Summary
The documentation site was last updated April 1 (Docker guide for remote/virtual repos). Since then, 20+ features and significant bug fixes have been merged to the backend with no corresponding documentation updates. This issue tracks everything that needs to be documented.
New feature pages needed
| Feature |
Backend PR |
Priority |
Notes |
| Quarantine period |
#714 |
High |
New env vars, API endpoints, UI workflow |
| Password policies |
#707 |
High |
4 env vars for complexity rules |
| Account lockout |
#703 |
High |
Threshold + duration env vars |
| Password expiration |
#713 |
Medium |
Expiry days, warning days |
| Password history |
#712 |
Medium |
History count env var |
| Force password change |
#710 |
Medium |
Admin API endpoint |
| SMTP email delivery |
#718 |
High |
5 env vars, affects notifications |
| Webhook templates |
#721 |
Medium |
Slack/Teams/Discord/Mattermost templates |
| Notification subscriptions |
#725 |
Medium |
Repository event subscriptions |
| Presigned URL downloads |
#719 |
Medium |
S3 redirect downloads |
| Staging/release promotion |
#717 |
Medium |
Repository linking workflow |
| Routing rules |
#711 |
Medium |
Remote proxy path routing |
| Repository-scoped tokens |
#702 |
Medium |
New API endpoints |
| OCI tags/list/_catalog |
#642 |
Medium |
Docker registry API compliance |
| Quickstart installer |
#650 |
High |
curl pipe bash installer |
| Rate limiting config |
#697 |
Medium |
Per-minute limits, exemptions |
| DB connection pool |
#696 |
Low |
Tuning env vars |
| Proxy safeguards |
#740 |
Medium |
Concurrent fetch limits, size limits |
Existing pages needing updates
| Page |
What changed |
| Configuration reference |
40+ new env vars need documenting |
| Security guide |
Account lockout, password policies, quarantine |
| Docker deployment |
Proxy safeguards, public repos, anonymous access |
| Helm/Kubernetes |
Cross-reference artifact-keeper-iac#61 for values |
| S3 storage |
Presigned downloads, Huawei OBS workaround (S3_DISABLE_MULTI_DELETE) |
| Dependency-Track |
ALLOW_HTTP_INTEGRATIONS requirement, SBOM submission pipeline |
Bug fix behavior changes worth documenting
- Docker public repos now support anonymous pull (#750)
- npm proxy cache path disambiguation (#752)
- Scanner errors now surface instead of showing "clean" (#728)
- npm tarballs stored with correct Content-Type (#726)
- Backup service uses correct table names (#742)
Approach
Work through these by priority. High-priority items first (quickstart, password/security features, SMTP). Group related features into single pages where it makes sense (e.g., all password features on one "Authentication Security" page).
Summary
The documentation site was last updated April 1 (Docker guide for remote/virtual repos). Since then, 20+ features and significant bug fixes have been merged to the backend with no corresponding documentation updates. This issue tracks everything that needs to be documented.
New feature pages needed
Existing pages needing updates
Bug fix behavior changes worth documenting
Approach
Work through these by priority. High-priority items first (quickstart, password/security features, SMTP). Group related features into single pages where it makes sense (e.g., all password features on one "Authentication Security" page).