docs: Pipelines v4

[yhakbar]

This is the holding PR for all the changes to support Pipelines v4.

TODO

• Update scm-comparison.md
• Replace X.Y.Z references for architecture-catalog-versions(Requires tagged arch-catalog release)

Summary by CodeRabbit

• New Features

  • Added comprehensive Account Factory architecture and security documentation
  • New cloud authentication guides for AWS, Azure, and custom providers
  • Interactive persistent checkboxes for documentation progress tracking
  • Enhanced installation guides with platform-specific (GitHub/GitLab) workflows

• Documentation

  • Expanded Account Factory setup and configuration guides
  • New Pipelines concepts documentation for cloud authentication and execution flows
  • Added migration guides for version upgrades
  • Updated navigation structure and improved cross-references
  • Added new deployment and destruction tutorials

• Style

  • Custom checkbox styling for documentation task lists

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
docs	Ready	Preview	Comment	Oct 22, 2025 10:16pm
docs (pipelines-v4)	Ready	Preview	Comment	Oct 22, 2025 10:16pm

[coderabbitai]

Walkthrough

This pull request significantly restructures and expands Gruntwork Pipelines and Account Factory documentation, introduces new cloud authentication concepts, reorganizes installation guides with platform-specific tabs, adds utilities for interactive checkboxes and anchor scrolling, updates component type signatures, and removes the babel configuration export.

Changes

Cohort / File(s)	Summary
Babel Configuration babel.config.js	Removed module.exports containing Docusaurus Babel preset configuration.
Dictionary Updates custom-dictionary.txt	Added six new dictionary entries: infrachanges, Entra, GLMU, myprodsa, azuread, mysa.
Account Factory Architecture docs/2.0/docs/accountfactory/architecture/index.md, repository-topology.md, security-controls.md	Added new IAM roles section; introduced comprehensive repository topology documentation describing four core repositories and governance patterns; added security controls documentation covering GitHub/GitLab access controls, trust policies, and role provisioning.
Account Factory Installation & Guides docs/2.0/docs/accountfactory/installation/index.md, addingnewrepo.md, docs/2.0/docs/accountfactory/guides/...	Reorganized installation overview to reference Account Factory paths; added comprehensive bootstrap guide for new repositories with GitHub/GitLab tabs; updated delegated repo setup link references; expanded account vending guide with tab-based UI for Portal UI and Workflow methods.
Account Factory Prerequisites docs/2.0/docs/accountfactory/prerequisites/awslandingzone.md	Minor formatting updates (blank line adjustments) to AWS Landing Zone prerequisites.
Account Factory Reference docs/2.0/reference/accountfactory/configurations-as-code.md, index.md	Added comprehensive HCL configurations-as-code reference for Account Factory; added overview page with language transition partial.
Pipelines Architecture Reorganization docs/2.0/docs/pipelines/architecture/index.md, components.md, execution-flow.md, audit-logs.md, ci-workflows.md, security-controls.md	Removed legacy components architecture doc; added new execution flow documentation; expanded audit logs with AWS-specific guidance; restructured CI workflows with enterprise/account factory qualifiers; broadened security controls from AWS-specific to cloud-agnostic model.
Pipelines Cloud Authentication docs/2.0/docs/pipelines/concepts/cloud-auth/index.md, aws.mdx, azure.md, custom.md	Added comprehensive cloud authentication hub documenting OIDC, temporary credentials, and security best practices; created new Azure OIDC authentication guide; introduced custom authentication documentation; substantially expanded AWS authentication with HCL/legacy YAML configurations and OIDC fundamentals.
Pipelines Installation Guides (GitHub) docs/2.0/docs/pipelines/installation/addingnewrepo.mdx, addingexistingrepo.mdx, addingexistingrepo.md	Removed old markdown files; added comprehensive MDX bootstrap guides with cloud provider tabs (AWS/Azure), boilerplate scaffolding instructions, and remote state management for new and existing GitHub repositories.
Pipelines Installation Guides (GitLab) docs/2.0/docs/pipelines/installation/addinggitlabrepo.mdx, addingexistinggitlabrepo.mdx, addinggitlabrepo.md	Removed old markdown files; added comprehensive MDX bootstrap guides for new and existing GitLab projects with OIDC/JWKS, machine user tokens, and multi-account provisioning workflows.
Pipelines Installation & Auth Overview docs/2.0/docs/pipelines/installation/overview.md, authoverview.md, viamachineusers.mdx, viagithubapp.md, branch-protection.mdx, gitlab-branch-protection.md, scm-comparison.md	Updated installation overview to reference Account Factory; reorganized auth methods with GitHub App as recommended; restructured machine users guide with platform-specific tabs and expanded token descriptions; added GitLab branch protection guide; updated SCM comparison to remove beta qualifier and add Account Factory row.
Pipelines Configuration & Concepts docs/2.0/docs/pipelines/configuration/settings.md, driftdetection.md, docs/2.0/docs/pipelines/concepts/drift-detection.md	Updated drift detection to reference GitLab alongside GitHub; restructured settings to use MDX partials for language transition and authentication; expanded drift detection filter documentation.
Pipelines Guides docs/2.0/docs/pipelines/guides/handling-broken-iac.md, managing-secrets.mdx, installing-drift-detection.md, running-drift-detection.md, unlock.md	Updated Terragrunt commands to latest syntax (run-all → run --all, graph-dependencies → dag graph); expanded secrets management to multi-cloud (AWS/Azure) with OIDC flows; added platform-specific drift detection setup and scheduling tabs; introduced new unlock state locks guide.
Pipelines Tutorials docs/2.0/docs/pipelines/tutorials/deploying-your-first-infrastructure-change.mdx, deploying-your-first-infrastructure-change.md, deploying-to-aws-gov-cloud.mdx, destroying-infrastructure.mdx, destroying-infrastructure.md	Removed old markdown tutorial files; added comprehensive MDX tutorials supporting AWS and Azure resources with tabbed workflows for GitHub/GitLab; updated GovCloud tutorial to vars.yaml-centric approach.
Pipelines Migration Guides docs/2.0/docs/pipelines/previous-versions/upgrading-github-v3-to-v4.md, upgrading-gitlab-v1-to-v2.md	Added comprehensive v3→v4 GitHub upgrade guide with config migration (HCL/YAML) and workflow updates; added v1→v2 GitLab upgrade guide with run-all logging and feature flag documentation.
Pipelines Reference docs/2.0/reference/pipelines/index.md, configurations-as-code/api.mdx, configurations-as-code/index.md, feature-flags.md, terragrunt-version-compatibility.md, language_transition_partial.mdx, language_auth_partial.mdx	Added azure_oidc and custom auth blocks to API reference; expanded configuration examples for multi-cloud; split feature flag defaults by Pipelines version; added tabbed Terragrunt compatibility for GitHub/GitLab; introduced language transition partial documenting YAML→HCL migration.
Getting Started & Overview docs/2.0/docs/overview/getting-started/index.md	Updated Step 2 and Step 4 links to reference Account Factory; expanded Step 4 with explicit GitHub/GitLab repository options and existing repository section.
Component Type Enhancements src/components/HclListItem.tsx	Updated HclListItemDescription, HclListItemExample, HclGeneralListItem, and HclListItemTypeDetails to explicitly parameterize with PropsWithChildren for improved type safety.
Interactive Features & Styling src/css/custom.css, src/theme/Root.js, utils/checkbox.ts, utils/anchor.ts	Added custom checkbox styling with SVG checkmarks; introduced persistent checkbox state management via localStorage; added anchor scrolling utility to open closed detail elements; integrated utilities into Root theme component.
Sidebar & Redirects sidebars/docs.js, sidebars/reference.js, src/redirects.js	Comprehensive sidebar restructuring: renamed authentication categories, expanded bootstrap guide names, added new Account Factory sections and delegated repository items, added GitHub/GitLab migration guides; removed beta qualifier from HCL configurations; added new redirects for cloud-auth, landing zone, delegated repos, and execution-flow paths.

Sequence Diagram(s)

sequenceDiagram
    participant User as User<br/>(Documentation)
    participant Browser
    participant localStorage as LocalStorage
    participant DOM as DOM<br/>(Checkboxes)

    User->>Browser: Load documentation page
    activate Browser
    Browser->>DOM: Render checkboxes
    Browser->>Root.js: Trigger useEffect (location change)
    
    Root.js->>utils/checkbox.ts: interactivePersistentCheckboxes()
    activate utils/checkbox.ts
    utils/checkbox.ts->>localStorage: Check for stored state<br/>(key: docusaurus.checkboxes)
    utils/checkbox.ts->>DOM: Restore checkbox states<br/>from localStorage
    utils/checkbox.ts->>DOM: Enable checkboxes
    deactivate utils/checkbox.ts
    
    User->>DOM: Click checkbox
    DOM->>utils/checkbox.ts: Trigger click handler
    utils/checkbox.ts->>localStorage: Update state for<br/>current page+index
    
    Browser->>Root.js: Trigger useEffect (hash change)
    Root.js->>utils/anchor.ts: scrollToAnchorInClosedSection(location)
    activate utils/anchor.ts
    utils/anchor.ts->>DOM: Locate element by id
    utils/anchor.ts->>DOM: Check if in closed<br/>details element
    alt Element in closed details
        utils/anchor.ts->>DOM: Find parent summary
        utils/anchor.ts->>DOM: Click summary<br/>(open details)
        utils/anchor.ts->>DOM: Scroll element<br/>into view (500ms delay)
    end
    deactivate utils/anchor.ts
    
    deactivate Browser

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~75 minutes

The scope is substantial, spanning documentation reorganization, new cloud authentication concepts, component type updates, utility additions, and sidebar restructuring. While many documentation changes follow similar patterns, they're contextually diverse (Account Factory, Pipelines, various cloud platforms). The code changes are relatively straightforward, but the sheer volume and heterogeneity across documentation, configuration, components, and utilities require careful review to ensure consistency, completeness, and correctness of cross-references and sidebar navigation.

Possibly related PRs

• GitLab Account factory docs #2677: Directly related — both remove the babel.config.js export.
• chore: use tab group ids #2672: Related — both standardize Tabs components with groupId="platform" attributes across documentation.
• Pipelines GitLab Support Docs #2393: Related — overlapping documentation changes adding GitLab support across architecture, CI workflows, authentication, and machine user guidance.

Suggested reviewers

• Resonance1584
• odgrim

Poem

📚 From YAML to HCL, docs take flight,
Cloud auth glows bright in azure and white,
Checkboxes persist with localStorage grace,
As Pipelines and Account Factory embrace their place.
Sidebars reborn with tabs and new ways,
Documentation refactored for brighter days! 🚀

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The pull request title clearly indicates that this PR contains documentation updates for Pipelines version 4, matching the extensive changes to support v4 throughout the docs. It’s concise, follows conventional commit style with the “docs:” prefix, and conveys the main focus to anyone scanning the history. Although it doesn’t detail every change, it appropriately summarizes the central intent without unnecessary noise.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch pipelines-v4

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 18

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (8)

docs/2.0/reference/pipelines/configurations-as-code/api.mdx (7)

181-197: Fix invalid overlapping MDX tags (build-breaker).

<HclListItem> for aws_oidc isn’t closed before starting azure_oidc. MDX cannot have overlapping component tags.

 ### `aws_oidc` block
 <HclListItem name="aws_oidc" requirement="optional" type="block">
 <HclListItemDescription>
 
 An AWS OIDC authentication block that determines how Pipelines will authenticate with AWS using OIDC. See more [below](#aws_oidc-block-attributes).
-### `azure_oidc` block
-<HclListItem name="azure_oidc" requirement="optional" type="block">
-<HclListItemDescription>
+</HclListItemDescription>
+</HclListItem>
+
+### `azure_oidc` block
+<HclListItem name="azure_oidc" requirement="optional" type="block">
+<HclListItemDescription>
   ...
-</HclListItemDescription>
-</HclListItem>
-
-</HclListItemDescription>
-</HclListItem>
+</HclListItemDescription>
+</HclListItem>

---

80-87: Make aws_oidc attribute names consistent (*_role_arn).

Examples use plan_iam_role/apply_iam_role but attribute docs define plan_iam_role_arn/apply_iam_role_arn. Standardize on one (the _arn variant seems intended).

 authentication {
   aws_oidc {
     account_id     = "an-aws-account-id"
-    plan_iam_role  = "arn:aws:iam::an-aws-account-id:role-to-assume-for-plans"
-    apply_iam_role = "arn:aws:iam::an-aws-account-id:role-to-assume-for-applies"
+    plan_iam_role_arn  = "arn:aws:iam::an-aws-account-id:role-to-assume-for-plans"
+    apply_iam_role_arn = "arn:aws:iam::an-aws-account-id:role-to-assume-for-applies"
   }
 }

Also applies to: 370-384

---

171-176: Normalize type prop to labeled-block.

type="labeled block" is inconsistent with other sections ("labeled-block"). Likely a prop value your component expects.

-<HclListItem name="accounts" requirement="optional" type="labeled block">
+<HclListItem name="accounts" requirement="optional" type="labeled-block">

---

331-338: Correct aws block attributes description.

The accounts attribute describes a labeled block for account collections, not an AWS account ID.

-<HclListItemDescription>
-The AWS account ID that Pipelines will authenticate with.  See more [below](#accounts-block-attributes).
-</HclListItemDescription>
+<HclListItemDescription>
+Defines one or more labeled `accounts` blocks (collections of AWS accounts). See more [below](#accounts-block-attributes).
+</HclListItemDescription>

---

297-303: Fix capitalization: “IaC”.

Small typo in “Infrastructure as Code(Iac)”.

-The Infrastructure as Code(Iac) binary that Pipelines will instruct Terragrunt to use. Valid values are:
+The Infrastructure as Code (IaC) binary that Pipelines will instruct Terragrunt to use. Valid values are:

---

314-320: Hyphenate “comma-separated”.

-A comma separate list of ignore filters to exclude from pipelines runs. See the full documentation [here](/2.0/reference/pipelines/ignore-list)
+A comma-separated list of ignore filters to exclude from Pipelines runs. See the full documentation [here](/2.0/reference/pipelines/ignore-list)

---

238-247: Update authentication attributes to include Azure and custom.

The attributes section only lists aws_oidc, but you added azure_oidc and custom blocks.

-<HclListItem name="aws_oidc" requirement="required" type="block">
+<HclListItem name="aws_oidc" requirement="optional" type="block">
 ...
-</HclListItem>
+ </HclListItem>
+
+<HclListItem name="azure_oidc" requirement="optional" type="block">
+  <HclListItemDescription>
+  An Azure OIDC authentication block that determines how Pipelines will authenticate with Azure using OIDC. See more [below](#azure_oidc-block-attributes).
+  </HclListItemDescription>
+</HclListItem>
+
+<HclListItem name="custom" requirement="optional" type="block">
+  <HclListItemDescription>
+  A custom authentication block used to run a command that supplies credentials before Terragrunt execution. See more [below](#custom-block-attributes).
+  </HclListItemDescription>
+</HclListItem>

docs/2.0/docs/pipelines/tutorials/deploying-to-aws-gov-cloud.mdx (1)

101-105: Fix the _global path in the generated files list.

The bullet for region.hcl currently points to $$ACCOUNT_NAME$$/_global_/region.hcl, but the rendered boilerplate places that file in $$ACCOUNT_NAME$$/_global/region.hcl (no trailing underscore). Anyone following the docs as written will look in the wrong directory and think the file was never generated. Please correct the path.

🧹 Nitpick comments (3)

docs/2.0/docs/pipelines/tutorials/destroying-infrastructure.mdx (1)

33-41: Tighten repeated phrasing in AWS caution/tip.

Reduce duplicate “you may need to…” wording for concision.

-By default, Pipelines is configured with the permissions needed to complete this tutorial. However, depending on your specific setup, you may need to adjust the IAM roles used by Pipelines to ensure they have the necessary permissions to destroy resources.
+By default, Pipelines includes the permissions needed for this tutorial. Depending on your setup, adjust the IAM roles Pipelines assumes so they can destroy the targeted resources.

-The default Pipelines role has permissions to delete S3 buckets with names that start with `test-pipelines-`. If you're destroying resources with different naming conventions, you may need to update the IAM policy accordingly.
+The default Pipelines role can delete S3 buckets named `test-pipelines-*`. For other naming conventions, update the IAM policy accordingly.

(LanguageTool: REP_NEED_TO_VB)

docs/2.0/docs/accountfactory/architecture/security-controls.md (1)

214-235: Tighten sentences and fix small grammar nits in delegated roles.

• “during provisioning include documentation” → “during provisioning and include…”
• Reduce repeated sentences and clarify minimal-permissions note.

-- A pull request will be opened in `infrastructure-live-access-control` during provisioning include documentation for adding additional permissions if necessary.
+- A pull request will be opened in `infrastructure-live-access-control` during provisioning and will include documentation for adding additional permissions if necessary.

(LanguageTool: sentence starts repetition)

src/theme/Root.js (1)

151-157: Wire the helper cleanups into these effects.

Both interactivePersistentCheckboxes and scrollToAnchorInClosedSection return cleanup callbacks (to clear timeouts) but the effects ignore them, so the timers hang around if the route changes quickly. Let the effects forward those cleanup functions.

-  useEffect(() => {
-    interactivePersistentCheckboxes()
-  }, [location.pathname])
+  useEffect(() => {
+    return interactivePersistentCheckboxes()
+  }, [location.pathname])
 
-  useEffect(() => {
-    scrollToAnchorInClosedSection(location)
-  }, [location.hash])
+  useEffect(() => {
+    return scrollToAnchorInClosedSection(location)
+  }, [location.hash])

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6531135 and de1019e.

⛔ Files ignored due to path filters (11)

• static/img/accountfactory/dev-portal-request-generator.png is excluded by !**/*.png
• static/img/pipelines/maintain/drift-detection-manual-dispatch-github.png is excluded by !**/*.png
• static/img/pipelines/maintain/drift-detection-manual-dispatch-gitlab.png is excluded by !**/*.png
• static/img/pipelines/maintain/drift-detection-manual-dispatch.png is excluded by !**/*.png
• static/img/pipelines/maintain/unlock-all-github.png is excluded by !**/*.png
• static/img/pipelines/maintain/unlock-all-gitlab.png is excluded by !**/*.png
• static/img/pipelines/maintain/unlock-logs-lock-id.png is excluded by !**/*.png
• static/img/pipelines/maintain/unlock-unit-github.png is excluded by !**/*.png
• static/img/pipelines/maintain/unlock-unit-gitlab.png is excluded by !**/*.png
• static/img/pipelines/security/INFRA_ROOT_WRITE_TOKEN.png is excluded by !**/*.png
• static/img/pipelines/security/ORG_REPO_ADMIN_TOKEN.png is excluded by !**/*.png

📒 Files selected for processing (68)

• babel.config.js (0 hunks)
• custom-dictionary.txt (1 hunks)
• docs/2.0/docs/accountfactory/architecture/index.md (1 hunks)
• docs/2.0/docs/accountfactory/architecture/repository-topology.md (1 hunks)
• docs/2.0/docs/accountfactory/architecture/security-controls.md (1 hunks)
• docs/2.0/docs/accountfactory/guides/setup-delegated-repo.mdx (1 hunks)
• docs/2.0/docs/accountfactory/guides/vend-aws-account.md (2 hunks)
• docs/2.0/docs/accountfactory/installation/addingnewrepo.md (1 hunks)
• docs/2.0/docs/accountfactory/installation/index.md (1 hunks)
• docs/2.0/docs/accountfactory/prerequisites/awslandingzone.md (2 hunks)
• docs/2.0/docs/overview/getting-started/index.md (2 hunks)
• docs/2.0/docs/pipelines/architecture/audit-logs.md (2 hunks)
• docs/2.0/docs/pipelines/architecture/ci-workflows.md (3 hunks)
• docs/2.0/docs/pipelines/architecture/components.md (0 hunks)
• docs/2.0/docs/pipelines/architecture/execution-flow.md (1 hunks)
• docs/2.0/docs/pipelines/architecture/index.md (1 hunks)
• docs/2.0/docs/pipelines/architecture/security-controls.md (3 hunks)
• docs/2.0/docs/pipelines/architecture/usage-data.md (1 hunks)
• docs/2.0/docs/pipelines/concepts/cloud-auth/aws.mdx (6 hunks)
• docs/2.0/docs/pipelines/concepts/cloud-auth/azure.md (1 hunks)
• docs/2.0/docs/pipelines/concepts/cloud-auth/custom.md (1 hunks)
• docs/2.0/docs/pipelines/concepts/cloud-auth/index.md (1 hunks)
• docs/2.0/docs/pipelines/concepts/drift-detection.md (1 hunks)
• docs/2.0/docs/pipelines/configuration/driftdetection.md (1 hunks)
• docs/2.0/docs/pipelines/configuration/settings.md (1 hunks)
• docs/2.0/docs/pipelines/guides/handling-broken-iac.md (6 hunks)
• docs/2.0/docs/pipelines/guides/installing-drift-detection.md (2 hunks)
• docs/2.0/docs/pipelines/guides/managing-secrets.mdx (7 hunks)
• docs/2.0/docs/pipelines/guides/running-drift-detection.md (3 hunks)
• docs/2.0/docs/pipelines/guides/unlock.md (1 hunks)
• docs/2.0/docs/pipelines/installation/addingexistinggitlabrepo.mdx (1 hunks)
• docs/2.0/docs/pipelines/installation/addingexistingrepo.md (0 hunks)
• docs/2.0/docs/pipelines/installation/addingexistingrepo.mdx (1 hunks)
• docs/2.0/docs/pipelines/installation/addinggitlabrepo.md (0 hunks)
• docs/2.0/docs/pipelines/installation/addinggitlabrepo.mdx (1 hunks)
• docs/2.0/docs/pipelines/installation/addingnewrepo.md (0 hunks)
• docs/2.0/docs/pipelines/installation/addingnewrepo.mdx (1 hunks)
• docs/2.0/docs/pipelines/installation/authoverview.md (1 hunks)
• docs/2.0/docs/pipelines/installation/branch-protection.mdx (2 hunks)
• docs/2.0/docs/pipelines/installation/gitlab-branch-protection.md (1 hunks)
• docs/2.0/docs/pipelines/installation/overview.md (2 hunks)
• docs/2.0/docs/pipelines/installation/scm-comparison.md (1 hunks)
• docs/2.0/docs/pipelines/installation/viagithubapp.md (9 hunks)
• docs/2.0/docs/pipelines/installation/viamachineusers.mdx (16 hunks)
• docs/2.0/docs/pipelines/previous-versions/upgrading-github-v3-to-v4.md (1 hunks)
• docs/2.0/docs/pipelines/previous-versions/upgrading-gitlab-v1-to-v2.md (1 hunks)
• docs/2.0/docs/pipelines/tutorials/deploying-to-aws-gov-cloud.mdx (5 hunks)
• docs/2.0/docs/pipelines/tutorials/deploying-your-first-infrastructure-change.md (0 hunks)
• docs/2.0/docs/pipelines/tutorials/deploying-your-first-infrastructure-change.mdx (1 hunks)
• docs/2.0/docs/pipelines/tutorials/destroying-infrastructure.md (0 hunks)
• docs/2.0/docs/pipelines/tutorials/destroying-infrastructure.mdx (1 hunks)
• docs/2.0/reference/accountfactory/configurations-as-code.md (1 hunks)
• docs/2.0/reference/accountfactory/index.md (1 hunks)
• docs/2.0/reference/pipelines/configurations-as-code/api.mdx (5 hunks)
• docs/2.0/reference/pipelines/configurations-as-code/index.md (5 hunks)
• docs/2.0/reference/pipelines/feature-flags.md (3 hunks)
• docs/2.0/reference/pipelines/index.md (1 hunks)
• docs/2.0/reference/pipelines/language_auth_partial.mdx (0 hunks)
• docs/2.0/reference/pipelines/language_transition_partial.mdx (1 hunks)
• docs/2.0/reference/pipelines/terragrunt-version-compatibility.md (1 hunks)
• sidebars/docs.js (9 hunks)
• sidebars/reference.js (2 hunks)
• src/components/HclListItem.tsx (4 hunks)
• src/css/custom.css (3 hunks)
• src/redirects.js (4 hunks)
• src/theme/Root.js (2 hunks)
• utils/anchor.ts (1 hunks)
• utils/checkbox.ts (1 hunks)

💤 Files with no reviewable changes (8)

• docs/2.0/docs/pipelines/installation/addingnewrepo.md
• docs/2.0/docs/pipelines/installation/addingexistingrepo.md
• docs/2.0/docs/pipelines/installation/addinggitlabrepo.md
• docs/2.0/docs/pipelines/tutorials/destroying-infrastructure.md
• docs/2.0/docs/pipelines/architecture/components.md
• babel.config.js
• docs/2.0/docs/pipelines/tutorials/deploying-your-first-infrastructure-change.md
• docs/2.0/reference/pipelines/language_auth_partial.mdx

🧰 Additional context used

📓 Path-based instructions (1)

docs/**/*.mdx

📄 CodeRabbit inference engine (.cursor/rules/gitlab-background.mdc)

Whenever presenting information that diverges between GitHub and GitLab, use the and components to distinguish the two sets of information UNLESS the distinction is just changing one word. For example, GitHub has pull requests and GitLab has merge requests, so we can just say '... pull/merge requests...' and not need full .

Files:

• docs/2.0/docs/accountfactory/guides/setup-delegated-repo.mdx
• docs/2.0/docs/pipelines/installation/addingexistingrepo.mdx
• docs/2.0/reference/pipelines/language_transition_partial.mdx
• docs/2.0/docs/pipelines/tutorials/destroying-infrastructure.mdx
• docs/2.0/reference/pipelines/configurations-as-code/api.mdx
• docs/2.0/docs/pipelines/installation/addinggitlabrepo.mdx
• docs/2.0/docs/pipelines/installation/branch-protection.mdx
• docs/2.0/docs/pipelines/tutorials/deploying-your-first-infrastructure-change.mdx
• docs/2.0/docs/pipelines/guides/managing-secrets.mdx
• docs/2.0/docs/pipelines/tutorials/deploying-to-aws-gov-cloud.mdx
• docs/2.0/docs/pipelines/installation/addingnewrepo.mdx
• docs/2.0/docs/pipelines/installation/addingexistinggitlabrepo.mdx
• docs/2.0/docs/pipelines/installation/viamachineusers.mdx
• docs/2.0/docs/pipelines/concepts/cloud-auth/aws.mdx

🧠 Learnings (1)

📚 Learning: 2025-07-23T21:18:35.163Z

Learnt from: CR
PR: gruntwork-io/docs#0
File: .cursor/rules/gitlab-background.mdc:0-0
Timestamp: 2025-07-23T21:18:35.163Z
Learning: Applies to docs/**/*.mdx : Whenever presenting information that diverges between GitHub and GitLab, use the <Tabs> and <TabItem> components to distinguish the two sets of information UNLESS the distinction is just changing one word. For example, GitHub has pull requests and GitLab has merge requests, so we can just say '... pull/merge requests...' and not need full <Tabs>.

Applied to files:

• docs/2.0/docs/pipelines/architecture/ci-workflows.md
• docs/2.0/docs/pipelines/guides/installing-drift-detection.md
• docs/2.0/reference/pipelines/terragrunt-version-compatibility.md

🧬 Code graph analysis (2)

src/theme/Root.js (2)

utils/checkbox.ts (1)

• interactivePersistentCheckboxes (1-52)

utils/anchor.ts (1)

• scrollToAnchorInClosedSection (1-24)

utils/anchor.ts (1)

src/theme/Root.js (1)

• location (149-149)

🪛 Biome (2.1.2)

src/components/HclListItem.tsx

[error] 65-65: Avoid passing children using a prop

The canonical way to pass children in React is to use JSX elements

(lint/correctness/noChildrenProp)

🪛 LanguageTool

docs/2.0/docs/pipelines/installation/viagithubapp.md

[style] ~51-~51: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...e access to the entire organization. For non-Account Factory customers, we recom...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

---

[grammar] ~53-~53: Use a hyphen to join words.
Context: ...eated which is only possible with entire organization permission. If you are u...

(QB_NEW_EN_HYPHEN)

---

[grammar] ~125-~125: Use a hyphen to join words.
Context: ...cture using Gruntwork products. ### App Only Features The following features of...

(QB_NEW_EN_HYPHEN)

---

[style] ~129-~129: Consider a more concise word here.
Context: ...ng downtime: - GitHub App Linking: In order to link a Gruntwork.io GitHub App installa...

(IN_ORDER_TO_PREMIUM)

---

[style] ~134-~134: Consider a more concise word here.
Context: ...p to function correctly. ### Fallback In order to ensure that the availability of the Gru...

(IN_ORDER_TO_PREMIUM)

---

[style] ~169-~169: Consider a more concise word here.
Context: ...n repositories as especially privileged in order to perform critical operations like vendin...

(IN_ORDER_TO_PREMIUM)

docs/2.0/docs/pipelines/installation/addingexistingrepo.mdx

[uncategorized] ~15-~15: The official name of this software platform is spelled with a capital “H”.
Context: ...organize your environments. 5. Create .github/workflows/pipelines.yml to configure...

(GITHUB)

---

[style] ~105-~105: To make your writing flow more naturally, try moving the adverb ‘already’ closer to the verb ‘provisioned’.
Context: ...ide to either destroy the resources you already have provisioned and recreate them or import them into s...

(PERF_TENS_ADV_PLACEMENT)

---

[style] ~105-~105: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...ecreate them or import them into state. If you are not sure, please contact [Grunt...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

---

[uncategorized] ~202-~202: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...We're using an h3 tag here instead of a markdown heading to avoid adding content to the ...

(MARKDOWN_NNP)

---

[style] ~260-~260: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ...dencies, and accept defaults unless you want to customize something. Alternatively, yo...

(REP_WANT_TO_VB)

---

[uncategorized] ~306-~306: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...We're using an h3 tag here instead of a markdown heading to avoid adding content to the ...

(MARKDOWN_NNP)

---

[style] ~321-~321: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ...unt` is the name of the AWS account you want to bootstrap. ```bash title="name-of-acco...

(REP_WANT_TO_VB)

---

[uncategorized] ~382-~382: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...We're using an h3 tag here instead of a markdown heading to avoid adding content to the ...

(MARKDOWN_NNP)

---

[style] ~401-~401: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ...dencies, and accept defaults unless you want to customize something. Alternatively, yo...

(REP_WANT_TO_VB)

---

[uncategorized] ~455-~455: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...We're using an h3 tag here instead of a markdown heading to avoid adding content to the ...

(MARKDOWN_NNP)

---

[style] ~499-~499: Consider using a different verb to strengthen your wording.
Context: ...load the Azure provider on every run to speed up the process by leveraging the [Terragru...

(SPEED_UP_ACCELERATE)

---

[uncategorized] ~526-~526: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...We're using an h3 tag here instead of a markdown heading to avoid adding content to the ...

(MARKDOWN_NNP)

---

[uncategorized] ~615-~615: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...We're using an h3 tag here instead of a markdown heading to avoid adding content to the ...

(MARKDOWN_NNP)

---

[uncategorized] ~783-~783: The official name of this software platform is spelled with a capital “H”.
Context: ...thub/workflows/pipelines.yml Create a.github/workflows/pipelines.yml` file in the ro...

(GITHUB)

docs/2.0/reference/pipelines/language_transition_partial.mdx

[style] ~3-~3: This phrasing can be wordy. For improved clarity, try opting for something more concise.
Context: ...s.md) will continue to work as expected for the time being. YAML configurations are read by Pipel...

(FOR_THE_TIME_BEING)

docs/2.0/docs/pipelines/tutorials/destroying-infrastructure.mdx

[style] ~37-~37: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ...h different naming conventions, you may need to update the IAM policy accordingly. :::...

(REP_NEED_TO_VB)

docs/2.0/docs/pipelines/guides/unlock.md

[style] ~76-~76: ‘In the event that’ might be wordy. Consider a shorter alternative.
Context: ...aform-locks` table in each region. ::: In the event that many locks are being held, and it is di...

(EN_WORDINESS_PREMIUM_IN_THE_EVENT_THAT)

---

[style] ~77-~77: Try moving the adverb to make the sentence clearer.
Context: ...in the Lock IDs, an Unlock All workflow exists to forcibly remove all locks. Run this workflow with caution. <Tabs...

(SPLIT_INFINITIVE)

docs/2.0/docs/pipelines/installation/addinggitlabrepo.mdx

[style] ~19-~19: Consider using “inaccessible” to avoid wordiness.
Context: ...g a self-hosted GitLab instance that is not accessible from the public internet. If you are us...

(NOT_ABLE_PREMIUM)

---

[uncategorized] ~135-~135: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...We're using an h3 tag here instead of a markdown heading to avoid adding content to the ...

(MARKDOWN_NNP)

---

[uncategorized] ~224-~224: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...We're using an h3 tag here instead of a markdown heading to avoid adding content to the ...

(MARKDOWN_NNP)

---

[uncategorized] ~268-~268: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...We're using an h3 tag here instead of a markdown heading to avoid adding content to the ...

(MARKDOWN_NNP)

---

[style] ~273-~273: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ...ocess. For each additional account you want to bootstrap, you'll use Boilerplate in th...

(REP_WANT_TO_VB)

---

[style] ~354-~354: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ...urces in it. ::: For each account you want to bootstrap, you'll need to run the follo...

(REP_WANT_TO_VB)

---

[uncategorized] ~403-~403: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...We're using an h3 tag here instead of a markdown heading to avoid adding content to the ...

(MARKDOWN_NNP)

---

[uncategorized] ~482-~482: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...We're using an h3 tag here instead of a markdown heading to avoid adding content to the ...

(MARKDOWN_NNP)

---

[style] ~526-~526: Consider using a different verb to strengthen your wording.
Context: ...load the Azure provider on every run to speed up the process by leveraging the [Terragru...

(SPEED_UP_ACCELERATE)

---

[uncategorized] ~553-~553: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...We're using an h3 tag here instead of a markdown heading to avoid adding content to the ...

(MARKDOWN_NNP)

---

[uncategorized] ~694-~694: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...We're using an h3 tag here instead of a markdown heading to avoid adding content to the ...

(MARKDOWN_NNP)

---

[uncategorized] ~715-~715: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...We're using an h3 tag here instead of a markdown heading to avoid adding content to the ...

(MARKDOWN_NNP)

---

[style] ~720-~720: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: .... For each additional subscription you want to bootstrap, you'll use Boilerplate in th...

(REP_WANT_TO_VB)

docs/2.0/docs/accountfactory/architecture/security-controls.md

[style] ~68-~68: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...different SCM platform (e.g. GitLab). - You want a fallback mechanism in case the G...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

docs/2.0/docs/pipelines/installation/branch-protection.mdx

[grammar] ~3-~3: Use a hyphen to join words.
Context: ...d to function within a pull request (PR) based workflow. Approving a pull request...

(QB_NEW_EN_HYPHEN)

---

[style] ~45-~45: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...ping-your-account-and-data-secure). 3. [User accounts are granted access to infrastr...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

docs/2.0/docs/pipelines/tutorials/deploying-your-first-infrastructure-change.mdx

[style] ~38-~38: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ...to use a different bucket name, you may need to update the IAM policy accordingly. :::...

(REP_NEED_TO_VB)

---

[style] ~134-~134: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...cation = "$$LOCATION$$" } ``` 4. Add the Terragrunt code below to define the...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

---

[uncategorized] ~177-~177: The official name of this software platform is spelled with a capital “H”.
Context: ...tically execute the workflow defined in /.github/workflows/pipelines.yml in your reposi...

(GITHUB)

---

[style] ~251-~251: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...rces were created. To clean up the resources created during t...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

docs/2.0/docs/accountfactory/architecture/repository-topology.md

[style] ~13-~13: As a shorter alternative for ‘able to’, consider using “can”.
Context: ...AWS accounts so that your platform team is able to provision infrastructure in them as nec...

(BE_ABLE_TO)

---

[style] ~13-~13: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...ecessary to prepare them for workloads. This is also where your platform team can pr...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

---

[style] ~43-~43: To elevate your writing, try using more descriptive phrasing here.
Context: ...ol` This is where you solve one of the biggest challenges in scaling infrastructure ma...

(BIGGEST_CHALLENGE)

---

[style] ~51-~51: This phrase is redundant. Consider using “outside”.
Context: ... each team can do in their AWS accounts outside of the infrastructure-live-root reposito...

(OUTSIDE_OF)

---

[style] ~69-~69: As an alternative to the over-used intensifier ‘very’, consider replacing this phrase.
Context: ...ontrol across multiple repositories for very large organizations, remember that multiple s...

(EN_WEAK_ADJECTIVE)

---

[style] ~100-~100: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...n. ## infrastructure-live-delegated This is where you can start to empower more ...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

docs/2.0/docs/accountfactory/installation/addingnewrepo.md

[style] ~91-~91: Consider using “inaccessible” to avoid wordiness.
Context: ...g a self-hosted GitLab instance that is not accessible from the public internet. If you are us...

(NOT_ABLE_PREMIUM)

---

[grammar] ~344-~344: Use a hyphen to join words.
Context: ...tion in Administration from the left side navigation panel 1. Cli...

(QB_NEW_EN_HYPHEN)

---

[grammar] ~351-~351: Use a hyphen to join words.
Context: ...Grant access** button in the lower right hand corner 1. - [ ] Increase Accou...

(QB_NEW_EN_HYPHEN)

docs/2.0/docs/pipelines/previous-versions/upgrading-github-v3-to-v4.md

[style] ~6-~6: ‘Prior to’ might be wordy. Consider a shorter alternative.
Context: ...ipelines implementation within GitHub. Prior to v4 the bulk of the "glue" logic to stit...

(EN_WORDINESS_PREMIUM_PRIOR_TO)

---

[uncategorized] ~217-~217: The official name of this software platform is spelled with a capital “H”.
Context: ...on requires) Each pipelines action from pipelines-actions/.github/actions has been added to the organiza...

(GITHUB)

---

[uncategorized] ~223-~223: The official name of this software platform is spelled with a capital “H”.
Context: ... -delegated repositories), update the .github/workflows/pipelines.yml file as follow...

(GITHUB)

---

[uncategorized] ~260-~260: The official name of this software platform is spelled with a capital “H”.
Context: ... -delegated repositories), update the `.github/workflows/pipelines-drift-detection.yml...

(GITHUB)

---

[uncategorized] ~308-~308: The official name of this software platform is spelled with a capital “H”.
Context: ... -delegated repositories), update the .github/workflows/pipelines-unlock.yml file as...

(GITHUB)

docs/2.0/docs/pipelines/installation/gitlab-branch-protection.md

[grammar] ~3-~3: Use a hyphen to join words.
Context: ... to function within a merge request (MR) based workflow. Approving a merge reques...

(QB_NEW_EN_HYPHEN)

---

[style] ~11-~11: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...oup to control who can merge changes. - Set Allowed to push to "No one" to prev...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

---

[style] ~26-~26: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...s.gitlab.com/auth/auth_practices/). 3. [User accounts are granted access to infrastr...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

docs/2.0/docs/pipelines/architecture/audit-logs.md

[style] ~16-~16: It’s more common nowadays to write this noun as one word.
Context: ...il/), where session names appear in the User name field, making it easy to identify whic...

(RECOMMENDED_COMPOUNDS)

docs/2.0/docs/pipelines/guides/managing-secrets.mdx

[uncategorized] ~30-~30: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...lt> {/* We use an h3 here instead of a markdown heading to avoid breaking the ToC */} <...

(MARKDOWN_NNP)

---

[uncategorized] ~77-~77: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...e"> {/* We use an h3 here instead of a markdown heading to avoid breaking the ToC */} <...

(MARKDOWN_NNP)

---

[grammar] ~132-~132: Use a hyphen to join words.
Context: ... the root root.hcl file from Gruntwork provided Boilerplate templates: <Tabs g...

(QB_NEW_EN_HYPHEN)

docs/2.0/docs/pipelines/installation/addingnewrepo.mdx

[uncategorized] ~12-~12: The official name of this software platform is spelled with a capital “H”.
Context: ...nticate in your environments. 4. Create .github/workflows/pipelines.yml to tell your G...

(GITHUB)

---

[uncategorized] ~132-~132: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...We're using an h3 tag here instead of a markdown heading to avoid adding content to the ...

(MARKDOWN_NNP)

---

[uncategorized] ~209-~209: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...We're using an h3 tag here instead of a markdown heading to avoid adding content to the ...

(MARKDOWN_NNP)

---

[uncategorized] ~261-~261: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...We're using an h3 tag here instead of a markdown heading to avoid adding content to the ...

(MARKDOWN_NNP)

---

[style] ~267-~267: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ...ocess. For each additional account you want to bootstrap, you'll use Boilerplate in th...

(REP_WANT_TO_VB)

---

[style] ~349-~349: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ...urces in it. ::: For each account you want to bootstrap, you'll need to run the follo...

(REP_WANT_TO_VB)

---

[uncategorized] ~404-~404: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...We're using an h3 tag here instead of a markdown heading to avoid adding content to the ...

(MARKDOWN_NNP)

---

[uncategorized] ~479-~479: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...We're using an h3 tag here instead of a markdown heading to avoid adding content to the ...

(MARKDOWN_NNP)

---

[style] ~532-~532: Consider using a different verb to strengthen your wording.
Context: ...load the Azure provider on every run to speed up the process. ::: :::note Progress Che...

(SPEED_UP_ACCELERATE)

---

[uncategorized] ~565-~565: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...We're using an h3 tag here instead of a markdown heading to avoid adding content to the ...

(MARKDOWN_NNP)

---

[uncategorized] ~716-~716: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...We're using an h3 tag here instead of a markdown heading to avoid adding content to the ...

(MARKDOWN_NNP)

---

[uncategorized] ~741-~741: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...We're using an h3 tag here instead of a markdown heading to avoid adding content to the ...

(MARKDOWN_NNP)

---

[style] ~747-~747: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: .... For each additional subscription you want to bootstrap, you'll use Boilerplate in th...

(REP_WANT_TO_VB)

docs/2.0/docs/pipelines/architecture/index.md

[style] ~4-~4: This phrase is redundant. Consider using “Outside”.
Context: ...he complexity of performing IaC CI/CD. Outside of the main binary, Pipelines has several ...

(OUTSIDE_OF)

---

[style] ~23-~23: Consider using “except” or “except for”
Context: ...authenticates to these cloud providers (with the exception of Custom authentication) is via OpenID Co...

(WITH_THE_EXCEPTION_OF)

---

[style] ~25-~25: As a shorter alternative for ‘able to’, consider using “can”.
Context: ...D Connect (OIDC). With OIDC, Pipelines is able to generate temporary credentials for gran...

(BE_ABLE_TO)

---

[style] ~44-~44: As a shorter alternative for ‘able to’, consider using “can”.
Context: ...sing the Gruntwork.io GitHub App, users are able to avoid the need to provision any machine...

(BE_ABLE_TO)

---

[grammar] ~60-~60: Use a hyphen to join words.
Context: ...Machine Users have to relevant Gruntwork owned repositories, made available via c...

(QB_NEW_EN_HYPHEN)

docs/2.0/docs/pipelines/guides/installing-drift-detection.md

[style] ~20-~20: Consider using “incompatible” to avoid wordiness.
Context: ...ssions granted by the GitHub App and is not compatible with machine user tokens. <PersistentC...

(NOT_ABLE_PREMIUM)

docs/2.0/docs/pipelines/installation/addingexistinggitlabrepo.mdx

[style] ~22-~22: Consider using “inaccessible” to avoid wordiness.
Context: ...g a self-hosted GitLab instance that is not accessible from the public internet. If you are us...

(NOT_ABLE_PREMIUM)

---

[style] ~117-~117: To make your writing flow more naturally, try moving the adverb ‘already’ closer to the verb ‘provisioned’.
Context: ...ide to either destroy the resources you already have provisioned and recreate them or import them into s...

(PERF_TENS_ADV_PLACEMENT)

---

[style] ~117-~117: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...ecreate them or import them into state. If you are not sure, please contact [Grunt...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

---

[uncategorized] ~214-~214: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...We're using an h3 tag here instead of a markdown heading to avoid adding content to the ...

(MARKDOWN_NNP)

---

[style] ~272-~272: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ...dencies, and accept defaults unless you want to customize something. Alternatively, yo...

(REP_WANT_TO_VB)

---

[uncategorized] ~337-~337: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...We're using an h3 tag here instead of a markdown heading to avoid adding content to the ...

(MARKDOWN_NNP)

---

[style] ~352-~352: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ...unt` is the name of the AWS account you want to bootstrap. ```bash title="name-of-acco...

(REP_WANT_TO_VB)

---

[uncategorized] ~413-~413: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...We're using an h3 tag here instead of a markdown heading to avoid adding content to the ...

(MARKDOWN_NNP)

---

[style] ~432-~432: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ...dencies, and accept defaults unless you want to customize something. Alternatively, yo...

(REP_WANT_TO_VB)

---

[uncategorized] ~488-~488: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...We're using an h3 tag here instead of a markdown heading to avoid adding content to the ...

(MARKDOWN_NNP)

---

[style] ~532-~532: Consider using a different verb to strengthen your wording.
Context: ...load the Azure provider on every run to speed up the process by leveraging the [Terragru...

(SPEED_UP_ACCELERATE)

---

[uncategorized] ~559-~559: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...We're using an h3 tag here instead of a markdown heading to avoid adding content to the ...

(MARKDOWN_NNP)

---

[uncategorized] ~642-~642: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...We're using an h3 tag here instead of a markdown heading to avoid adding content to the ...

(MARKDOWN_NNP)

docs/2.0/docs/pipelines/installation/viamachineusers.mdx

[uncategorized] ~252-~252: The official name of this software platform is spelled with a capital “H”.
Context: ... repositories, including content in the .github/workflows directory. Without this perm...

(GITHUB)

---

[grammar] ~268-~268: Use a hyphen to join words.
Context: ...issions. Since classic PATs offer coarse grained access controls, it’s recommende...

(QB_NEW_EN_HYPHEN)

---

[grammar] ~427-~427: Use a hyphen to join words.
Context: ...OB_TOKENwhen accessing internal GitLab hosted code. -PIPELINES_GITLAB_ADMIN_T...

(QB_NEW_EN_HYPHEN)

docs/2.0/docs/accountfactory/guides/vend-aws-account.md

[uncategorized] ~51-~51: The official name of this software platform is spelled with a capital “H”.
Context: ...infrastructure-live-rootrepository at.github/workflows/account-factory-inputs.html` ...

(GITHUB)

docs/2.0/reference/pipelines/terragrunt-version-compatibility.md

[style] ~12-~12: Consider using “incompatible” to avoid wordiness.
Context: ...| 0.84.z | v3.y.z | Pipelines v3.y.z is not compatible with Terragrunt 0.85.0 and above.| | Re...

(NOT_ABLE_PREMIUM)

---

[style] ~23-~23: Consider using “incompatible” to avoid wordiness.
Context: ...| 0.84.z | v1.y.z | Pipelines v1.y.z is not compatible with Terragrunt 0.85.0 and above.| | Mi...

(NOT_ABLE_PREMIUM)

docs/2.0/docs/pipelines/guides/running-drift-detection.md

[grammar] ~78-~78: Use a hyphen to join words.
Context: ... Under Inputs use the Select inputs drop down to add the "pipelines_workflow" inp...

(QB_NEW_EN_HYPHEN)

🪛 markdownlint-cli2 (0.18.1)

docs/2.0/docs/accountfactory/architecture/repository-topology.md

53-53: Emphasis style
Expected: asterisk; Actual: underscore

(MD049, emphasis-style)

---

53-53: Emphasis style
Expected: asterisk; Actual: underscore

(MD049, emphasis-style)

docs/2.0/docs/accountfactory/installation/addingnewrepo.md

108-108: Bare URL used

(MD034, no-bare-urls)

---

133-133: Code block style
Expected: indented; Actual: fenced

(MD046, code-block-style)

---

146-146: Code block style
Expected: indented; Actual: fenced

(MD046, code-block-style)

---

165-165: Code block style
Expected: indented; Actual: fenced

(MD046, code-block-style)

---

266-266: Code block style
Expected: indented; Actual: fenced

(MD046, code-block-style)

---

275-275: Code block style
Expected: indented; Actual: fenced

(MD046, code-block-style)

---

309-309: Code block style
Expected: indented; Actual: fenced

(MD046, code-block-style)

---

315-315: Code block style
Expected: indented; Actual: fenced

(MD046, code-block-style)

---

321-321: Code block style
Expected: indented; Actual: fenced

(MD046, code-block-style)

---

327-327: Code block style
Expected: indented; Actual: fenced

(MD046, code-block-style)

---

337-337: Heading levels should only increment by one level at a time
Expected: h2; Actual: h4

(MD001, heading-increment)

---

337-337: Headings must start at the beginning of the line

(MD023, heading-start-left)

---

359-359: Link text should be descriptive

(MD059, descriptive-link-text)

---

366-366: Code block style
Expected: indented; Actual: fenced

(MD046, code-block-style)

---

372-372: Code block style
Expected: indented; Actual: fenced

(MD046, code-block-style)

---

378-378: Code block style
Expected: indented; Actual: fenced

(MD046, code-block-style)

---

384-384: Code block style
Expected: indented; Actual: fenced

(MD046, code-block-style)

---

393-393: Code block style
Expected: indented; Actual: fenced

(MD046, code-block-style)

---

399-399: Code block style
Expected: indented; Actual: fenced

(MD046, code-block-style)

---

405-405: Code block style
Expected: indented; Actual: fenced

(MD046, code-block-style)

---

411-411: Code block style
Expected: indented; Actual: fenced

(MD046, code-block-style)

---

420-420: Code block style
Expected: indented; Actual: fenced

(MD046, code-block-style)

---

426-426: Code block style
Expected: indented; Actual: fenced

(MD046, code-block-style)

---

432-432: Code block style
Expected: indented; Actual: fenced

(MD046, code-block-style)

---

438-438: Code block style
Expected: indented; Actual: fenced

(MD046, code-block-style)

---

444-444: Code block style
Expected: indented; Actual: fenced

(MD046, code-block-style)

---

450-450: Code block style
Expected: indented; Actual: fenced

(MD046, code-block-style)

---

482-482: Code block style
Expected: indented; Actual: fenced

(MD046, code-block-style)

---

516-516: Code block style
Expected: indented; Actual: fenced

(MD046, code-block-style)

---

529-529: Code block style
Expected: indented; Actual: fenced

(MD046, code-block-style)

---

564-564: Code block style
Expected: indented; Actual: fenced

(MD046, code-block-style)

---

595-595: Code block style
Expected: indented; Actual: fenced

(MD046, code-block-style)

---

603-603: Code block style
Expected: indented; Actual: fenced

(MD046, code-block-style)

docs/2.0/docs/pipelines/previous-versions/upgrading-github-v3-to-v4.md

38-38: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

67-67: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

74-74: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

268-268: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

282-282: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

316-316: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

338-338: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

docs/2.0/docs/pipelines/guides/installing-drift-detection.md

15-15: Heading levels should only increment by one level at a time
Expected: h2; Actual: h3

(MD001, heading-increment)

docs/2.0/reference/accountfactory/configurations-as-code.md

73-73: Code block style
Expected: fenced; Actual: indented

(MD046, code-block-style)

---

84-84: Code block style
Expected: fenced; Actual: indented

(MD046, code-block-style)

---

115-115: Code block style
Expected: fenced; Actual: indented

(MD046, code-block-style)

---

145-145: Code block style
Expected: fenced; Actual: indented

(MD046, code-block-style)

---

155-155: Code block style
Expected: fenced; Actual: indented

(MD046, code-block-style)

---

165-165: Code block style
Expected: fenced; Actual: indented

(MD046, code-block-style)

---

175-175: Code block style
Expected: fenced; Actual: indented

(MD046, code-block-style)

---

185-185: Code block style
Expected: fenced; Actual: indented

(MD046, code-block-style)

---

195-195: Code block style
Expected: fenced; Actual: indented

(MD046, code-block-style)

---

205-205: Code block style
Expected: fenced; Actual: indented

(MD046, code-block-style)

---

215-215: Code block style
Expected: fenced; Actual: indented

(MD046, code-block-style)

---

225-225: Code block style
Expected: fenced; Actual: indented

(MD046, code-block-style)

---

235-235: Code block style
Expected: fenced; Actual: indented

(MD046, code-block-style)

---

245-245: Code block style
Expected: fenced; Actual: indented

(MD046, code-block-style)

---

255-255: Code block style
Expected: fenced; Actual: indented

(MD046, code-block-style)

---

266-266: Code block style
Expected: fenced; Actual: indented

(MD046, code-block-style)

---

276-276: Code block style
Expected: fenced; Actual: indented

(MD046, code-block-style)

---

286-286: Code block style
Expected: fenced; Actual: indented

(MD046, code-block-style)

---

296-296: Code block style
Expected: fenced; Actual: indented

(MD046, code-block-style)

---

306-306: Code block style
Expected: fenced; Actual: indented

(MD046, code-block-style)

---

316-316: Code block style
Expected: fenced; Actual: indented

(MD046, code-block-style)

---

326-326: Code block style
Expected: fenced; Actual: indented

(MD046, code-block-style)

---

336-336: Code block style
Expected: fenced; Actual: indented

(MD046, code-block-style)

---

346-346: Code block style
Expected: fenced; Actual: indented

(MD046, code-block-style)

---

356-356: Code block style
Expected: fenced; Actual: indented

(MD046, code-block-style)

---

366-366: Code block style
Expected: fenced; Actual: indented

(MD046, code-block-style)

---

376-376: Code block style
Expected: fenced; Actual: indented

(MD046, code-block-style)

docs/2.0/reference/pipelines/terragrunt-version-compatibility.md

17-17: Tables should be surrounded by blank lines

(MD058, blanks-around-tables)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: validate_build
• GitHub Check: Validate generated content
• GitHub Check: Pull Request has non-contributor approval

🔇 Additional comments (7)

docs/2.0/reference/pipelines/feature-flags.md (1)

14-17: Clarity boost for versioned defaults. Calling out the GitHub v3/GitLab v1 versus v4+/v2+ defaults inline makes it a lot easier for readers to spot what applies to them without guessing. Nicely done.

Also applies to: 32-35, 57-60

docs/2.0/docs/pipelines/concepts/drift-detection.md (2)

11-14: Terminology alignment LGTM.

Using “Pull Request (GitHub) or Merge Request (GitLab)” and “Pull/Merge Request” avoids unnecessary Tabs. Matches our docs guideline.

---

15-15: Link path is correct
The URL /2.0/docs/pipelines/configuration/driftdetection matches the existing driftdetection.md file.

docs/2.0/docs/pipelines/tutorials/destroying-infrastructure.mdx (1)

79-100: Correct use of Tabs for SCM guidance.

Platform-specific GitHub/GitLab steps are split with Tabs as required. Looks good.

docs/2.0/docs/accountfactory/architecture/security-controls.md (1)

20-40: Do not rename .md to .mdx.
The Docusaurus setup already processes MDX components in .md files (evidenced by extensive use of <Tabs> across the docs), so a rename isn’t needed.

Likely an incorrect or invalid review comment.

docs/2.0/docs/pipelines/previous-versions/upgrading-gitlab-v1-to-v2.md (1)

65-111: Approve spec/inputs usage
spec: inputs is correctly placed at the top (above ---), each input is properly defined, and all values are forwarded to the component via include: inputs using the supported $[[ inputs.* ]] interpolation.

docs/2.0/docs/pipelines/installation/addingexistinggitlabrepo.mdx (1)

352-370: Fix Terragrunt command usage.

terragrunt run --all … isn’t a valid command—Terragrunt expects run-all. As written, these steps will fail for readers. Please swap in run-all (and adjust the surrounding text/snippets) everywhere this pattern appears.

Apply this diff to update the commands:

-terragrunt run --all --non-interactive --provider-cache --backend-bootstrap plan
+terragrunt run-all --non-interactive --provider-cache --backend-bootstrap plan
@@
-terragrunt run --all --non-interactive --provider-cache apply
+terragrunt run-all --non-interactive --provider-cache apply
@@
-terragrunt run --all --non-interactive --provider-cache plan
+terragrunt run-all --non-interactive --provider-cache plan
@@
-terragrunt run --all --non-interactive --provider-cache --no-stack-generate apply
+terragrunt run-all --non-interactive --provider-cache --no-stack-generate apply
@@
-terragrunt run --all --non-interactive --provider-cache --no-stack-generate -- init -migrate-state -force-copy
+terragrunt run-all --non-interactive --provider-cache --no-stack-generate -- init -migrate-state -force-copy

Also applies to: 527-546, 648-649

⛔ Skipped due to learnings

Learnt from: ZachGoldberg
PR: gruntwork-io/docs#2663
File: docs/2.0/docs/pipelines/architecture/change-types.md:59-61
Timestamp: 2025-07-17T18:44:16.153Z
Learning: In current Terragrunt versions (2024-2025), the preferred command syntax is `terragrunt run --all` rather than the deprecated `terragrunt run-all` subcommand. The `run-all` command is still functional for backwards compatibility but is being phased out in favor of the `run --all` syntax.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Fix link to roles doc (likely broken).

The IAM roles paragraph links to pipelines security controls with an anchor that doesn't exist here. It should point to Account Factory’s security controls page and anchor.

- Detailed information about the provisioned roles can be found [here](/2.0/docs/pipelines/architecture/security-controls#roles-provisioned-by-devops-foundations).
+ Detailed information about the provisioned roles can be found [here](/2.0/docs/accountfactory/architecture/security-controls#roles-provisioned-by-account-factory).

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	## IAM roles
	Newly created accounts include IAM policies that define the scope of changes Pipelines is authorized to perform within AWS. Pipelines automatically assumes the necessary roles for each account when it detects changes. Detailed information about the provisioned roles can be found [here](/2.0/docs/pipelines/architecture/security-controls#roles-provisioned-by-devops-foundations).
	## Delegated repositories
	## IAM roles
	Newly created accounts include IAM policies that define the scope of changes Pipelines is authorized to perform within AWS. Pipelines automatically assumes the necessary roles for each account when it detects changes. Detailed information about the provisioned roles can be found [here](/2.0/docs/accountfactory/architecture/security-controls#roles-provisioned-by-account-factory).
	## Delegated repositories

🤖 Prompt for AI Agents

docs/2.0/docs/accountfactory/architecture/index.md lines 32-36: the IAM roles
paragraph currently links to the Pipelines security-controls page with an
incorrect anchor; update the link target to point to Account Factory’s security
controls page and use the correct anchor (e.g.
/2.0/docs/accountfactory/architecture/security-controls#roles-provisioned-by-account-factory
or the actual anchor used in that page) so the “roles provisioned” reference
navigates to the Account Factory security controls section.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Use “OpenID Connect” capitalization.

-Refer to [Configuring OpenId Connect in Amazon Web Services]...
+Refer to [Configuring OpenID Connect in Amazon Web Services]...

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	Refer to [Configuring OpenId Connect in Amazon Web Services](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services) for additional details.
	Refer to [Configuring OpenID Connect in Amazon Web Services](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services) for additional details.

🤖 Prompt for AI Agents

In docs/2.0/docs/accountfactory/architecture/security-controls.md around lines
166 to 167, the phrase "OpenId Connect" is incorrectly capitalized; update the
text to use the correct "OpenID Connect" capitalization in the sentence and any
link text or surrounding references so the link reads "Configuring OpenID
Connect in Amazon Web Services" (preserve the URL unchanged).

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Tighten the OIDC bullet wording.

Both GitHub and GitLab bullet lists mix singular verbs with plural subjects (“trust policies … provides/limiting”). Could you tweak the phrasing so the verbs agree (“trust policies that restrict … and provide …”, “policies that limit …”)? It’ll read more smoothly.

🤖 Prompt for AI Agents

In docs/2.0/docs/pipelines/architecture/security-controls.md around lines 17 to
27, fix the subject–verb agreement and parallel phrasing in the GitHub and
GitLab OIDC bullets: change “trust policies that restrict access to the
repository itself and provides read-only permissions” to “trust policies that
restrict access to the repository itself and provide read-only permissions,”
change “trust policies that limiting access to the repository's deploy branch
and granting write permissions” to “trust policies that limit access to the
repository's deploy branch and grant write permissions,” and make the equivalent
repository→group wording adjustments in the GitLab section (use “restrict … and
provide …” and “limit … and grant …”).

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Fix the HCL reference for hyphenated account keys.

my-cool-account contains a hyphen, so aws.accounts.all.my-cool-account.id is parsed as subtraction, not an attribute lookup. Readers copying this snippet will hit a Reference to undeclared resource error. Please switch to bracket notation (or rename the key) so the example is valid:

-      account_id         = aws.accounts.all.my-cool-account.id
-      plan_iam_role_arn  = "arn:aws:iam::${aws.accounts.all.my-cool-account.id}:role/pipelines-plan"
-      apply_iam_role_arn = "arn:aws:iam::${aws.accounts.all.my-cool-account.id}:role/pipelines-apply"
+      account_id         = aws.accounts.all["my-cool-account"].id
+      plan_iam_role_arn  = "arn:aws:iam::${aws.accounts.all["my-cool-account"].id}:role/pipelines-plan"
+      apply_iam_role_arn = "arn:aws:iam::${aws.accounts.all["my-cool-account"].id}:role/pipelines-apply"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	authentication {
	aws_oidc {
	account_id = aws.accounts.all.my-cool-account.id
	plan_iam_role_arn = "arn:aws:iam::${aws.accounts.all.my-cool-account.id}:role/pipelines-plan"
	apply_iam_role_arn = "arn:aws:iam::${aws.accounts.all.my-cool-account.id}:role/pipelines-apply"
	}
	}
	authentication {
	aws_oidc {
	account_id = aws.accounts.all["my-cool-account"].id
	plan_iam_role_arn = "arn:aws:iam::${aws.accounts.all["my-cool-account"].id}:role/pipelines-plan"
	apply_iam_role_arn = "arn:aws:iam::${aws.accounts.all["my-cool-account"].id}:role/pipelines-apply"
	}
	}

🤖 Prompt for AI Agents

In docs/2.0/docs/pipelines/concepts/cloud-auth/aws.mdx around lines 73-79, the
HCL reference uses a hyphenated key (my-cool-account) with dot notation which is
parsed as subtraction; change those attribute lookups to bracket notation (e.g.
aws.accounts.all["my-cool-account"].id) for account_id, plan_iam_role_arn and
apply_iam_role_arn so the example resolves correctly, or alternatively rename
the key to a non-hyphenated identifier and update all references consistently.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Fix the JSON example (trailing comma).

The Cloudflare example emits invalid JSON because of the trailing comma after "$CLOUDFLARE_API_TOKEN". Copy/paste users will hit parse errors.

-    "CLOUDFLARE_API_TOKEN": "$CLOUDFLARE_API_TOKEN",
+    "CLOUDFLARE_API_TOKEN": "$CLOUDFLARE_API_TOKEN"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"envs": {
	"CLOUDFLARE_API_TOKEN": "$CLOUDFLARE_API_TOKEN",
	}
	"envs": {
	"CLOUDFLARE_API_TOKEN": "$CLOUDFLARE_API_TOKEN"
	}

🤖 Prompt for AI Agents

In docs/2.0/docs/pipelines/concepts/cloud-auth/custom.md around lines 152 to
154, the JSON example contains a trailing comma after the last property which
makes the snippet invalid; remove the trailing comma (or ensure the object ends
with the last key/value pair only) so the example is valid JSON and will parse
correctly when copy/pasted.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Add blank lines around the table (markdownlint MD058).

And tighten wording.

-<TabItem value="github" label="GitHub" default>
-
-| Type | Terragrunt Ver | Pipelines Ver | Comments |
+<TabItem value="github" label="GitHub" default>
+
+| Type | Terragrunt Ver | Pipelines Ver | Comments |
 | ---- | -------------- | ------------- | -------- |
-| Minimum | 0.86.3 | v4.y.z | This is the absolute minimum version of Terragrunt for Pipelines v4 |
-| Maximum | 0.84.z | v3.y.z | Pipelines v3.y.z is not compatible with Terragrunt 0.85.0 and above.|
+| Minimum | 0.86.3 | v4.y.z | This is the absolute minimum version of Terragrunt for Pipelines v4 |
+| Maximum | 0.84.z | v3.y.z | Pipelines v3.y.z is incompatible with Terragrunt 0.85.0 and above. |
 | Recommended | 0.77.11 | v3.y.z | Pipelines is actively tested with this version of Terragrunt |
 | | 0.71.3+ | v3.y.z | Pipelines automatically supports [Terragrunt Stacks](/2.0/docs/pipelines/guides/stacks) |
 | | 0.68.13+ | v3.y.z | Pipelines uses new features in Terragrunt to provide enhanced logging, and the [File Dependency](https://docs.gruntwork.io/2.0/docs/pipelines/guides/file-dependencies) feature |
-| Minimum | 0.59.7 | v3.y.z | This is the absolute minimum version of Terragrunt for pipelines v3 |
+| Minimum | 0.59.7 | v3.y.z | This is the absolute minimum version of Terragrunt for Pipelines v3 |
 | Minimum | 0.59.7 | v2.y.z | |
-
-</TabItem>
+
+</TabItem>

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<TabItem value="github" label="GitHub" default>
	| Type | Terragrunt Ver | Pipelines Ver | Comments |
	| ---- | -------------- | ------------- | -------- |
	| Maximum | 0.84.z | v3.y.z | Pipelines v3.y.z is not compatible with Terragrunt 0.85.0 and above. Future major versions will be compatible. |
	| Minimum | 0.86.3 | v4.y.z | This is the absolute minimum version of Terragrunt for Pipelines v4 |
	| Maximum | 0.84.z | v3.y.z | Pipelines v3.y.z is not compatible with Terragrunt 0.85.0 and above.|
	| Recommended | 0.77.11 | v3.y.z | Pipelines is actively tested with this version of Terragrunt |
	| | 0.71.3+ | v3.y.z | Pipelines automatically supports [Terragrunt Stacks](/2.0/docs/pipelines/guides/stacks) |
	| | 0.68.13+ | v3.y.z | Pipelines uses new features in Terragrunt to provide enhanced logging, and the [File Dependency](https://docs.gruntwork.io/2.0/docs/pipelines/guides/file-dependencies) feature |
	| Minimum | 0.59.7 | v3.y.z | This is the absolute minimum version of terragrunt for pipelines v3 |
	| Minimum | 0.59.7 | v3.y.z | This is the absolute minimum version of Terragrunt for pipelines v3 |
	| Minimum | 0.59.7 | v2.y.z | |
	</TabItem>
	<TabItem value="github" label="GitHub" default>
	| Type | Terragrunt Ver | Pipelines Ver | Comments |
	| ---- | -------------- | ------------- | -------- |
	| Minimum | 0.86.3 | v4.y.z | This is the absolute minimum version of Terragrunt for Pipelines v4 |
	| Maximum | 0.84.z | v3.y.z | Pipelines v3.y.z is incompatible with Terragrunt 0.85.0 and above. |
	| Recommended | 0.77.11 | v3.y.z | Pipelines is actively tested with this version of Terragrunt |
	| | 0.71.3+ | v3.y.z | Pipelines automatically supports [Terragrunt Stacks](/2.0/docs/pipelines/guides/stacks) |
	| | 0.68.13+ | v3.y.z | Pipelines uses new features in Terragrunt to provide enhanced logging, and the [File Dependency](https://docs.gruntwork.io/2.0/docs/pipelines/guides/file-dependencies) feature |
	| Minimum | 0.59.7 | v3.y.z | This is the absolute minimum version of Terragrunt for Pipelines v3 |
	| Minimum | 0.59.7 | v2.y.z | |
	</TabItem>

🧰 Tools

🪛 LanguageTool

[style] ~12-~12: Consider using “incompatible” to avoid wordiness.
Context: ...| 0.84.z | v3.y.z | Pipelines v3.y.z is not compatible with Terragrunt 0.85.0 and above.| | Re...

(NOT_ABLE_PREMIUM)

🪛 markdownlint-cli2 (0.18.1)

17-17: Tables should be surrounded by blank lines

(MD058, blanks-around-tables)

🤖 Prompt for AI Agents

In docs/2.0/reference/pipelines/terragrunt-version-compatibility.md around lines
7 to 18, the Markdown table lacks blank lines before and after it (triggering
MD058) and several rows have imprecise/ambiguous wording; add a blank line above
the opening <TabItem> table block and a blank line after the table closing tag
so the table is separated from surrounding content, and revise table cells to
use consistent, tighter wording (e.g., use “Minimum”, “Maximum”, “Recommended”,
specify exact Terragrunt versions with consistent punctuation, and shorten
comments to concise clear phrases) to improve clarity and consistency.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Add blank lines and wording tweak in GitLab tab.

-<TabItem value="gitlab" label="GitLab">
-| Type | Terragrunt Ver | Pipelines Ver | Comments |
+<TabItem value="gitlab" label="GitLab">
+
+| Type | Terragrunt Ver | Pipelines Ver | Comments |
 | ---- | -------------- | ------------- | -------- |
 | Minimum | 0.86.3 | v2.y.z | This is the absolute minimum version of Terragrunt for Pipelines v2 |
-| Maximum | 0.84.z | v1.y.z | Pipelines v1.y.z is not compatible with Terragrunt 0.85.0 and above.|
+| Maximum | 0.84.z | v1.y.z | Pipelines v1.y.z is incompatible with Terragrunt 0.85.0 and above. |
 | Minimum | 0.59.7 | v1.y.z | This is the absolute minimum version of Terragrunt for Pipelines v1 |
 
-</TabItem>
+</TabItem>

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	| Type | Terragrunt Ver | Pipelines Ver | Comments |
	| ---- | -------------- | ------------- | -------- |
	| Minimum | 0.86.3 | v2.y.z | This is the absolute minimum version of Terragrunt for Pipelines v2 |
	| Maximum | 0.84.z | v1.y.z | Pipelines v1.y.z is not compatible with Terragrunt 0.85.0 and above.|
	| Minimum | 0.59.7 | v1.y.z | This is the absolute minimum version of Terragrunt for Pipelines v1 |
	</TabItem>
	</Tabs>
	<TabItem value="gitlab" label="GitLab">
	| Type | Terragrunt Ver | Pipelines Ver | Comments |
	| ------- | -------------- | ------------- | ------------------------------------------------------------------------ |
	| Minimum | 0.86.3 | v2.y.z | This is the absolute minimum version of Terragrunt for Pipelines v2 |
	| Maximum | 0.84.z | v1.y.z | Pipelines v1.y.z is incompatible with Terragrunt 0.85.0 and above. |
	| Minimum | 0.59.7 | v1.y.z | This is the absolute minimum version of Terragrunt for Pipelines v1 |
	</TabItem>

🧰 Tools

🪛 LanguageTool

[style] ~23-~23: Consider using “incompatible” to avoid wordiness.
Context: ...| 0.84.z | v1.y.z | Pipelines v1.y.z is not compatible with Terragrunt 0.85.0 and above.| | Mi...

(NOT_ABLE_PREMIUM)

🤖 Prompt for AI Agents

In docs/2.0/reference/pipelines/terragrunt-version-compatibility.md around lines
20-27, add a blank line after the Markdown table and before the closing
</TabItem> to improve spacing, and update the wording in the Comments column to
be clearer and consistent: replace "This is the absolute minimum version of
Terragrunt for Pipelines vX" with "Absolute minimum Terragrunt version supported
by Pipelines vX" and rephrase the Maximum row comment to "Maximum supported
Terragrunt version for Pipelines vX; Pipelines v1.y.z is not compatible with
Terragrunt 0.85.0 and above." Ensure v1/v2 labels match the corresponding rows.

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

Use JSX children instead of the children prop

Biome is flagging this as an error (lint/correctness/noChildrenProp). Swap to the canonical JSX form so we don’t regress linting.

Please apply:

-export const HclListItemTypeDetails: React.FunctionComponent<
-  PropsWithChildren
-> = ({ children }) => {
-  return <HclGeneralListItem title="Type Details" children={children} />
-}
+export const HclListItemTypeDetails: React.FunctionComponent<
+  PropsWithChildren
+> = ({ children }) => {
+  return <HclGeneralListItem title="Type Details">{children}</HclGeneralListItem>
+}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	export const HclListItemTypeDetails: React.FunctionComponent<
	PropsWithChildren
	> = ({ children }) => {
	return <HclGeneralListItem title="Type Details" children={children} />
	}
	export const HclListItemTypeDetails: React.FunctionComponent<
	PropsWithChildren
	> = ({ children }) => {
	return <HclGeneralListItem title="Type Details">{children}</HclGeneralListItem>
	}

🧰 Tools

🪛 Biome (2.1.2)

[error] 65-65: Avoid passing children using a prop

The canonical way to pass children in React is to use JSX elements

(lint/correctness/noChildrenProp)

🤖 Prompt for AI Agents

In src/components/HclListItem.tsx around lines 62 to 66, the component passes
children via the children prop which violates lint/correctness/noChildrenProp;
change the JSX to pass children using the canonical JSX children form instead of
the children prop (replace the self-closing tag that uses children={children}
with an explicit opening and closing HclGeneralListItem element and place
{children} between the tags), removing the explicit children prop.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Restore visible focus state for keyboard users.

These overrides wipe out the browser’s built-in focus ring, so keyboard users can’t tell which checkbox is active. Please add an explicit :focus-visible (or equivalent) style that meets WCAG focus requirements.

Apply this diff to add a focus outline:

 .contains-task-list li input[type="checkbox"] {
   -webkit-appearance: none;
   appearance: none;
   background-color: var(--ifm-background-color);
   margin-right: 0.5rem;
   font: inherit;
   color: currentColor;
   width: 1.15em;
   height: 1.15em;
   border: 0.1em solid var(--ifm-checkbox-border-color);
   border-radius: 0.15em;
   transform: translateY(-0.075em);
   display: inline-grid;
   place-content: center;
   cursor: pointer;
 }
+
+.contains-task-list li input[type="checkbox"]:focus-visible {
+  outline: 2px solid var(--ifm-color-primary);
+  outline-offset: 2px;
+}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	/* Create a custom checkbox that looks like the default */
	.contains-task-list li input[type="checkbox"] {
	-webkit-appearance: none;
	appearance: none;
	background-color: var(--ifm-background-color);
	margin-right: 0.5rem;
	font: inherit;
	color: currentColor;
	width: 1.15em;
	height: 1.15em;
	border: 0.1em solid var(--ifm-checkbox-border-color);
	border-radius: 0.15em;
	transform: translateY(-0.075em);
	display: inline-grid;
	place-content: center;
	cursor: pointer;
	}
	/* Create the checkmark/indicator using an SVG (hidden when not checked) */
	.contains-task-list li input[type="checkbox"]::before {
	content: "";
	width: 0.65em;
	height: 0.65em;
	transform: scale(0);
	transition: 120ms transform ease-in-out;
	background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 8 8'%3e%3cpath fill='white' d='M6.564.75l-3.59 3.612-1.538-1.55L0 4.26 2.974 7.25 8 2.193z'/%3e%3c/svg%3e");
	background-position: center;
	background-repeat: no-repeat;
	}
	/* Show the checkmark when checked */
	.contains-task-list li input[type="checkbox"]:checked::before {
	transform: scale(1);
	}
	/* Change the background color of the box when checked */
	.contains-task-list li input[type="checkbox"]:checked {
	background-color: var(--ifm-color-primary);
	border-color: var(--ifm-color-primary);
	}
	/* Create a custom checkbox that looks like the default */
	.contains-task-list li input[type="checkbox"] {
	-webkit-appearance: none;
	appearance: none;
	background-color: var(--ifm-background-color);
	margin-right: 0.5rem;
	font: inherit;
	color: currentColor;
	width: 1.15em;
	height: 1.15em;
	border: 0.1em solid var(--ifm-checkbox-border-color);
	border-radius: 0.15em;
	transform: translateY(-0.075em);
	display: inline-grid;
	place-content: center;
	cursor: pointer;
	}
	.contains-task-list li input[type="checkbox"]:focus-visible {
	outline: 2px solid var(--ifm-color-primary);
	outline-offset: 2px;
	}
	/* Create the checkmark/indicator using an SVG (hidden when not checked) */
	.contains-task-list li input[type="checkbox"]::before {
	content: "";
	width: 0.65em;
	height: 0.65em;
	transform: scale(0);
	transition: 120ms transform ease-in-out;
	background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 8 8'%3e%3cpath fill='white' d='M6.564.75l-3.59 3.612-1.538-1.55L0 4.26 2.974 7.25 8 2.193z'/%3e%3c/svg%3e");
	background-position: center;
	background-repeat: no-repeat;
	}
	/* Show the checkmark when checked */
	.contains-task-list li input[type="checkbox"]:checked::before {
	transform: scale(1);
	}
	/* Change the background color of the box when checked */
	.contains-task-list li input[type="checkbox"]:checked {
	background-color: var(--ifm-color-primary);
	border-color: var(--ifm-color-primary);
	}

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Harden for SSR and storage errors; prefer change event.

• Guard against SSR (window/document undefined).
• Wrap localStorage.setItem in try/catch.
• Use change to capture keyboard toggles too.

 export function interactivePersistentCheckboxes() {
   const LOCAL_STORAGE_KEY = "docusaurus.checkboxes"
 
   const getStorage = () => {
     try {
-      return JSON.parse(window.localStorage.getItem(LOCAL_STORAGE_KEY) || "{}")
+      if (typeof window === "undefined") return {}
+      return JSON.parse(window.localStorage.getItem(LOCAL_STORAGE_KEY) || "{}")
     } catch (e) {
       return {}
     }
   }
 
   const updateStorage = (key: string, value: boolean) => {
-    const data = getStorage()
-    data[key] = value
-    window.localStorage.setItem(LOCAL_STORAGE_KEY, JSON.stringify(data))
+    try {
+      const data = getStorage() as Record<string, boolean>
+      data[key] = value
+      if (typeof window !== "undefined") {
+        window.localStorage.setItem(LOCAL_STORAGE_KEY, JSON.stringify(data))
+      }
+    } catch {
+      // no-op: persist failure should not break UX
+    }
   }
 
   const initCheckboxes = () => {
-    const checkboxes = document.querySelectorAll<HTMLInputElement>(
+    if (typeof document === "undefined" || typeof window === "undefined") return
+    const checkboxes = document.querySelectorAll<HTMLInputElement>(
       ".contains-task-list > li input[type='checkbox']"
     )
 
     if (checkboxes.length === 0) {
       return
     }
 
     const data = getStorage()
 
     checkboxes.forEach((checkbox, index) => {
       const label =
         `${index}:${checkbox?.closest("li")?.textContent?.substring(0, 10)}` ||
         `checkbox-${index}`
       const key = `${window.location.pathname}:${label}`
 
       checkbox.disabled = false
       const checked = data[key] || false
       checkbox.checked = checked
 
-      checkbox.addEventListener("click", (e) => {
+      checkbox.addEventListener("change", (e) => {
         const target = e.target as HTMLInputElement
         updateStorage(key, target.checked)
       })
     })
   }
 
   const timeoutId = setTimeout(initCheckboxes, 100)
 
   // Cleanup
   return () => {
     clearTimeout(timeoutId)
   }
 }

Optional: derive a more stable key (e.g., hash of the nearest LI text) to survive list reordering.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	export function interactivePersistentCheckboxes() {
	const LOCAL_STORAGE_KEY = "docusaurus.checkboxes"
	const getStorage = () => {
	try {
	return JSON.parse(window.localStorage.getItem(LOCAL_STORAGE_KEY) || "{}")
	} catch (e) {
	return {}
	}
	}
	const updateStorage = (key: string, value: boolean) => {
	const data = getStorage()
	data[key] = value
	window.localStorage.setItem(LOCAL_STORAGE_KEY, JSON.stringify(data))
	}
	const initCheckboxes = () => {
	const checkboxes = document.querySelectorAll<HTMLInputElement>(
	".contains-task-list > li input[type='checkbox']"
	)
	if (checkboxes.length === 0) {
	return
	}
	const data = getStorage()
	checkboxes.forEach((checkbox, index) => {
	const label =
	`${index}:${checkbox?.closest("li")?.textContent?.substring(0, 10)}` ||
	`checkbox-${index}`
	const key = `${window.location.pathname}:${label}`
	checkbox.disabled = false
	const checked = data[key] || false
	checkbox.checked = checked
	checkbox.addEventListener("click", (e) => {
	const target = e.target as HTMLInputElement
	updateStorage(key, target.checked)
	})
	})
	}
	const timeoutId = setTimeout(initCheckboxes, 100)
	// Cleanup
	return () => {
	clearTimeout(timeoutId)
	}
	}
	export function interactivePersistentCheckboxes() {
	const LOCAL_STORAGE_KEY = "docusaurus.checkboxes"
	const getStorage = () => {
	try {
	if (typeof window === "undefined") return {}
	return JSON.parse(window.localStorage.getItem(LOCAL_STORAGE_KEY) || "{}")
	} catch (e) {
	return {}
	}
	}
	const updateStorage = (key: string, value: boolean) => {
	try {
	const data = getStorage() as Record<string, boolean>
	data[key] = value
	if (typeof window !== "undefined") {
	window.localStorage.setItem(LOCAL_STORAGE_KEY, JSON.stringify(data))
	}
	} catch {
	// no-op: persist failure should not break UX
	}
	}
	const initCheckboxes = () => {
	if (typeof document === "undefined" || typeof window === "undefined") return
	const checkboxes = document.querySelectorAll<HTMLInputElement>(
	".contains-task-list > li input[type='checkbox']"
	)
	if (checkboxes.length === 0) {
	return
	}
	const data = getStorage()
	checkboxes.forEach((checkbox, index) => {
	const label =
	`${index}:${checkbox?.closest("li")?.textContent?.substring(0, 10)}` ||
	`checkbox-${index}`
	const key = `${window.location.pathname}:${label}`
	checkbox.disabled = false
	const checked = data[key] || false
	checkbox.checked = checked
	checkbox.addEventListener("change", (e) => {
	const target = e.target as HTMLInputElement
	updateStorage(key, target.checked)
	})
	})
	}
	const timeoutId = setTimeout(initCheckboxes, 100)
	// Cleanup
	return () => {
	clearTimeout(timeoutId)
	}
	}

🤖 Prompt for AI Agents

In utils/checkbox.ts around lines 1 to 52, the code needs SSR and storage
hardening and should use the "change" event: guard all window/document usage by
returning a no-op if typeof window === "undefined" or typeof document ===
"undefined"; when accessing localStorage, check that window.localStorage exists
and wrap localStorage.setItem in try/catch to avoid throwing on quota/disabled
storage; keep JSON.parse try/catch for getStorage and similarly protect
updateStorage so failures are silenced; replace checkbox "click" listeners with
"change" listeners so keyboard toggles fire; optionally improve the key by
hashing or normalizing the nearest LI text to be more stable across reorders.