.0447 384.362 69.3554 342.802 110.398C310.616 142.185 278.709 174.259 246.482 205.995C225.922 226.226 205.922 247.343 179.109 259.626C149.202 273.334 119.469 272.37 93.4157 251.847C66.8557 230.91 61.2157 201.791 69.349 169.809C81.5757 121.787 138.509 102.695 182.402 131.721C187.656 135.193 192.829 138.787 198.149 142.406C200.682 140.009 202.496 138.35 204.242 136.622C224.509 116.598 244.109 95.8634 265.162 76.7034C293.082 51.2821 325.909 36.9234 364.469 39.9821C377.656 41.0274 390.656 44.4154 406.242 47.1781C374.122 16.6794 338.802 2.73806 296.776 9.35939C257.362 15.5701 226.149 36.7381 199.789 65.6101C193.602 72.3927 188.029 74.0394 179.256 70.7394C168.722 66.7727 158.376 64.2394 148.229 63.0127L148.229 63.0087C148.216 63.0074 148.189 63.0074 148.176 63.0061C148.056 62.9914 147.936 62.9714 147.816 62.9581C147.802 62.9687 147.802 62.9767 147.789 62.9874C21.4957 55.3727 9.17567 165.405 9.17567 165.405C-2.58433 286.525 80.029 311.302 80.029 311.302L80.069 311.302C90.0823 315.263 100.456 318.062 111.029 320.229L111.042 320.25C111.042 320.25 112.962 320.745 116.509 321.295C117.456 321.47 118.402 321.653 119.349 321.819C119.376 321.781 119.402 321.745 119.416 321.706C138.362 324.111 187.416 325.538 246.122 289.946C246.242 289.951 246.376 289.939 246.496 289.95C284.176 252.225 321.882 214.525 359.722 176.97C377.829 159.006 394.296 138.981 418.056 127.409C455.242 109.302 501.269 117.934 522.642 147.982C539.616 171.834 541.616 197.893 529.402 223.943C516.682 251.057 493.776 265.733 464.016 266.622C423.082 267.846 382.082 267.358 341.122 267.277C332.309 267.259 325.469 269.946 319.336 276.357C306.549 289.741 293.216 302.61 280.202 315.782C278.402 317.595 275.269 320.245 272.429 323.437C276.522 323.878 281.362 324.021 283.762 324.023C330.429 324.065 377.096 324.385 423.762 323.905C446.856 323.666 470.549 324.903 492.896 320.317C561.376 306.267 604.602 237.579 591.109 167.89" fill="#fdf6e3" fill-rule="nonzero" opacity="1" stroke="none"/>
+<path d="M202.896 194.097C202.896 228.629 174.909 256.622 140.376 256.622C105.842 256.622 77.8423 228.629 77.8423 194.097C77.8423 159.565 105.842 131.57 140.376 131.57C174.909 131.57 202.896 159.565 202.896 194.097" fill="#fdf6e3" fill-rule="nonzero" opacity="1" stroke="none"/>
+</g>
+</g>
+</svg>
--- a/doc/website/static/img/logo-ois.svg
+++ b/doc/website/static/img/logo-ois.svg
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Created with Vectornator (http://vectornator.io/) -->
+<svg style="fill-rule:nonzero;clip-rule:evenodd;stroke-linecap:round;stroke-linejoin:round;" version="1.1" viewBox="0 0 605.044 336.948" xmlns="http://www.w3.org/2000/svg" xmlns:vectornator="http://vectornator.io" xmlns:xlink="http://www.w3.org/1999/xlink">
+<defs/>
+<g id="Logo" vectornator:layerName="Logo">
+<g opacity="1">
+<path d="M591.109 167.89C580.229 111.687 546.936 77.6261 491.282 65.5687C433.469 53.0447 384.362 69.3554 342.802 110.398C310.616 142.185 278.709 174.259 246.482 205.995C225.922 226.226 205.922 247.343 179.109 259.626C149.202 273.334 119.469 272.37 93.4157 251.847C66.8557 230.91 61.2157 201.791 69.349 169.809C81.5757 121.787 138.509 102.695 182.402 131.721C187.656 135.193 192.829 138.787 198.149 142.406C200.682 140.009 202.496 138.35 204.242 136.622C224.509 116.598 244.109 95.8634 265.162 76.7034C293.082 51.2821 325.909 36.9234 364.469 39.9821C377.656 41.0274 390.656 44.4154 406.242 47.1781C374.122 16.6794 338.802 2.73806 296.776 9.35939C257.362 15.5701 226.149 36.7381 199.789 65.6101C193.602 72.3927 188.029 74.0394 179.256 70.7394C168.722 66.7727 158.376 64.2394 148.229 63.0127L148.229 63.0087C148.216 63.0074 148.189 63.0074 148.176 63.0061C148.056 62.9914 147.936 62.9714 147.816 62.9581C147.802 62.9687 147.802 62.9767 147.789 62.9874C21.4957 55.3727 9.17567 165.405 9.17567 165.405C-2.58433 286.525 80.029 311.302 80.029 311.302L80.069 311.302C90.0823 315.263 100.456 318.062 111.029 320.229L111.042 320.25C111.042 320.25 112.962 320.745 116.509 321.295C117.456 321.47 118.402 321.653 119.349 321.819C119.376 321.781 119.402 321.745 119.416 321.706C138.362 324.111 187.416 325.538 246.122 289.946C246.242 289.951 246.376 289.939 246.496 289.95C284.176 252.225 321.882 214.525 359.722 176.97C377.829 159.006 394.296 138.981 418.056 127.409C455.242 109.302 501.269 117.934 522.642 147.982C539.616 171.834 541.616 197.893 529.402 223.943C516.682 251.057 493.776 265.733 464.016 266.622C423.082 267.846 382.082 267.358 341.122 267.277C332.309 267.259 325.469 269.946 319.336 276.357C306.549 289.741 293.216 302.61 280.202 315.782C278.402 317.595 275.269 320.245 272.429 323.437C276.522 323.878 281.362 324.021 283.762 324.023C330.429 324.065 377.096 324.385 423.762 323.905C446.856 323.666 470.549 324.903 492.896 320.317C561.376 306.267 604.602 237.579 591.109 167.89" fill="#142831" fill-rule="nonzero" opacity="1" stroke="none"/>
+<path d="M202.896 194.097C202.896 228.629 174.909 256.622 140.376 256.622C105.842 256.622 77.8423 228.629 77.8423 194.097C77.8423 159.565 105.842 131.57 140.376 131.57C174.909 131.57 202.896 159.565 202.896 194.097" fill="#142831" fill-rule="nonzero" opacity="1" stroke="none"/>
+</g>
+</g>
+</svg>
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				<svg width="98" height="96" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M48.854 0C21.839 0 0 22 0 49.217c0 21.756 13.993 40.172 33.405 46.69 2.427.49 3.316-1.059 3.316-2.362 0-1.141-.08-5.052-.08-9.127-13.59 2.934-16.42-5.867-16.42-5.867-2.184-5.704-5.42-7.17-5.42-7.17-4.448-3.015.324-3.015.324-3.015 4.934.326 7.523 5.052 7.523 5.052 4.367 7.496 11.404 5.378 14.235 4.074.404-3.178 1.699-5.378 3.074-6.6-10.839-1.141-22.243-5.378-22.243-24.283 0-5.378 1.94-9.778 5.014-13.2-.485-1.222-2.184-6.275.486-13.038 0 0 4.125-1.304 13.426 5.052a46.97 46.97 0 0 1 12.214-1.63c4.125 0 8.33.571 12.213 1.63 9.302-6.356 13.427-5.052 13.427-5.052 2.67 6.763.97 11.816.485 13.038 3.155 3.422 5.015 7.822 5.015 13.2 0 18.905-11.404 23.06-22.324 24.283 1.78 1.548 3.316 4.481 3.316 9.126 0 6.6-.08 11.897-.08 13.526 0 1.304.89 2.853 3.316 2.364 19.412-6.52 33.405-24.935 33.405-46.691C97.707 22 75.788 0 48.854 0z" fill="#fff"/></svg>