Add comprehensive historical alias verification and fix 8 missing aliases

.gitignore

@@ -84,3 +84,7 @@ scripts/alias-verification/aliases-suspicious.txt
 scripts/alias-verification/deletes.txt
 scripts/alias-verification/renames.txt
 scripts/alias-verification/fixes-data.txt
+scripts/alias-verification/historical-aliases-correct.txt
+scripts/alias-verification/historical-aliases-missing.txt
+scripts/alias-verification/historical-aliases-report.txt
+scripts/alias-verification/historical-fixes.json

AGENTS.md

@@ -42,7 +42,7 @@ Do not substitute other tools or commands.
 ## Absolute Prohibitions
 
 - **Package manager**: Do **not** change `package.json` to use pnpm. Yarn/npm only.  
-- **New files**: Must always end with a newline.  
+- **Markdown (.md) files**: Must always end with a newline.  
 
 ---
 

content/docs/administration/access-identity/oidc-client/kubernetes-eks.md

@@ -14,8 +14,9 @@ menu:
     parent: openid-connect-client
     weight: 1
 aliases:
-- /docs/pulumi-cloud/oidc/client/kubernetes-eks/
-- /docs/pulumi-cloud/access-management/oidc-client/kubernetes-eks/
+  - /docs/pulumi-cloud/access-management/oidc-client/kubernetes-eks/
+  - /docs/pulumi-cloud/access-management/oidc/client/kubernetes-eks/
+  - /docs/pulumi-cloud/oidc/client/kubernetes-eks/
 ---
 
 This document outlines the steps required to configure Pulumi to accept Elastic Kubernetes Service (EKS) id_tokens to be exchanged for a personal access token. With this configuration, Kubernetes pods authenticate to Pulumi Cloud using OIDC tokens issued by EKS.

content/docs/deployments/deployments/oidc/_index.md

@@ -11,11 +11,12 @@ menu:
     weight: 60
     identifier: deployments-deployments-oidc
 aliases:
-- /docs/pulumi-cloud/oidc/
-- /docs/administration/access-identity/oidc/
-- /docs/pulumi-cloud/oidc/provider/
-- /docs/administration/access-identity/oidc/provider/
-- /docs/pulumi-cloud/deployments/oidc/
+  - /docs/administration/access-identity/oidc/
+  - /docs/administration/access-identity/oidc/provider/
+  - /docs/pulumi-cloud/access-management/oidc/provider/
+  - /docs/pulumi-cloud/deployments/oidc/
+  - /docs/pulumi-cloud/oidc/
+  - /docs/pulumi-cloud/oidc/provider/
 ---
 
 Pulumi Deployments supports OpenID Connect (OIDC) integration with popular cloud providers. In order for a Pulumi IaC operation like `update` or `preview` to work, the Pulumi CLI must be able to access credentials that will allow it to perform the necessary CRUD operations on the resources in your stack. Pulumi Deployments' OIDC integrations allow your your deployments to use dynamic, short-lived cloud credentials for supported clouds instead of static credentials which are less secure and difficult to rotate. This page explains how to set up OIDC for Pulumi Deployments to access resources in your cloud provider accounts.

content/docs/deployments/deployments/oidc/aws.md

@@ -11,13 +11,14 @@ menu:
     weight: 1
     identifier: deployments-deployments-oidc-aws
 aliases:
-- /docs/pulumi-cloud/deployments/oidc/aws/
-- /docs/guides/oidc/provider/aws
-- /docs/intro/deployments/oidc/provider/aws/
-- /docs/pulumi-cloud/deployments/oidc/provider/aws/
-- /docs/pulumi-cloud/oidc/provider/aws/
-- /docs/pulumi-cloud/oidc/aws/
-- /docs/administration/access-identity/oidc/provider/aws/
+  - /docs/administration/access-identity/oidc/provider/aws/
+  - /docs/guides/oidc/provider/aws
+  - /docs/intro/deployments/oidc/provider/aws/
+  - /docs/pulumi-cloud/access-management/oidc/provider/aws/
+  - /docs/pulumi-cloud/deployments/oidc/aws/
+  - /docs/pulumi-cloud/deployments/oidc/provider/aws/
+  - /docs/pulumi-cloud/oidc/aws/
+  - /docs/pulumi-cloud/oidc/provider/aws/
 ---
 
 {{% notes type="info" %}}

content/docs/deployments/deployments/oidc/azure.md

@@ -11,13 +11,14 @@ menu:
     weight: 2
     identifier: deployments-deployments-oidc-azure
 aliases:
-- /docs/pulumi-cloud/deployments/oidc/azure/
-- /docs/guides/oidc/provider/azure
-- /docs/intro/deployments/oidc/provider/azure/
-- /docs/pulumi-cloud/deployments/oidc/provider/azure/
-- /docs/pulumi-cloud/oidc/provider/azure/
-- /docs/pulumi-cloud/oidc/azure/
-- /docs/administration/access-identity/oidc/provider/azure/
+  - /docs/administration/access-identity/oidc/provider/azure/
+  - /docs/guides/oidc/provider/azure
+  - /docs/intro/deployments/oidc/provider/azure/
+  - /docs/pulumi-cloud/access-management/oidc/provider/azure/
+  - /docs/pulumi-cloud/deployments/oidc/azure/
+  - /docs/pulumi-cloud/deployments/oidc/provider/azure/
+  - /docs/pulumi-cloud/oidc/azure/
+  - /docs/pulumi-cloud/oidc/provider/azure/
 ---
 
 {{% notes type="info" %}}

content/docs/deployments/deployments/oidc/gcp.md

@@ -11,13 +11,14 @@ menu:
     weight: 3
     identifier: deployments-deployments-oidc-gcp
 aliases:
-- /docs/pulumi-cloud/deployments/oidc/gcp/
-- /docs/guides/oidc/provider/gcp
-- /docs/intro/deployments/oidc/provider/gcp/
-- /docs/pulumi-cloud/deployments/oidc/provider/gcp/
-- /docs/pulumi-cloud/oidc/provider/gcp/
-- /docs/pulumi-cloud/oidc/gcp/
-- /docs/administration/access-identity/oidc/provider/gcp/
+  - /docs/administration/access-identity/oidc/provider/gcp/
+  - /docs/guides/oidc/provider/gcp
+  - /docs/intro/deployments/oidc/provider/gcp/
+  - /docs/pulumi-cloud/access-management/oidc/provider/gcp/
+  - /docs/pulumi-cloud/deployments/oidc/gcp/
+  - /docs/pulumi-cloud/deployments/oidc/provider/gcp/
+  - /docs/pulumi-cloud/oidc/gcp/
+  - /docs/pulumi-cloud/oidc/provider/gcp/
 ---
 
 {{% notes type="info" %}}

content/docs/deployments/deployments/using/post-automation.md

@@ -5,7 +5,8 @@ title: "Post-Deployment Automation"
 h1: "Post-Deployment Automation"
 meta_image: /images/docs/meta-images/docs-meta.png
 aliases:
-- /docs/pulumi-cloud/deployments/using/post-automation/
+  - /docs/pulumi-cloud/deployments/reference/
+  - /docs/pulumi-cloud/deployments/using/post-automation/
 menu:
   deployments:
     parent: deployments-deployments-using

content/docs/idp/developer-portals/templates/_index.md

@@ -2,7 +2,7 @@
 title: Organization templates
 title_tag: Get started with organization templates
 h1: Building developer portals with organization templates
-meta_desc: Lean how to build template projects and configure them to work with your Pulumi organization.
+meta_desc: Learn how to build template projects and configure them to work with your Pulumi organization.
 menu:
   idp:
     name: Organization templates
@@ -12,6 +12,7 @@ menu:
 aliases:
   - /docs/idp/developer-portals/templates/
   - /docs/pulumi-cloud/developer-platforms/templates/
+  - /docs/pulumi-cloud/developer-portals/templates/
 ---
 
 {{% notes "info" %}}

content/docs/reference/cloud-rest-api/deployments/_index.md

@@ -7,14 +7,15 @@ menu:
         parent: cloud-rest-api
         weight: 4.5
 aliases:
-  - /docs/reference/cloud-rest-api/deployments/
   - /docs/deployments/deployments/api
   - /docs/deployments/deployments/api/
-  - /docs/reference/deployments-rest-api
-  - /docs/reference/deployments-rest-api/
   - /docs/intro/deployments/api
   - /docs/intro/deployments/api/
+  - /docs/pulumi-cloud/deployments/api/
   - /docs/pulumi-cloud/reference/deployments/
+  - /docs/reference/cloud-rest-api/deployments/
+  - /docs/reference/deployments-rest-api
+  - /docs/reference/deployments-rest-api/
 ---
 
 The Deployments API allows you to configure and manage Pulumi Deployments, which enable you to execute Pulumi updates and other operations through the Pulumi Cloud. With this API, you can configure deployment settings for your stacks, trigger deployments, view deployment status and logs, and manage deployment execution.

scripts/alias-verification/README.md

@@ -93,3 +93,146 @@ python3 verify-aliases.py
 4. If issues found, use `generate-fixes.py` and `apply-fixes.py`
 5. Re-run `python3 verify-aliases.py` until it passes (exit 0)
 6. Merge your PR with confidence!
+
+---
+
+## Comprehensive Historical Verification
+
+The scripts above check **branch-level changes** (current branch vs master). However, they can miss **pre-reorg moves** - files that were moved on master before your branch was created, or multi-hop moves (A→B→C where only B is aliased).
+
+### When to Use Historical Verification
+
+Use these scripts when:
+- You've completed a major documentation reorganization
+- You want to ensure ALL historical paths have aliases (not just recent branch changes)
+- You're investigating reports of missing aliases that the branch verification missed
+
+### Comprehensive Verification Workflow
+
+#### Step 1: Verify All Historical Aliases
+
+```bash
+cd scripts/alias-verification
+python3 verify-all-historical-aliases.py
+```
+
+This script:
+- Checks the **complete git history** of every file (limited to past 6 months)
+- Uses `git log --follow -M30% origin/master` to track all historical paths
+- **Only checks master branch** - ignores development branches that were never merged/published
+- **30% similarity detection** catches files that were significantly rewritten during moves (e.g., documentation revamps)
+- Checks both frontmatter aliases AND S3 redirect files (`scripts/redirects/*.txt`)
+- Identifies files missing any historical alias
+
+Output files:
+- `historical-aliases-missing.txt` - Files with missing historical aliases ❌
+- `historical-aliases-correct.txt` - Files with complete coverage ✓
+- `historical-aliases-report.txt` - Detailed analysis with git history
+
+#### Step 2: Generate Fixes
+
+```bash
+python3 generate-historical-fixes.py
+```
+
+This script:
+- Parses the missing aliases log
+- Reads current aliases from each file
+- Generates a combined list of all aliases (existing + missing)
+- Outputs `historical-fixes.json` with the complete fix data
+
+#### Step 3: Apply Fixes
+
+```bash
+python3 apply-historical-fixes.py
+```
+
+This script:
+- Reads `historical-fixes.json`
+- Updates each file's frontmatter to add missing aliases
+- Prompts for confirmation before modifying files
+- Reports success/failure for each file
+
+**⚠️ WARNING**: This modifies files in place. Make sure to commit any important changes first!
+
+#### Step 3.5: Review for False Positives (IMPORTANT)
+
+Before committing the changes, **you must review them for false positives**. The 30% similarity detection can occasionally match unrelated files that happen to have similar content patterns.
+
+```bash
+git diff
+```
+
+**Common false positive patterns to watch for:**
+
+1. **Unrelated file replacements**: Files with similar names but completely different purposes
+   - Example: `doppler.md` matched with historical path `infisical.md` (different products)
+   - Example: CLI commands that were never actually renamed (e.g., `pulumi_project` ← `pulumi_env_init`)
+
+2. **Content rewrites that aren't renames**: Files that were deleted and recreated with new content
+   - Low similarity can match files that share some boilerplate but are fundamentally different
+
+3. **Development-only paths**: Should be rare now that we only check master, but verify paths make sense
+
+**How to remove false positive aliases:**
+
+If you find an incorrect alias, simply edit the file and remove it from the `aliases:` list in the frontmatter.
+
+**Example of removing a false positive:**
+
+```yaml
+# Before (with false positive)
+aliases:
+  - /docs/esc/integrations/dynamic-login-credentials/infisical-login/  # ← FALSE POSITIVE
+  - /docs/esc/providers/doppler-login/
+
+# After (false positive removed)
+aliases:
+  - /docs/esc/providers/doppler-login/
+```
+
+After removing false positives, re-run the apply script if needed, or proceed to verification.
+
+#### Step 4: Re-verify
+
+```bash
+python3 verify-all-historical-aliases.py
+```
+
+Run the comprehensive verification again to confirm all aliases are now present.
+
+### Example Output
+
+```
+================================================================================
+=== VERIFICATION SUMMARY ===
+================================================================================
+Total markdown files scanned:        699
+Files with historical moves:         353
+Files with complete aliases:         ✓ 271
+Files with missing aliases:          ❌ 82
+Total missing aliases:               ❌ 82
+```
+
+### What Gets Checked
+
+The comprehensive verification checks:
+1. **Git History**: All paths a file has had in the past 6 months on the master branch
+1. **Frontmatter Aliases**: The `aliases:` field in markdown frontmatter
+1. **S3 Redirects**: Redirect mappings in `scripts/redirects/*.txt` files
+1. **Multi-hop Moves**: Files moved multiple times (A→B→C)
+1. **Pre-reorg Moves**: Files moved on master before your branch existed
+1. **Low-Similarity Renames**: Files that were significantly rewritten during moves using git's 30% similarity detection (catches delete+add operations that are actually content revamps)
+
+**Note**: The script only checks `origin/master` history, not development branches. This prevents false positives from paths that only existed during development and were never published.
+
+### Differences from Branch Verification
+
+| Feature | Branch Verification | Historical Verification |
+|---------|-------------------|------------------------|
+| Scope | Current branch vs master | Complete git history |
+| Time Range | Branch lifetime | Past 6 months |
+| Catches pre-reorg moves | ❌ No | ✓ Yes |
+| Catches multi-hop moves | ❌ No | ✓ Yes |
+| Checks S3 redirects | ❌ No | ✓ Yes |
+| When to use | Every PR with file moves | After major reorgs |