[CONTENT SPRINT] Provider Upgrade Game Days with Pulumi

[sicarul]

Why this content is interesting

• It reframes provider upgrades as game days instead of routine dependency bumps.
• It is scheduled for 2026-07-09 as part of the content sprint's two-post-per-week cadence.

What we took into account

• We considered lockfile pinning, canary stacks, preview JSON risk reports, batch rollouts, and recovery boundaries.
• We avoided unsupported customer claims, certification guarantees, and obsolete product naming.
• We kept the metadata and social copy curated around the post's concrete reader outcome.

Why it is useful to an end user

• End users get a safer process for provider upgrades before production stacks are on the line.
• The post is written to help practitioners recognize the problem, understand why it matters, and leave with an actionable Pulumi workflow.

Design need

• This PR is labeled needs-design because the post needs a final meta image before publication.
• Existing feature.png and meta.png files are placeholders unless Design chooses to reuse or adapt them.

Metadata

• Title: Provider Upgrade Game Days with Pulumi
• Meta description: Run a provider upgrade game day with Pulumi: pin dependencies, build a canary stack, scan preview JSON, batch rollouts, and recover safely.

🤖 Generated with OpenCode

[github-actions]

Social Media Review

content/blog/upgrading-cloud-providers-without-breaking-production/index.md

X — PASS

LinkedIn — PASS

Bluesky — PASS

---

Suggestions (advisory)

These are stylistic notes — they don't block the post.

X

• "Use Pulumi previews, canary stacks, and rollout gates" names all three main techniques upfront — withhold one so the article still has something to deliver
• Missing pointer — no line signals there's a guide to follow

LinkedIn

• Second paragraph lists all five steps ("pin dependencies, run a canary, mine preview JSON, batch stacks, keep a recovery path") — the article has nothing left to reveal; tease the outcome instead of enumerating the steps
• Missing pointer — no closing line signals there's more in the article

Bluesky

• "Here is a Pulumi workflow for canaries, preview gates, and safer batch rollouts" describes rather than teases — swap to what the workflow catches that a manual upgrade review would miss

---

Updated for commit 2ee947412135a4a4e3d42a244561607304e9a3c2 (short: 2ee9474) at 2026-05-15 21:27 UTC.

[claude]

Docs review for PR #18953

Thanks for shipping this, Pablo. The "Provider Upgrade Game Days" post is the strongest piece in the PR — the game-day framing, the five-step rhythm, and the jq risk-report snippet land well. A few items, grouped by importance.

Blocking / scope

The PR contains a lot more than the post in the title. Per the PR title ([CONTENT SPRINT] Provider Upgrade Game Days with Pulumi), I'd expect only content/blog/upgrading-cloud-providers-without-breaking-production/. The diff also adds:

1. .sisyphus/ (1117-line plan, evidence files, notepads, boulder.json with absolute paths like /Users/pabloseibelt/dev/docs/..., run-continuation session JSON). This is agent-internal state from OpenCode and shouldn't be committed. If you want to keep these locally, consider adding .sisyphus/ to .gitignore (or .git/info/exclude for a personal exclusion).
2. new_content.md at the repo root — looks like a research/exploration document, not website content. The Hugo build serves only files under content/, so this would just sit in the repo root indefinitely.
3. content/blog/multi-source-secrets-with-pulumi-esc/ — an entire second blog post that isn't mentioned in the PR title or description. If it's intended to ship, it should be a separate PR; if not, it should be removed.

Recommend splitting this PR down to just the provider-upgrade post and opening separate PRs for anything else you want to ship.

Provider Upgrade Game Days (content/blog/upgrading-cloud-providers-without-breaking-production/index.md)

• L46 — The claim that "Pulumi documents [the version resource option] as an override that should rarely be used directly during normal operations" should be hyperlinked to that documentation page. Without a citation, the assertion is harder to trust.

• L46 — "easier to audit and easier to roll back" — STYLE-GUIDE.md flags "easy" and "simple" (see STYLE-GUIDE.md:32). The comparative form is borderline; consider rewording to dodge the rule entirely:

  Avoid scattering one-off provider versions through resource options. The `version` resource option exists, but [Pulumi documents it as an override](https://www.pulumi.com/docs/iac/concepts/options/version/) that should rarely be used directly during normal operations. For fleet upgrades, package pins and lockfiles are auditable in a single commit and reversible with one revert.
  

  (Verify the URL — pick whichever canonical page documents the version resource option.)

• L129 — "The safest recovery is usually not state import. It is stopping before pulumi up..." — this is the "It's not X, it's Y" contrastive pattern flagged by the AI-writing rubric. One instance is fine, but consider rewording:

  The safest recovery rarely involves state import. Stop before `pulumi up`, revert the lockfile, and confirm the old provider still previews cleanly. Reserve state import for controlled recovery, not as a routine undo button.
  

• L41–43 — The snippet runs npm install @pulumi/[email protected], then a bare npm install, then pulumi plugin install resource aws 6.66.0. The bare npm install between the two is redundant — npm install <pkg>@version already updates the lockfile. Also worth noting: modern Pulumi auto-installs plugins via the SDK, so pulumi plugin install is usually only needed in airgapped or CI-cache scenarios. Consider trimming to one npm install line and explaining the explicit plugin install as the airgapped/CI variant.

• First-mention hyperlinking — Per the blog rubric, first mention of every product/tool should link. The post never links "Pulumi" (first appears L19) to /docs/. Adding that link would satisfy the rule.

• Verified: jq operations (replace, delete, delete-replaced) are valid pulumi preview --json step ops; protect: true resource option is correct; engineVersion: \"16.3\" is a real Postgres version; pulumi stack export/import flags are correct.

Multi-Source Secrets in Pulumi ESC (if it stays in this PR)

• L2 — date: 2099-01-01T12:00:00-06:00 is a placeholder and must be set before merge.
• L21, L32, L86, L92 — All H2 headings use Title Case. AGENTS.md requires sentence case for H2+. Compare to existing ESC blog posts (e.g., automate-azure-app-secret-rotation-with-esc/index.md uses ## Setup, ## How it works, ## Learn more):
  • ## The Challenge of Secret Sprawl → ## The challenge of secret sprawl
  • ## Composing a Multi-Source Environment → ## Composing a multi-source environment
  • ## Namespacing and Precedence → ## Namespacing and precedence
  • ## Consuming the Resolved View → ## Consuming the resolved view
• Frontmatter — No social: block. Without it, the post won't be promoted on social media (per the blog rubric, this is a warning, not a blocker).
• Verified: The ESC YAML composition is structurally correct — get:/secretId for AWS, read:/path for Vault, get:/ref for 1Password all match documented usage. Nice job on that.

Publishing readiness — upgrading-cloud-providers-without-breaking-production

• social: block present with twitter/linkedin/bluesky copy
• meta_image set but is the same placeholder as multi-source-secrets-with-pulumi-esc/meta.png (identical byte size) — needs-design label is on the PR, so this is expected
• meta_image uses current Pulumi logos — can't verify until Design replaces the placeholder
• <!--more--> break present (L23)
• Author pablo-seibelt exists in data/team/team/ with avatar at static/team/team/pablo-seibelt.jpg
• No external links to validate
• Code blocks have language specifiers (bash, typescript)
• No animated GIFs
• [n/a] No screenshots
• Title 39 chars (≤60)

Publishing readiness — multi-source-secrets-with-pulumi-esc

• No social: block
• meta_image is placeholder
• <!--more--> break present (L19)
• Author exists with avatar
• Code blocks have yaml and bash specifiers
• Title 35 chars (≤60)

---

Mention me (@claude) if you want another pass after the scope is tightened, the placeholder date is set, or the headings are fixed.

[pulumi-bot]

Your site preview for commit 43dd610 is ready! 🎉

http://www-testing-pulumi-docs-origin-pr-18953-43dd6101.s3-website.us-west-2.amazonaws.com

[sicarul]

@claude please review again. I rewrote this branch history to a single clean commit on current origin/master, removed all non-blog files from the PR diff, fixed social frontmatter paragraph formatting, and addressed the review feedback that applied to this post.

[pulumi-bot]

Claude finished @sicarul's task in 1m 28s —— View job

---

Re-review for PR #18953

Thanks Pablo — the rewrite landed clean. Verified end-to-end against the previous review.

Scope — ✅ resolved

The PR is now a single commit (e86cb44) on top of current master containing exactly three files:

content/blog/upgrading-cloud-providers-without-breaking-production/feature.png
content/blog/upgrading-cloud-providers-without-breaking-production/index.md
content/blog/upgrading-cloud-providers-without-breaking-production/meta.png

No .sisyphus/, no new_content.md, no second ESC blog post. Matches the PR title.

Prior feedback — ✅ all addressed in the post

• version option citation (L53) — Now linked: [Pulumi documents it as an override](/docs/iac/concepts/resources/options/version/). Verified the target exists at content/docs/iac/concepts/resources/options/version.md.
• "easier to audit / easier to roll back" (L53) — Reworded to "auditable in a single commit and reversible with one revert". The "easy/easier" form is gone — grep confirms no remaining hits.
• "It is not X. It is Y." contrastive pattern (L136) — Reworded to "The safest recovery rarely involves state import. Stop before pulumi up, revert the lockfile...". No contrastive AI-tell pattern remains.
• First-mention Pulumi link (L28) — [Pulumi](/docs/) provider upgrades... ✅
• npm/plugin install redundancy (L50) — Trimmed to a single npm install @pulumi/[email protected] line, dropping the redundant bare npm install and the airgapped-only pulumi plugin install. Good call.

Social frontmatter — ✅ paragraph formatting fixed

All three blocks now have two paragraphs separated by blank lines, matching the social-media-review suggestions:

• twitter — 2 paragraphs, ~166 chars
• linkedin — 2 paragraphs, ~301 chars
• bluesky — 2 paragraphs, ~143 chars

Publishing readiness — upgrading-cloud-providers-without-breaking-production

• social: block present and properly formatted
• `` break at L32
• Author pablo-seibelt exists in data/team/team/pablo-seibelt.toml with avatar at static/images/team/pablo-seibelt.jpg
• Code blocks have language specifiers (bash, typescript)
• Headings: H1 Title Case, H2 sentence case
• Title 38 chars (≤60)
• All internal links resolve (/docs/, /docs/iac/concepts/resources/options/version/)
• meta_image is still a placeholder (27,253 B feature, 138,149 B meta) — needs-design label is on the PR, so expected.

Nothing blocking

The post is in good shape. The only remaining item is the design pass on meta.png / feature.png, which is already tracked by the needs-design label.
• branch: blog/upgrading-cloud-providers-without-breaking-production

[sicarul]

@claude please review again. Branch history is now a single clean commit on current origin/master. The PR diff contains only content/blog/upgrading-cloud-providers-without-breaking-production/index.md plus feature.png and meta.png. Social-review is passing, and actionable content feedback has been addressed.

[pulumi-bot]

Claude finished @sicarul's task in 57s —— View job

---

Re-review for PR #18953

Verified the current state of the branch — everything checks out.

Scope — ✅

HEAD is a single commit e86cb44 containing exactly three files, matching the PR title:

content/blog/upgrading-cloud-providers-without-breaking-production/feature.png    27,253 B
content/blog/upgrading-cloud-providers-without-breaking-production/index.md       6,514 B (140 lines)
content/blog/upgrading-cloud-providers-without-breaking-production/meta.png       138,149 B

Prior feedback — ✅ all addressed (re-verified against the file on disk)

• L53 — version resource option citation — Linked: [Pulumi documents it as an override](/docs/iac/concepts/resources/options/version/). Target file content/docs/iac/concepts/resources/options/version.md exists.
• L53 — "easier to audit / easier to roll back" — Reworded to "auditable in a single commit and reversible with one revert". grep -niE '\b(easy|easier|simply|simple)\b' returns no hits.
• L136 — "It is not X. It is Y." contrastive pattern — Reworded to "The safest recovery rarely involves state import. Stop before pulumi up...". grep -niE 'it is not |it'\''s not |not just|rather than' returns no hits.
• L28 — First-mention Pulumi link — [Pulumi](/docs/) provider upgrades... ✅
• L50 — npm/plugin install redundancy — Now a single npm install @pulumi/[email protected] line. Redundant bare npm install and the airgapped-only pulumi plugin install are gone.

Social frontmatter — ✅

Each block has two paragraphs separated by a blank line (L13–L25). Social-media-review bot is PASSing on the latest commit per the prior comment.

Publishing readiness

• social: block formatted correctly
• `` break at L32
• Author pablo-seibelt exists (data/team/team/pablo-seibelt.toml) with avatar (static/images/team/pablo-seibelt.jpg)
• H1 Title Case; H2s sentence case (steps 1–5, "The game day scenario", "Conclusion")
• Code blocks tagged bash and typescript
• Internal links resolve (/docs/, /docs/iac/concepts/resources/options/version/)
• Title 38 chars (≤60)
• meta_image / feature_image are still placeholders — needs-design label is on the PR, so expected

Nothing blocking

The post is ready for the Design pass on meta.png / feature.png. No further content changes needed from me.
· branch: blog/upgrading-cloud-providers-without-breaking-production

[sicarul]

@claude please review again. This request is after the latest pushed head commit e86cb44d. The branch has a single clean commit on current origin/master, and the PR diff is limited to content/blog/upgrading-cloud-providers-without-breaking-production/index.md, feature.png, and meta.png.

[pulumi-bot]

Claude finished @sicarul's task in 1m 14s —— View job

---

Re-review for PR #18953

Verified the current state of the branch at e86cb44 — everything continues to check out.

Scope — ✅

HEAD is a single commit (e86cb44) and the commit touches exactly the three expected files, matching the PR title:

content/blog/upgrading-cloud-providers-without-breaking-production/feature.png    27,253 B
content/blog/upgrading-cloud-providers-without-breaking-production/index.md       140 lines
content/blog/upgrading-cloud-providers-without-breaking-production/meta.png       138,149 B

One small caveat on "on current origin/master": origin/master has advanced since this branch was rebased (now at ab85a1d — "Split Python SDK docs per-package"). The branch parent (a853d02) is no longer in origin/master. That's not a problem for the PR diff (GitHub computes it against the merge base), but you'll want a quick git pull --rebase origin master before merge so CI runs against the latest base.

Prior feedback — ✅ all addressed (verified against the file on disk)

• L53 — version resource option citation — Linked: [Pulumi documents it as an override](/docs/iac/concepts/resources/options/version/). Target page exists at content/docs/iac/concepts/resources/options/version.md.
• L53 — "easier to audit / easier to roll back" — Reworded to "auditable in a single commit and reversible with one revert". grep -niE '\b(easy|easier|simply|simple)\b' returns no hits.
• L136 — "It is not X. It is Y." contrastive pattern — Reworded to "The safest recovery rarely involves state import. Stop before pulumi up...". grep -niE 'it is not |it'\''s not |not just |rather than ' returns no hits.
• L28 — First-mention Pulumi link — [Pulumi](/docs/) provider upgrades... ✅
• L50 — npm/plugin install redundancy — Single npm install @pulumi/[email protected] line. The redundant bare npm install and the airgapped-only pulumi plugin install are gone.

Social frontmatter — ✅

Each block has two paragraphs separated by a blank line (L13–L25). Social-media-review bot is PASSing on the latest commit per the prior bot comment.

Publishing readiness — upgrading-cloud-providers-without-breaking-production

• social: block formatted correctly (twitter / linkedin / bluesky)
• `` break at L32
• Author pablo-seibelt exists (data/team/team/pablo-seibelt.toml) with avatar (static/images/team/pablo-seibelt.jpg)
• H1 Title Case; H2s sentence case ("The game day scenario", steps 1–5, "Conclusion")
• Code blocks tagged bash and typescript
• Internal links resolve (/docs/, /docs/iac/concepts/resources/options/version/)
• Title 38 chars (≤60)
• meta_desc present (179 chars)
• meta_image / feature_image are still placeholders (27,253 B / 138,149 B) — needs-design label is on the PR, so expected

Nothing blocking

The post is ready for the Design pass on meta.png / feature.png. Recommend a quick rebase on the latest origin/master before merge. No further content changes needed from me.
· branch: blog/upgrading-cloud-providers-without-breaking-production

[sicarul]

@claude please review again. This PR is now marked as draft, the needs-design label has been removed, and the latest pushed head is e86cb44d.

[pulumi-bot]

Claude finished @sicarul's task in 1m 29s —— View job

---

Re-review for PR #18953

Verified at e86cb44. Content is unchanged since the last re-review — all prior feedback remains addressed. But removing the needs-design label flips one item from "expected" to "blocker," so I want to surface it explicitly.

Scope — ✅

HEAD is still the single commit e86cb44 with exactly three files. Matches the PR title.

content/blog/upgrading-cloud-providers-without-breaking-production/feature.png    27,253 B
content/blog/upgrading-cloud-providers-without-breaking-production/index.md       140 lines
content/blog/upgrading-cloud-providers-without-breaking-production/meta.png       138,149 B

⚠️ Placeholder images — needs-design removed but images haven't been replaced

feature.png and meta.png are still the literal "100% Certified Placeholder Image" graphics — I rendered both to confirm:

• feature.png (942×628) — reads "100% Certified Placeholder Image" in Pulumi-purple
• meta.png (1200×628) — same text, OG-card dimensions

Byte sizes (27,253 / 138,149) are unchanged since the prior review when they were flagged as placeholders. With needs-design removed, the PR now reads as "ready to ship" — but if it lands like this, the blog index card and social previews will literally say "Placeholder Image."

A few ways forward, depending on intent:

1. Re-add needs-design if you're still waiting on Design — keeps the post in the queue without the placeholder shipping.
2. Generate proper images yourself — there's a /blog-meta-image skill in this repo that renders a feature template + composites the title onto a 1200×628 meta card. That would replace both files in one shot.
3. Reuse a recent themed image if the post fits an existing template (neo, platform, rocket, shield, lightbulb).

Since the PR is marked draft, this isn't urgent — just flagging that the label change doesn't match the file state.

Prior feedback — ✅ all addressed (re-verified against the file on disk)

• L53 — version resource option citation — Linked to /docs/iac/concepts/resources/options/version/. Target page exists.
• L53 — "easier to audit / easier to roll back" — Reworded to "auditable in a single commit and reversible with one revert". No easy|easier|simply|simple hits remain.
• L136 — "It is not X. It is Y." contrastive pattern — Reworded to "The safest recovery rarely involves state import. Stop before pulumi up...". No contrastive AI-tell pattern remains.
• L28 — First-mention Pulumi link — [Pulumi](/docs/) provider upgrades... ✅
• L50 — npm/plugin install redundancy — Single npm install @pulumi/[email protected] line.

Social frontmatter — ✅

Each block has two paragraphs separated by a blank line (L13–L25). Social-media-review bot was PASSing on e86cb44.

Publishing readiness — upgrading-cloud-providers-without-breaking-production

• social: block formatted correctly (twitter / linkedin / bluesky)
• `` break at L32
• Author pablo-seibelt exists (data/team/team/pablo-seibelt.toml) with avatar (static/images/team/pablo-seibelt.jpg)
• H1 Title Case; H2s sentence case ("The game day scenario", steps 1–5, "Conclusion")
• Code blocks tagged bash and typescript
• Internal links resolve (/docs/, /docs/iac/concepts/resources/options/version/)
• Title 38 chars (≤60)
• meta_desc present (179 chars)
• meta_image / feature_image are still literal placeholder graphics — was previously OK because needs-design covered it; now that the label is off, this is a blocker for moving out of draft.

Summary

Content is publish-ready. The only blocker for un-drafting is the placeholder images — either re-add needs-design, or Fix this → generate them with /blog-meta-image.
· branch: blog/upgrading-cloud-providers-without-breaking-production

[sicarul]

@claude #new-review

[github-actions]

Pre-merge Review — Last updated 2026-05-19T16:30:00Z

Reviewing a draft; findings may change as you iterate.

Tip

Summary: New blog post by Pablo Seibelt under content/blog/upgrading-cloud-providers-without-breaking-production/ describing a five-step "provider upgrade game day" workflow (pin dependencies, build a canary stack, mine preview JSON, batch rollouts by blast radius, keep recovery boring); it sits alongside existing day-2-operations posts and links into /docs/iac/concepts/resources/options/version/. A reader following along would be hurt most by inaccurate CLI flag/JSON-output descriptions or by attributed quotations that misrepresent what Pulumi's docs actually say — so fact-check focused there. Investigations: 18 candidate claims extracted and routed (1 contradicted attribution, 10 verifier rate-limit unverifiables on standard CLI behavior, 4 not-a-claim editorial, 3 verified); single-subject editorial-balance pass; frontmatter sweep clean; code-examples checks (0 findings); style sweep (0 findings); Hugo build skipped (content-only PR, runs in build-and-deploy.yml).

Review confidence:

Dimension	Level	Notes
mechanics	HIGH
facts	MEDIUM	Verifier hit a rate limit on 10 of 18 claims — all are descriptions of standard Pulumi CLI behavior (preview/refresh/json flags, stack export/import) that I spot-confirmed against the in-repo CLI command docs, so most are very likely correct, but the verifier never produced an independent verdict. Previously-contradicted version-attribution finding resolved in 36a84c8.
code correctness	HIGH	TypeScript canary snippet uses standard @pulumi/aws constructor form; bash/jq snippets reference flags (--refresh, --diff, --json, --file) all present in content/docs/iac/cli/commands/pulumi_preview.md and pulumi_stack_{export,import}.md.

Investigation log

• Cross-sibling reads: not run (not in a templated section)
• External claim verification: 3 of 18 claims verified (10 unverifiable, 1 contradicted) · 4 specialists (numerical, cross-reference, capability, framing); 0 cross-specialist corroborations · routed: 0 inline, 15 Pass 1, 0 Pass 2, 3 Pass 3 (verified 1, contradicted 0, unverifiable 2).
• Cited-claim spot-checks: not run (no cited claims)
• Frontmatter sweep: ran on body + meta_desc + social.{bluesky, linkedin, twitter}
• Temporal-trigger sweep: ran (recency words present in diff; spot-check in-review)
• Code execution: not run (no static/programs/ change)
• Code-examples checks: ran (3 specialists: structural, existence, body-code-coverage); 0 findings
• Editorial-balance pass: ran (single-subject, N/A)

🚨 Outstanding	⚠️ Low-confidence	💡 Pre-existing	✅ Resolved
0	9	0	2

🔍 Verification trail

18 claims extracted · 3 verified · 10 unverifiable · 1 contradicted

• L3 in content/blog/upgrading-cloud-providers-without-breaking-production/index.md "date: 2026-07-09" → ➖ not-a-claim (evidence: The "date" field in a blog post's front matter is metadata authored by the PR author describing their own content's publication date, not a falsifiable third-party assertion. It is a future-dated scheduling field (2026-07-09) set by the au…; source: repo:content/blog/upgrading-cloud-providers-without-breaking-production/index.md (front matter metadata))
• L4 in content/blog/upgrading-cloud-providers-without-breaking-production/index.md "The recommended Pulumi provider upgrade workflow involves pinning dependencies, building a canary stack, scanning preview JSON for destructive changes, batchin…" (also L20) → ✅ verified (evidence: The blog post's meta_desc and conclusion explicitly describe the workflow: "pin dependencies, build a canary stack, scan preview JSON, batch rollouts, and recover safely." The conclusion states: "pin one version, rehearse on a canary, tu…; source: repo:content/blog/upgrading-cloud-providers-without-breaking-production/index.md)
• L27-28 in content/blog/upgrading-cloud-providers-without-breaking-production/index.md "A new AWS, Azure, Google Cloud, Kubernetes, or SaaS provider upgrade can bring security fixes and new resources, but it can also expose drift, change defaults,…" → ✅ verified (framing: strengthened — the claim is a narrower editorial summary of risks that are individually documented across multiple Pulumi sources; each sub-claim is verified a…; evidence: The claim is a general editorial statement about the risks of upgrading cloud providers (AWS, Azure, Google Cloud, Kubernetes, SaaS). Pulumi's own docs and community sources confirm all three specific risks named: provider upgrades can bri…; source: WebSearch ran query "Pulumi provider upgrade drift defaults replacement resources"; top results: https://www.pulumi.com/docs/support/faq/infrastructure/, https://www.pulumi.com/registry/packages/kubernetes/how-to-guides/v4-migration/, https://www.pulumi.com/docs/deployments/deployments/drift/)
• L42-43 in content/blog/upgrading-cloud-providers-without-breaking-production/index.md "The risky part of a provider upgrade is discovering whether the new provider interprets existing state differently." → ➖ not-a-claim (evidence: The statement "The risky part is discovering whether the new provider interprets existing state differently" is the PR author's own editorial framing/opinion in their own blog post describing their upgrade workflow — it is not a third-part…; source: repo:content/blog/upgrading-cloud-providers-without-breaking-production/index.md)
• L46 in content/blog/upgrading-cloud-providers-without-breaking-production/index.md "Most Pulumi provider versions are inferred from your language package dependencies and lockfile." → 🤷 unverifiable (evidence: verify-claims.py errored on this claim: RuntimeError: HTTP 429: rate_limit_error — This request would exceed your organization's rate limit of 2,000,000 input tokens per minute)
• L49 in content/blog/upgrading-cloud-providers-without-breaking-production/index.md "The command npm install @pulumi/[email protected] --save-exact installs @pulumi/aws at version 6.66.0 with an exact pin." → 🤷 unverifiable (evidence: verify-claims.py errored on this claim: RuntimeError: HTTP 429: rate_limit_error — This request would exceed your organization's rate limit of 2,000,000 input tokens per minute)
• L52-53 in content/blog/upgrading-cloud-providers-without-breaking-production/index.md "Pulumi documents the version resource option as an override that should rarely be used directly during normal operations." → ❌ contradicted (framing: narrowed — claim broadens the source's absolute "should not be used directly during normal operations" to the weaker "should rarely be used directly during nor…; evidence: The source states "version should not be used directly during normal operations" — an absolute prohibition. The claim weakens this to "should rarely be used directly during normal operations," which misrepresents the strength of the guid…; source: content/docs/iac/concepts/resources/options/version.md)
• L86 in content/blog/upgrading-cloud-providers-without-breaking-production/index.md "Running pulumi refresh --yes after a provider bump writes provider-normalized state before reviewers see the diff." → ✅ verified (framing: strengthened — the source frames this as a warning ("Avoid running…because…"); the claim restates the same causal mechanism as a neutral behavior description,…; evidence: The blog post explicitly states: "Avoid running pulumi refresh --yes after the provider bump because refresh writes provider-normalized state before reviewers see the diff." The claim accurately describes this behavior; source: repo:content/blog/upgrading-cloud-providers-without-breaking-production/index.md (Step 3 paragraph))
• L86 in content/blog/upgrading-cloud-providers-without-breaking-production/index.md "Using pulumi preview --refresh reads live cloud state during a preview without updating the state file." → 🤷 unverifiable (evidence: verify-claims.py errored on this claim: RuntimeError: HTTP 429: rate_limit_error — This request would exceed your organization's rate limit of 2,000,000 input tokens per minute)
• L88-89 in content/blog/upgrading-cloud-providers-without-breaking-production/index.md "The command pulumi preview --refresh --diff --json produces machine-readable preview output that can be saved to a file." (also L91) → 🤷 unverifiable (evidence: verify-claims.py errored on this claim: RuntimeError: HTTP 429: rate_limit_error — This request would exceed your organization's rate limit of 2,000,000 input tokens per minute)
• L96 in content/blog/upgrading-cloud-providers-without-breaking-production/index.md "The pulumi preview --json output contains a .steps[] array with fields including .op and .urn that can be filtered for operations such as replace, `d…" (also L100) → 🤷 unverifiable (evidence: verify-claims.py errored on this claim: RuntimeError: HTTP 429: rate_limit_error — This request would exceed your organization's rate limit of 2,000,000 input tokens per minute)
• L109 in content/blog/upgrading-cloud-providers-without-breaking-production/index.md "The recommended batch rollout order for provider upgrades is: (1) ephemeral development stacks, (2) shared non-production stacks, (3) low-traffic production st…" (also L116) → 🤷 unverifiable (evidence: verify-claims.py errored on this claim: RuntimeError: HTTP 429: rate_limit_error — This request would exceed your organization's rate limit of 2,000,000 input tokens per minute)
• L119 in content/blog/upgrading-cloud-providers-without-breaking-production/index.md "Each batch should use the same lockfile and the same preview gate. If a batch introduces a new replacement or delete operation, pause the rollout and keep the…" → ➖ not-a-claim (evidence: The text at L119 is a prescriptive recommendation authored by the PR author in their own blog post, not a verifiable third-party assertion; source: repo:content/blog/upgrading-cloud-providers-without-breaking-production/index.md)
• L123 in content/blog/upgrading-cloud-providers-without-breaking-production/index.md "Before the first production batch, export a checkpoint for the stack and keep the dependency rollback as a separate commit:" → ➖ not-a-claim (evidence: The line is a procedural recommendation authored by the PR author in their own blog post; source: WebSearch ran query "Pulumi stack export checkpoint rollback dependency upgrade best practice"; claim is editorial guidance from the PR author's own pipeline design, not a verifiable third-party fact.)
• L124-126 in content/blog/upgrading-cloud-providers-without-breaking-production/index.md "pulumi stack export --file <filename> exports a checkpoint of the current stack state to a file." → 🤷 unverifiable (evidence: verify-claims.py errored on this claim: RuntimeError: HTTP 429: rate_limit_error — This request would exceed your organization's rate limit of 2,000,000 input tokens per minute)
• L128 in content/blog/upgrading-cloud-providers-without-breaking-production/index.md "pulumi stack import can be used to restore a previously exported stack state checkpoint." → 🤷 unverifiable (evidence: verify-claims.py errored on this claim: RuntimeError: HTTP 429: rate_limit_error — This request would exceed your organization's rate limit of 2,000,000 input tokens per minute)
• L130-131 in content/blog/upgrading-cloud-providers-without-breaking-production/index.md "pulumi stack import --file <filename> restores a stack from a previously exported checkpoint file." → 🤷 unverifiable (evidence: verify-claims.py errored on this claim: RuntimeError: HTTP 429: rate_limit_error — This request would exceed your organization's rate limit of 2,000,000 input tokens per minute)
• L136 in content/blog/upgrading-cloud-providers-without-breaking-production/index.md "The safest recovery rarely involves state import. Stop before pulumi up, revert the lockfile, and confirm the old provider still previews cleanly. Reserve st…" → 🤷 unverifiable (evidence: verify-claims.py errored on this claim: RuntimeError: HTTP 429: rate_limit_error — This request would exceed your organization's rate limit of 2,000,000 input tokens per minute)

Claim verification reported errors — some verdicts may be incomplete; spot-check the affected claims in-review.

📊 Editorial balance

Single-subject post; balance check N/A.

🚨 Outstanding in this PR

No outstanding findings.

⚠️ Low-confidence

Review each and resolve as appropriate — these don't block the PR.

• [L46] content/blog/upgrading-cloud-providers-without-breaking-production/index.md — "Most Pulumi provider versions are inferred from your language package dependencies and lockfile." — verdict: unverifiable (verifier hit a global 429 rate limit). This describes Pulumi's standard plugin-resolution behavior (matches the framing in /docs/iac/concepts/resources/options/version/), so it's very likely correct, but the verifier never produced an independent verdict. Author: please confirm.

• [L49] content/blog/upgrading-cloud-providers-without-breaking-production/index.md — "The command npm install @pulumi/[email protected] --save-exact installs @pulumi/aws at version 6.66.0 with an exact pin." — verdict: unverifiable (verifier hit a global 429 rate limit). Standard npm behavior; nothing to fix unless @pulumi/[email protected] doesn't exist (worth a quick npm view @pulumi/aws versions to confirm — pick the most recent stable release if the version you cite isn't published yet on the post's go-live date).

• [L86] content/blog/upgrading-cloud-providers-without-breaking-production/index.md — "Using pulumi preview --refresh reads live cloud state during a preview without updating the state file." — verdict: unverifiable (verifier hit a global 429 rate limit). The --refresh flag is documented in content/docs/iac/cli/commands/pulumi_preview.md; the "does not update the state file" half of the claim is the load-bearing part — worth one sentence of confirmation from CLI behavior. Author: please confirm the no-state-write semantics.

• [L88-89] content/blog/upgrading-cloud-providers-without-breaking-production/index.md — "The command pulumi preview --refresh --diff --json produces machine-readable preview output that can be saved to a file." — verdict: unverifiable (verifier hit a global 429 rate limit). All three flags (--refresh, --diff, --json) are present in content/docs/iac/cli/commands/pulumi_preview.md; combined usage is the standard preview-to-JSON idiom. No author action expected.

• [L96] content/blog/upgrading-cloud-providers-without-breaking-production/index.md — "The pulumi preview --json output contains a .steps[] array with fields including .op and .urn that can be filtered for operations such as replace, delete, and delete-replaced." — verdict: unverifiable (verifier hit a global 429 rate limit). The jq snippet you reference will work iff the schema matches; this is the most consequential of the unverifiable claims because a reader will copy the jq line verbatim. Author: please paste a real pulumi preview --json excerpt (even just a couple of steps entries) to confirm the field names exactly — and confirm that delete-replaced is the canonical operation name (the engine's published op set is the source of truth here).

• [L124-126] content/blog/upgrading-cloud-providers-without-breaking-production/index.md — "pulumi stack export --file <filename> exports a checkpoint of the current stack state to a file." — verdict: unverifiable (verifier hit a global 429 rate limit). --file is documented in content/docs/iac/cli/commands/pulumi_stack_export.md. No author action expected.

• [L128] content/blog/upgrading-cloud-providers-without-breaking-production/index.md — "pulumi stack import can be used to restore a previously exported stack state checkpoint." — verdict: unverifiable (verifier hit a global 429 rate limit). Matches content/docs/iac/cli/commands/pulumi_stack_import.md. No author action expected.

• [L130-131] content/blog/upgrading-cloud-providers-without-breaking-production/index.md — "pulumi stack import --file <filename> restores a stack from a previously exported checkpoint file." — verdict: unverifiable (verifier hit a global 429 rate limit). --file is documented in content/docs/iac/cli/commands/pulumi_stack_import.md. No author action expected.

• [L136] content/blog/upgrading-cloud-providers-without-breaking-production/index.md — "The safest recovery rarely involves state import. Stop before pulumi up, revert the lockfile, and confirm the old provider still previews cleanly. Reserve state import for controlled recovery, not as a routine undo button." — verdict: unverifiable (verifier hit a global 429 rate limit). This is your editorial recommendation framing rollback hierarchy, not a published Pulumi position; no source attribution required.

💡 Pre-existing issues in touched files (optional)

No pre-existing issues in touched files.

✅ Resolved since last review

• [L52-53] content/blog/upgrading-cloud-providers-without-breaking-production/index.md — "Pulumi documents the version resource option as an override that should rarely be used directly during normal operations." — misquoted the docs' absolute prohibition ("should not be used directly during normal operations") as a frequency hedge ("should rarely be used"). Fixed in 36a84c8: the text now reads "should not be used directly during normal operations," matching the source exactly.

• [L109] content/blog/upgrading-cloud-providers-without-breaking-production/index.md — "The recommended batch rollout order for provider upgrades is…" — the "recommended" framing made it sound like an official Pulumi-published checklist. Fixed in 43dd610: text changed from "roll out in batches ordered by risk" to "a sensible rollout order is to batch by risk," softening the framing exactly as suggested.

📜 Review history

• 2026-05-19T03:22:07Z — One contradicted attribution finding on the version-resource-option quote; ten verifier 429-unverifiables on standard Pulumi CLI behavior; mechanics and frontmatter clean. (9868277)
• 2026-05-19T16:00:05Z — re-reviewed after fix push (1 new commit, 36a84c8); version-attribution finding resolved; no new findings from the fix commit. (36a84c8)
• 2026-05-19T16:30:00Z — re-reviewed after fix push (1 new commit, 43dd610); L109 low-confidence item resolved (rollout-framing softened); no new findings from the fix commit. (43dd610)

---

Need a re-review? Want to dispute a finding? Mention @claude and include #update-review.
(For ad-hoc questions or fixes, just @claude — no hashtag.)

[github-actions]

🤖 Review regenerated on @sicarul's request.

[sicarul]

@claude #update-review

[github-actions]

🤖 Review updated on @sicarul's request.

[sicarul]

@claude #update-review

[github-actions]

🤖 Review updated on @sicarul's request.