fix: switch cyber-dojo tutorials to kosli search

[AlexKantor87]

Why

Two tutorials walk users through kosli get artifact <flow>@<short-sha> against the public cyber-dojo org, and both commands now fail (kosli-dev/server#4937):

1. The flows they reference (creator, runner) were renamed to <name>-archived-at-<timestamp> when archived in early 2024, so the flow name no longer resolves.
2. The get-artifact endpoint rejects short fingerprints (^[a-f0-9]{64}$ validation), with a misleading error message.

Accepting short fingerprints (kosli-dev/server#5474) is worth fixing server-side, but it won't repair these tutorials on its own because of the flow renames. kosli search resolves short fingerprints and commit SHAs org-wide, including archived flows, so it's the right tool for both walkthroughs.

What changed

• tutorials/tracing_a_production_incident_back_to_git_commits.md: kosli get artifact creator@860ad17 becomes kosli search 860ad17.
• tutorials/following_a_git_commit_to_runtime_environments.md: kosli get artifact runner:16d9990 becomes kosli search 16d9990.
• Refreshed the documented output blocks to what CLI v2.26.0 actually prints against prod today (captured 12 Jun 2026): archived flow names, the current list flows table, the COMPLIANCE column in get snapshot, and Instances in diff snapshots.
• Added a short <Info> in each tutorial explaining the -archived-at-<timestamp> names. The rename-on-archive behaviour itself now has its own issue: kosli-dev/server#5879.
• Fixed the artifact web-interface link that has 404'd since the flow rename.

Deliberately out of scope: tutorials/querying_kosli.md has the same problem throughout (its whole walkthrough is built on the archived creator flow, including kosli list artifacts --flow creator), and its "Get artifact" section exists to document the flow@sha syntax that's under discussion in kosli-dev/server#5476. It deserves its own pass once kosli-dev/server#5474 lands.

Verification

• Every command in both tutorials was run against prod (KOSLI_ORG=cyber-dojo, read-only token); the output blocks are verbatim captures.
• mint broken-links passes.

🤖 Generated with Claude Code

[claude]

Claude finished @AlexKantor87's task in 1m 28s —— View job

---

PR Review: Switch cyber-dojo tutorials to kosli search

• Gather context (read CLAUDE.md, skill file, changed files)
• Review diff for conventions, links, and content quality
• Post inline findings
• Post summary

---

Summary

Clean, well-scoped PR. Both tutorials are correctly updated from the broken kosli get artifact flow@sha syntax to kosli search, and the output blocks look like genuine CLI v2.26.0 captures. The <Info> callouts explaining the archived flow naming are a good touch — they prevent confusion without derailing the tutorial narrative.

Findings

No critical issues.

Suggestions (2 — both non-blocking, posted inline):

#	File	Lines	Issue
1	following_a_git_commit_to_runtime_environments.md	89–91	The <Info> says "cyber-dojo's flows have since been reorganized" which could be read broadly; narrowing to "the original runner flow" would be more precise.
2	following_a_git_commit_to_runtime_environments.md	112	Minor column-alignment inconsistency in the get snapshot output block (RUNNING_SINCE/REPLICAS spacing differs between rows). Likely just CLI output behavior — worth a glance.

Convention compliance

• Links: All internal links are root-relative. All targets (/getting_started/install, /getting_started/flows, /client_reference/kosli_snapshot_k8s, /tutorials/querying_kosli) resolve to existing files.
• Frontmatter: Both files have title and description. No changes needed.
• Navigation: No new pages — no config/navigation.json update required.
• Writing style: Active voice, imperative mood, "Kosli" (not "the Kosli platform"), American spelling. All good.
• Components: <Info>, <Tooltip>, <Frame> used appropriately and sparingly.
• No relative links found.

Overall assessment

Ship it. The tutorials now work against prod, the explanatory callouts handle the archived-flow naming gracefully, and the out-of-scope decision for querying_kosli.md is well-reasoned in the PR description.

[mintlify]

Preview deployment for your docs. Learn more about Mintlify Previews.

Project	Status	Preview	Updated (UTC)
kosli	🟢 Ready	View Preview	Jun 12, 2026, 9:02 AM

[AlexKantor87]

@JonJagger flagging one thing before this merges. The kosli search switch itself is sound, but refreshing the kosli ls flows block surfaced a wrinkle worth your eyes.

The new -ci flows are all marked visibility: private, whereas the original 2022 flows were public (the archived runner-archived-at-1709658802 still reports public). So the tutorial now says "the cyber-dojo organization is public, any authenticated user can read its data" right above a table stamping private on every row, which reads oddly in public docs.

In practice it's cosmetic: the org being public means reads work regardless. I verified an unauthenticated GET on runner-ci returns 200. But it's not a great look in a tutorial, and it quietly models demo hygiene we'd rather not show.

The real fix sits on the cyber-dojo side rather than in the docs: flipping the -ci flows to public (a --visibility public on the kosli create flow calls in the workflows, or a one-off update) would make the table match the narrative. Once they're public I'll re-capture that one block and this can merge clean.

I'm holding the merge until then. Everything else in the PR stands.