SEO keyword pass on ten-more-things post

[adamgordonbell]

• Embed ECS, AWS Fargate, ALB in section 1 heading/body for specificity
• Add Datadog APM, p95/p99 latency, Linear integration, Jira automation
• Expand section headings: IAM audit, configuration drift, Lambda runtimes, AWS CIS Benchmark, containerize + Kubernetes
• Embed Lambda runtime context naturally
• Switch "base image" → "Docker image" in section 7

[github-actions]

Social Media Review

No social copy to review — the only file in this PR (content/blog/stop-tuning-prompts-build-a-harness/index.md) was deleted and skipped.

Updated for commit 5bbcbe91237a0b1ad35d7d0ffa66c82edd26b59c (short: 5bbcbe9) at 2026-05-22 00:00 UTC.

[pulumi-bot]

Your site preview for commit e95b397 is ready! 🎉

http://www-testing-pulumi-docs-origin-pr-19362-e95b3972.s3-website.us-west-2.amazonaws.com

[github-actions]

Pre-merge Review — Last updated 2026-05-22T21:26:36Z

Tip

Summary: This PR is an SEO/AEO keyword pass on the "Ten More Things You Can Do With Pulumi Neo" blog post — a sequel to the original 10-things post. The +22/-20 diff refines H2 titles and prose with more specific keywords (e.g., Containerize, Lambda functions, configuration drift, AWS CIS Benchmark) and adds a new [^compostable] footnote citing the AI-native software factory post. The wrongness that would block a reader's success here is factual overreach in the keyword expansions — vendor product names that don't match the source (e.g., "Datadog APM" for generic Datadog), product-feature phrasing that drifts from official capability names ("Jira automation" vs. the catalog's Atlassian/Jira-issues integration), or mis-stated AWS behavior. Passes run: facts (38 claims, 22 verified, 5 contradicted, 5 unverifiable, plus a triage pass that downgraded 6 of those), editorial-balance (11 H2 sections, no outliers), frontmatter sweep, temporal-trigger spot-check, Vale style lint, content-only Hugo skip.

Review confidence:

Dimension	Level	Notes
mechanics	HIGH
facts	MEDIUM	Three contradicted SEO additions introduce real overreach (Datadog APM label, Jira automation phrasing, AWS Lambda invocation block).
editorial balance	HIGH

Investigation log

• Cross-sibling reads: not run (not in a templated section)
• External claim verification: 22 of 38 claims verified (5 unverifiable, 5 contradicted) · 4 specialists (numerical, cross-reference, capability, framing); 0 cross-specialist corroborations · routed: 0 inline, 24 Pass 1, 0 Pass 2, 14 Pass 3 (verified 5, contradicted 5, unverifiable 4).
• Cited-claim spot-checks: not run (no cited claims)
• Frontmatter sweep: ran on body + meta_desc + social.{bluesky, linkedin, twitter}
• Temporal-trigger sweep: ran (recency words present in diff; spot-check in-review)
• Code execution: not run (no static/programs/ change)
• Code-examples checks: not run (no fenced code blocks in content files)
• Editorial-balance pass: ran (11 H2 sections, 0 flags fired)

🚨 Outstanding	⚠️ Low-confidence	💡 Pre-existing	✅ Resolved
3	6	1	0

🔍 Verification trail

38 claims extracted · 22 verified · 5 unverifiable · 5 contradicted

• L17 in content/blog/10-more-things-you-can-do-with-neo/index.md "A prior blog post titled '10 things you could do with Pulumi Neo' was written last fall (relative to the post date of 2026-05-19)." (also L21, L29) → ✅ verified (evidence: The original blog post "10 Things You Can Do With Our Infrastructure Agent, Neo" is dated 2025-10-06 (October 6, 2025). The new post is dated 2026-05-19, and refers to it as "Last fall we wrote up 10 things you could do with Pulumi Neo." O…; source: repo:content/blog/10-things-you-can-do-with-neo/index.md)
• L23 in content/blog/10-more-things-you-can-do-with-neo/index.md "Neo now supports drift detection, Lambda runtime upgrades, and CIS Benchmark fixes that can be scheduled to run automatically (e.g., drift detection every morn…" → ➖ not-a-claim (evidence: The claim describes features of Pulumi Neo as presented in the PR author's own blog post. The LinkedIn social copy in the same file explicitly states: "Drift detection every morning. Lambda runtime upgrades every Sunday night. CIS Benchmar…; source: repo:content/blog/10-more-things-you-can-do-with-neo/index.md)
• L25 in content/blog/10-more-things-you-can-do-with-neo/index.md "With today's release, Neo extends beyond the web console to the CLI, GitHub, and Slack, with the same plan mode and PR workflow available in different places." → ✅ verified (framing: strengthened — claim combines the body text and LinkedIn social copy into one sentence; the source's two passages together prove the claim as a subset; evidence: The blog post body (line 25) states: "With today's release, Neo extends beyond the Pulumi Cloud console into the Pulumi CLI, GitHub, and Slack." The LinkedIn social copy adds: "Same plan mode and PR…; source: repo:content/blog/10-more-things-you-can-do-with-neo/index.md)
• L34 in content/blog/10-more-things-you-can-do-with-neo/index.md "Pulumi shipped a read-only mode feature for Neo, documented at /blog/neo-read-only-mode/." → 🤝 matches (evidence: The file content/blog/neo-read-only-mode/index.md exists with title "Introducing Read-Only Mode for Pulumi Neo" and describes exactly the feature referenced: "Read-only mode solves this by letting you cap Neo's permissions at task creati…; source: repo:content/blog/neo-read-only-mode/index.md)
• L34 in content/blog/10-more-things-you-can-do-with-neo/index.md "Pulumi Neo features shipped include plan mode, read-only mode, AGENTS.md support, an integration catalog, cross-cloud migration, and task sharing." → ✅ verified (evidence: The file at L34 states exactly: "shipping a steady stream of features like plan mode, read-only mode, AGENTS.md, an [integration catalog](/blog…; source: repo:content/blog/10-more-things-you-can-do-with-neo/index.md)
• L42 in content/blog/10-more-things-you-can-do-with-neo/index.md "When deploying an app to AWS, Neo picks ECS, AWS Fargate, and ALB as the services to use." → ✅ verified (evidence: The file at the relevant section states: "Neo picks the right services — ECS, AWS Fargate, ALB — writes the Pulumi, and opens a PR." and further confirms "ECS running on AWS Fargate, an ALB, and the VPC wiring."; source: repo:content/blog/10-more-things-you-can-do-with-neo/index.md)
• L50 in content/blog/10-more-things-you-can-do-with-neo/index.md "Neo's plan mode returns the resources Neo will create, named and sized (ECS running on AWS Fargate, an ALB, and VPC wiring), then Neo writes the Pulumi program…" → 🤷 unverifiable (framing: shifted — the source describes Plan Mode as a planning/discovery workflow; the claim attributes a full execution workflow (write program, preview, open PR) wit…; evidence: The cited source /blog/neo-plan-mode/ describes Plan Mode as "a dedicated experience for collaborating with Neo on a detailed plan before execution begins" focused on discovery and synthesis, with no mention of returning named/sized reso…; source: https://www.pulumi.com/blog/neo-plan-mode/ (WebSearch dispatched but verification did not converge within the turn budget))
• L61 in content/blog/10-more-things-you-can-do-with-neo/index.md "The blog post uses a specific example where the checkout endpoint's p95 latency climbs from 200ms to 1.2s." → 🤷 unverifiable (evidence: The blog post 10-more-things-you-can-do-with-neo/index.md is a PR file not yet publicly published; no web source contains the specific example of a checkout endpoint's p95 latency climbing from 200ms to 1.2s. Related published Neo blog…; source: WebSearch ran query "Pulumi blog '10 more things' Neo 'checkout' '200ms' '1.2s'"; top results didn't address the claim)
• L63 in content/blog/10-more-things-you-can-do-with-neo/index.md "Neo's integration catalog includes built-in Datadog APM, PagerDuty, and Honeycomb integrations." → ❌ contradicted (framing: shifted — source says "Datadog" (general); claim says "Datadog APM" (a specific Datadog product), which is a different subject than what the source supports.; evidence: The source page lists "Datadog, Honeycomb, Linear, PagerDuty, and Supabase" as integrations, but never specifies "Datadog APM" — it refers to Datadog generically (metrics, latency, error-rate). The claim's "Datadog APM" label is not suppor…; source: https://www.pulumi.com/blog/neo-integration-catalog/)
• L86 in content/blog/10-more-things-you-can-do-with-neo/index.md "Neo's example triage output states: 'Two deploys in the last hour touched services tagged service:checkout: checkout-api@a3f9c2 (12 min ago, app-layer depl…" → ➖ not-a-claim (framing: strengthened — this is a faithful description of the PR author's own design/pipeline (a made-up example output), not a third-party-attributed assertion.; evidence: The quoted text is a fictional example output from "Neo" (a Pulumi AI agent), authored by the PR author as illustrative sample output in their own blog post. It is not an assertion about a third-party fact — it is the PR author's own fabri…; source: repo:content/blog/10-more-things-you-can-do-with-neo/index.md)
• L90 in content/blog/10-more-things-you-can-do-with-neo/index.md "Neo's Settings → Integrations page shows six integrations available with Authorize buttons for Atlassian, Datadog, Honeycomb, Linear, PagerDuty, and Supabase." → ➖ not-a-claim (evidence: The claim is a verbatim reproduction of the alt text for an image in the PR author's own blog post: "Neo Settings → Integrations page: six integrations available with Authorize buttons for Atlassian, Datadog, Honeycomb, Linear, PagerDuty,…; source: repo:content/blog/10-more-things-you-can-do-with-neo/index.md)
• L95 in content/blog/10-more-things-you-can-do-with-neo/index.md "Neo can accept ticket numbers from Linear, Jira, or GitHub Issues." → ✅ verified (evidence: The blog post explicitly states in the section header for item 4: "Hand Neo a ticket number from Linear, Jira, or GitHub Issues. Neo reads the description and acceptance criteria, plans against your stack, and opens a PR." The body further…; source: repo:content/blog/10-more-things-you-can-do-with-neo/index.md)
• L99 in content/blog/10-more-things-you-can-do-with-neo/index.md "Neo supports a Linear integration and Jira automation through the integration catalog, and GitHub Issues also works." → ❌ contradicted (framing: shifted — source lists "Atlassian — Jira issues, Confluence pages, project context" and "GitHub" (broadly), not "Jira automation" or "GitHub Issues" as a disti…; evidence: The neo-integration-catalog blog post confirms Linear and Atlassian/Jira as launch integrations, and GitHub is listed among MCP integrations. However, the source does not describe Jira as "Jira automation" (it covers "Jira issues, Confluen…; source: https://www.pulumi.com/blog/neo-integration-catalog/)
• L112 in content/blog/10-more-things-you-can-do-with-neo/index.md "Neo audits each IAM role against what the stack code actually does and proposes scoped policies." → ➖ not-a-claim (evidence: The text at line 112 of the blog post reads: "Neo audits each role against what your stack code actually does, and proposes scoped policies that improve your security posture." This is the PR author's own description of their own product (…; source: gh search code --repo pulumi/docs "scoped policies" --language markdown)
• L116 in content/blog/10-more-things-you-can-do-with-neo/index.md "The blog post states that production has 40 roles and half of them started with s3:*." → 🤷 unverifiable (evidence: The blog post "10 More Things You Can Do with Neo" is a PR/unpublished file not yet indexed publicly. The specific claim about "40 roles" with half starting with s3:* appears to be an illustrative scenario authored by the PR writer; no e…; source: WebSearch ran query "Pulumi '10 more things' Neo blog '40 roles' OR '20 roles' 's3:'"; top results didn't address the claim. The blog URL content/blog/10-more-things-you-can-do-with-neo/index.md is not yet publicly indexed.; intuition: The "40 roles, half with s3:" figures are suspiciously round and illustrative — likely a fabricated scenario for narra…)
• L133 in content/blog/10-more-things-you-can-do-with-neo/index.md "Neo reads an existing AWS CDK app and opens a PR that swaps AWS's defaults for the team's published components." → ➖ not-a-claim (evidence: The blog post is authored by Pulumi (adam-gordon-bell) describing Pulumi Neo's own capabilities — this is a faithful description of the PR author's own product design/pipeline, not a third-party-attributed assertion. The claim about Neo re…; source: content/blog/10-more-things-you-can-do-with-neo/index.md)
• L135 in content/blog/10-more-things-you-can-do-with-neo/index.md "CDK's L2 construct s3.Bucket with encryption: BucketEncryption.S3_MANAGED uses AWS-managed encryption by default." → ✅ verified (evidence: The blog post itself states: "s3.Bucket with encryption: BucketEncryption.S3_MANAGED is a sane choice, but it's AWS's idea of sane, not yours." The S3_MANAGED value in AWS CDK's BucketEncryption enum corresponds to SSE-S3 (AWS-mana…; source: repo:content/blog/10-more-things-you-can-do-with-neo/index.md (confirmed via read_file and gh search code))
• L135 in content/blog/10-more-things-you-can-do-with-neo/index.md "Pulumi has a Private Registry feature for publishing components, documented at /docs/idp/concepts/private-registry/." → ✅ verified (evidence: The file content/docs/idp/concepts/private-registry.md exists in the pulumi/docs repo and is served at /docs/idp/concepts/private-registry/. It states: "Pulumi Private Registry is the source of truth for an organization's infrastructur…; source: repo:content/docs/idp/concepts/private-registry.md)
• L164 in content/blog/10-more-things-you-can-do-with-neo/index.md "Containerizing an application and moving it to Kubernetes involves decisions about which Docker image to use, what labels go on deployments, how ingress is wir…" → ➖ not-a-claim (evidence: The statement is a general descriptive framing of the problem space around containerizing applications for Kubernetes (Docker image selection, deployment labels, ingress wiring, secrets) — it is the PR author's own characterization of a we…; source: repo:content/blog/10-more-things-you-can-do-with-neo/index.md)
• L174 in content/blog/10-more-things-you-can-do-with-neo/index.md "Neo reads runbooks in Confluence via the integration catalog." → ✅ verified (framing: strengthened — claim narrows 'Confluence pages' to 'runbooks in Confluence'; source's broader form proves the claim as a subset (runbooks are a type of Conflue…; evidence: The source blog post confirms the Atlassian integration exposes "Confluence pages" to Neo via the Integration Catalog: "Atlassian — Jira issues, Confluence pages, project context." Runbooks are a type of Confluence page, so reading runbook…; source: https://www.pulumi.com/blog/neo-integration-catalog/)
• L185 in content/blog/10-more-things-you-can-do-with-neo/index.md "Neo can be scheduled to run a daily drift check across cloud infrastructure and create PRs to fix issues." → ✅ verified (evidence: The blog post's own LinkedIn social copy states: "Drift detection every morning. Lambda runtime upgrades every Sunday night. CIS Benchmark fixes that show up as PRs while you sleep." This directly confirms that Neo can be scheduled to run…; source: repo:content/blog/10-more-things-you-can-do-with-neo/index.md (LinkedIn social section))
• L191 in content/blog/10-more-things-you-can-do-with-neo/index.md "Pulumi Cloud already has configuration drift detection capability, and Neo extends it further." → ✅ verified (evidence: Pulumi Cloud's drift detection capability is extensively documented: content/docs/deployments/deployments/drift.md states "Drift detection is the process of identifying changes in the actual state of your cloud environment that deviate f…; source: repo:content/docs/deployments/deployments/drift.md; repo:content/blog/10-more-things-you-can-do-with-neo/index.md)
• L206 in content/blog/10-more-things-you-can-do-with-neo/index.md "Neo can be scheduled to run weekly upgrades for outdated Lambda runtimes and providers." → ✅ verified (framing: strengthened — claim narrows the section heading "outdated providers and runtimes" to specifically mention "Lambda runtimes"; the LinkedIn social copy in the s…; evidence: The file contains section "## 9. Schedule weekly upgrades for outdated providers and runtimes" and the LinkedIn social copy in the same file states "Lambda runtime upgrades every Sunday night," directly supporting the claim that Neo can be…; source: repo:content/blog/10-more-things-you-can-do-with-neo/index.md (confirmed via gh search code and gh api))
• L210 in content/blog/10-more-things-you-can-do-with-neo/index.md "After the AWS Lambda runtime end-of-life deadline, AWS blocks new deploys and eventually stops invoking the function." → ❌ contradicted (framing: shifted — claim states AWS "eventually stops invoking the function," but AWS policy is that invocations are never blocked; only new deploys and updates are blo…; evidence: AWS official docs and blog explicitly state the opposite: "Lambda does not block invocations of functions that use a deprecated runtime. Function invocations continue indefinitely after the runtime reaches end of support." (aws.amazon.com/…; source: https://aws.amazon.com/blogs/compute/managing-aws-lambda-runtime-upgrades/ and https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html)
• L214 in content/blog/10-more-things-you-can-do-with-neo/index.md "Neo reads the AWS Lambda runtime deprecation page to match end-of-support runtimes against Lambda functions in stacks." → ✅ verified (evidence: The file at content/blog/10-more-things-you-can-do-with-neo/index.md contains the passage: "Neo reads the AWS Lambda runtime deprecation page, matches the end-of-support runtimes against every Lambda in your stacks, and opens one PR per st…; source: gh search code --owner pulumi "Lambda runtime deprecation" --repo pulumi/docs)
• L216 in content/blog/10-more-things-you-can-do-with-neo/index.md "Neo opens one PR per stack when upgrading Lambda runtimes." → ✅ verified (evidence: The blog post at line ~216 states: "Neo reads the AWS Lambda runtime deprecation page, matches the end-of-support runtimes against every Lambda in your stacks, and opens one PR per stack." This directly confirms the claim.; source: repo:content/blog/10-more-things-you-can-do-with-neo/index.md (confirmed via gh search code --owner pulumi))
• L218 in content/blog/10-more-things-you-can-do-with-neo/index.md "When upgrading from Python 3.9, the upgrade target runtime is Python 3.12, and datetime.utcnow() calls need to move to datetime.now(datetime.UTC)." → ✅ verified (framing: strengthened — the claim is a faithful paraphrase of the source text; the technical details (Python 3.12 as upgrade target, datetime.UTC availability, utcnow()…; evidence: The blog post itself states: "If Python 3.9 is reaching end-of-support, the upgrade is to Python 3.12, and datetime.utcnow() calls need to move to datetime.now(datetime.UTC). Neo can make all of those replacements in the same PR." This…; source: repo:content/blog/10-more-things-you-can-do-with-neo/index.md (confirmed via gh search code))
• L225 in content/blog/10-more-things-you-can-do-with-neo/index.md "Neo's Scheduled Tasks UI allows setting up a weekly task that runs every Sunday night and opens PRs reviewable on Monday." → ✅ verified (evidence: The source file at line ~225 contains a figcaption that reads: "Setting up a weekly task in the Scheduled Tasks UI. Once saved, Neo runs the prompt every Sunday night and opens PRs you review on Monday." This is a direct match to the claim.; source: gh search code --owner pulumi "Scheduled Tasks" "neo" → pulumi/docs:content/blog/10-more-things-you-can-do-with-neo/index.md)
• L227 in content/blog/10-more-things-you-can-do-with-neo/index.md "The CIS AWS Foundations Benchmark is available through AWS Security Hub." → ✅ verified (evidence: The official AWS Security Hub documentation confirms: "AWS Security Hub CSPM supports CIS AWS Foundations Benchmark versions 5.0.0, 3.0.0, 1.4.0, and 1.2.0." The benchmark is explicitly available as a security standard within AWS Security…; source: https://docs.aws.amazon.com/securityhub/latest/userguide/cis-aws-foundations-benchmark.html)
• L231 in content/blog/10-more-things-you-can-do-with-neo/index.md "The CIS AWS Foundations Benchmark includes a check for root user access keys that shouldn't exist, identified as rule IAM.4." → ❌ contradicted (framing: shifted — the claim attributes IAM.4 to the CIS AWS Foundations Benchmark, but IAM.4 is a control in the AWS Foundational Security Best Practices standard; the…; evidence: AWS documentation explicitly separates the two standards: the CIS AWS Foundations Benchmark identifies the root user access key check as "1.12 – Ensure no root user access key exists" (v1.2.0) or 1.4 (v1.4.0+), while IAM.4 ("IAM root user…; source: https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-account-root-user.html)
• L248 in content/blog/10-more-things-you-can-do-with-neo/index.md "Agents open pull requests, investigate issues, and iterate on review feedback." → 🤷 unverifiable (evidence: verification did not converge within 8 turns)
• L248 in content/blog/10-more-things-you-can-do-with-neo/index.md "Over the past year, many product teams have stopped treating AI as a request-by-request assistant and started delegating to it outright, with agents opening pu…" → 🤷 unverifiable (framing: shifted — this is an editorial positioning/trend claim, not a falsifiable technical assertion; it cannot be confirmed or contradicted by a single authoritative…; evidence: The claim is a broad editorial/positioning statement asserting a general industry trend ("many product teams have stopped treating AI as a request-by-request assistant and started delegating to it outright"). While search results confirm A…; source: WebSearch ran query "product teams AI agents opening pull requests investigating issues 2024 2025"; top results didn't directly verify the specific claim's framing.; intuition: Broad trend claim with no cited source — functions as marketing framing rather than a verifiable factual assertion; bor…)
• L252 in content/blog/10-more-things-you-can-do-with-neo/index.md "Neo has a grounding feature described at /blog/grounded-ai-why-neo-knows-your-infrastructure/." → ✅ verified (evidence: The blog post at /blog/grounded-ai-why-neo-knows-your-infrastructure/ exists in the repo (content/blog/grounded-ai-why-neo-knows-your-infrastructure/index.md) and describes Neo's grounding feature: "This is what makes it grounded AI: it'…; source: repo:content/blog/grounded-ai-why-neo-knows-your-infrastructure/index.md)
• L256 in content/blog/10-more-things-you-can-do-with-neo/index.md "Neo is available in the terminal (Pulumi CLI), in pull requests (GitHub), in Slack, and in Pulumi Cloud." → ✅ verified (evidence: The blog post's own introduction states: "With today's release, Neo extends beyond the Pulumi Cloud console into the Pulumi CLI, GitHub, and Slack." This confirms all four surfaces named in the claim: terminal (Pulumi CLI), pull requests (…; source: repo:content/blog/10-more-things-you-can-do-with-neo/index.md)
• L258-259 in content/blog/10-more-things-you-can-do-with-neo/index.md "The blog post 'Seven Rules for Building an AI-Native Software Factory' features Ewan Dawson, CTO of Compostable AI, as a concrete example of AI-native infrastr…" → ✅ verified (framing: strengthened — the source presents Ewan Dawson as the primary author/subject of the entire post; the claim narrows this to "a concrete example of AI-native inf…; evidence: The Pulumi blog post "Seven Rules for Building an AI-Native Software Factory" is confirmed to feature Ewan Dawson as CTO of Compostable AI: "Ewan Dawson is CTO of Compostable AI, where five engineers run an AI-native software factory: nine…; source: https://www.pulumi.com/blog/seven-rules-ai-native-software-factory/)
• L260 in content/blog/10-more-things-you-can-do-with-neo/index.md "The original '10 things you can do with Neo' post covered Terraform-to-Pulumi migration." → ✅ verified (evidence: The original "10 things you can do with Neo" post at pulumi.com/blog/10-things-you-can-do-with-neo/ explicitly covers Terraform-to-Pulumi migration: "Neo understands both languages and can convert HCL to TypeScript, Python, or Go while pre…; source: https://www.pulumi.com/blog/10-things-you-can-do-with-neo/)
• L262 in content/blog/10-more-things-you-can-do-with-neo/index.md "The original '10 things you can do with Neo' post covered scheduling Lambda runtime upgrades." → ❌ contradicted (framing: shifted — source covers on-demand Lambda runtime upgrades; claim asserts the post covered "scheduling" Lambda runtime upgrades, which is a different subject in…; evidence: The original post at /blog/10-things-you-can-do-with-neo/ covers Lambda runtime upgrades as an on-demand workflow ("Neo identifies outdated Lambda runtimes, stages updates, and manages the rollout across your entire AWS organization"), but…; source: https://www.pulumi.com/blog/10-things-you-can-do-with-neo/)
• L264 in content/blog/10-more-things-you-can-do-with-neo/index.md "The original '10 things you can do with Neo' post covered remediating CIS/compliance violations on demand." → ✅ verified (framing: strengthened — claim narrows the source's general "fix all policy violations" to "CIS/compliance violations on demand"; the source's broader form proves the cl…; evidence: The original post at pulumi.com/blog/10-things-you-can-do-with-neo/ does cover remediating compliance/policy violations: "Ask Neo: 'Fix all policy violations in our production account' and it analyzes your compliance dashboard, identifies…; source: https://www.pulumi.com/blog/10-things-you-can-do-with-neo/)

📊 Editorial balance

Section depth, mention distribution, recommendation steering

• Section depth: 11 H2 sections (mean 10.3 lines, median 9, std 3.8). No section-depth outliers (≥3× median).
• Vendor / entity mentions: Pulumi/Neo dominate (this is a Pulumi product post — expected). Third-party mentions: AWS (heavy: ECS, Fargate, ALB, IAM, S3, Lambda, RDS, CDK, Security Hub, CloudTrail, KMS); Datadog: 3 · PagerDuty: 3 · Honeycomb: 2 · Linear: 3 · Jira/Atlassian: 4 · GitHub: 4 · Confluence: 3 · Slack: 4 · Kubernetes: 3 · Supabase: 1. Mix is contextual (ticket sources, observability, ops surfaces), not promotional toward any single non-Pulumi vendor.
• FAQ steering: no FAQ section in this post.

🚨 Outstanding in this PR

These must be resolved or refuted before merging.

• [L63] content/blog/10-more-things-you-can-do-with-neo/index.md — "Neo's integration catalog includes built-in Datadog APM, PagerDuty, and Honeycomb integrations." — verdict: contradicted; framing: shifted — source says "Datadog" (general); claim says "Datadog APM" (a specific Datadog product), which is a different subject than what the source supports. The diff introduced this by changing "built-in Datadog, PagerDuty, and Honeycomb integrations" → "built-in Datadog APM, PagerDuty, and Honeycomb integrations". The integration catalog announcement post lists the integration as generic "Datadog" — it covers traces and metrics broadly, not specifically the APM product line (which is one Datadog product among many). Two options:

  • Revert the keyword:

    -Neo's [integration catalog](/blog/neo-integration-catalog/) bridges this gap. With built-in Datadog APM, PagerDuty, and Honeycomb integrations sitting alongside your Pulumi state, Neo can read traces and metrics from the tools your team already uses and take action.
    +Neo's [integration catalog](/blog/neo-integration-catalog/) bridges this gap. With built-in Datadog, PagerDuty, and Honeycomb integrations sitting alongside your Pulumi state, Neo can read traces and metrics from the tools your team already uses and take action.

  • Or keep the SEO angle, but phrase it as capability rather than product label: "…built-in Datadog (traces and APM metrics), PagerDuty, and Honeycomb integrations…" — this surfaces the "APM" keyword without claiming Neo integrates with the "Datadog APM" product specifically.
    source: https://www.pulumi.com/blog/neo-integration-catalog/

• [L99] content/blog/10-more-things-you-can-do-with-neo/index.md — "Neo supports a Linear integration and Jira automation through the integration catalog, and GitHub Issues also works." — verdict: contradicted; framing: shifted — source lists "Atlassian — Jira issues, Confluence pages, project context" and "GitHub" (broadly), not "Jira automation" or "GitHub Issues" as a distinct integration. The diff changed "Linear or Jira" → "Linear integration or Jira automation"; "Jira automation" is the name of a separate Atlassian product (Jira's no-code automation rules engine), so labelling the integration that way will read as wrong to anyone who knows Atlassian's product taxonomy. Suggested rewrite that keeps the SEO weight on each ticket-source name without renaming the integration:

  -The fix is letting Neo read the ticket itself. Connect Linear integration or Jira automation through the integration catalog (GitHub Issues works too), and Neo pulls the ticket the same way an engineer would: title, description, acceptance criteria.
  +The fix is letting Neo read the ticket itself. Connect the Linear or Atlassian (Jira) integration through the integration catalog — GitHub Issues works too — and Neo pulls the ticket the same way an engineer would: title, description, acceptance criteria.

  source: https://www.pulumi.com/blog/neo-integration-catalog/

• [L210] content/blog/10-more-things-you-can-do-with-neo/index.md — "After the AWS Lambda runtime end-of-life deadline, AWS blocks new deploys and eventually stops invoking the function." — verdict: contradicted; framing: shifted — claim states AWS "eventually stops invoking the function," but AWS's documented policy for the deprecated-runtime lifecycle is that invocations are not blocked, only update/create operations on the function configuration are. From the AWS Lambda runtime support policy: "Lambda does not block invocations of functions that use a deprecated runtime. Function invocations continue indefinitely after the runtime reaches end of support." The PR-touched line carries this assertion forward. Suggested rewrite that preserves the urgency without misstating the policy:

  -AWS Lambda end-of-life notices come out months ahead. Node 20 stopped receiving updates as an AWS Lambda runtime at the end of April. Python 3.9 reached end-of-support last December. After the deadline, AWS blocks new deploys and eventually stops invoking the function. Each one needs to move to a supported runtime before the cutoff.[^9-original]
  +AWS Lambda end-of-life notices come out months ahead. Node 20 stopped receiving updates as an AWS Lambda runtime at the end of April. Python 3.9 reached end-of-support last December. After the deadline, AWS blocks code updates and configuration changes on affected functions — invocations keep running, but the function is frozen. Each one needs to move to a supported runtime before the cutoff.[^9-original]

  source: https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html, https://aws.amazon.com/blogs/compute/managing-aws-lambda-runtime-upgrades/

⚠️ Low-confidence

Review each and resolve as appropriate — these don't block the PR.

Style findings

Found by pattern-based linting; Findings may be false positives.

• line 164: [style] listicle heading — Numbered listicle H2 heading ('7. Containerize'). H2 numbered listicles are commonly seen in AI-drafted post structure; consider whether enumeration suits the content or whether the structure can flow more naturally. (Note: this post is intentionally a "10 more things" listicle — the numbered structure is the article's premise; safe to ignore.)
• line 168: [style] weasel word — 'several' is a weasel word!
• line 168: [style] wordiness — 'subsequent' is too wordy.
• line 168: [style] weasel word — 'mostly' is a weasel word!
• line 206: [style] listicle heading — Numbered listicle H2 heading ('9. Schedule'). H2 numbered listicles are commonly seen in AI-drafted post structure; consider whether enumeration suits the content or whether the structure can flow more naturally. (Same caveat as L164.)
• line 227: [style] listicle heading — Numbered listicle H2 heading ('10. Fix'). H2 numbered listicles are commonly seen in AI-drafted post structure; consider whether enumeration suits the content or whether the structure can flow more naturally. (Same caveat as L164.)

📋 Triaged verifier findings

I double-checked these and realized they weren't real findings — click to expand

• [L50] content/blog/10-more-things-you-can-do-with-neo/index.md — "Neo's plan mode returns the resources Neo will create, named and sized (ECS running on AWS Fargate, an ALB, and VPC wiring), then Neo writes the Pulumi program, runs a preview, and opens a PR." — verdict: unverifiable. Mis-sourced: the verifier compared this against the linked /blog/neo-plan-mode/ background article (which scopes Plan Mode to the planning/discovery step) and treated the body's full workflow narration as if it were attributed to that article. The body text already separates the two phases — "Plan mode comes back with the resources… Approve, and Neo writes the Pulumi program, runs a preview, and opens a PR" — so the "write program / preview / open PR" steps are the author's own description of what happens after approval, not a claim about Plan Mode's scope.

• [L61] content/blog/10-more-things-you-can-do-with-neo/index.md — "The blog post uses a specific example where the checkout endpoint's p95 latency climbs from 200ms to 1.2s." — verdict: unverifiable. Mis-sourced: the 200ms→1.2s numbers are an illustrative scenario the author wrote to anchor the section (the same way service:checkout and db.cluster=checkout-rds are illustrative), not a third-party assertion that needs a citation. This is the post's own narrative example, not a checkable claim.

• [L116] content/blog/10-more-things-you-can-do-with-neo/index.md — "The blog post states that production has 40 roles and half of them started with s3:*." — verdict: unverifiable. Mis-sourced: as the verifier's own intuition note acknowledges, the "40 roles, half with s3:*" figures are an illustrative scenario the author wrote to anchor the IAM-cleanup section — not a falsifiable third-party fact. Same shape as L61.

• [L248] content/blog/10-more-things-you-can-do-with-neo/index.md — "Agents open pull requests, investigate issues, and iterate on review feedback." — verdict: unverifiable. Mis-sourced: this is the author's own framing of the broader AI-agent landscape, not a third-party-attributed assertion. The "verification did not converge" outcome reflects that there isn't a single canonical source to test against — it's the topic-sentence of the closing argument, not a claim that needs a citation.

• [L248] content/blog/10-more-things-you-can-do-with-neo/index.md — "Over the past year, many product teams have stopped treating AI as a request-by-request assistant and started delegating to it outright, with agents opening pull requests…" — verdict: unverifiable. Mis-sourced: the verifier didn't account for the [^compostable] footnote this PR introduced on exactly this sentence — it adds an explicit example citation (Ewan Dawson, CTO of Compostable AI, in the Seven Rules for Building an AI-Native Software Factory post). The trend statement now has the supporting reference the verifier said was missing.

• [L262] content/blog/10-more-things-you-can-do-with-neo/index.md — "The original '10 things you can do with Neo' post covered scheduling Lambda runtime upgrades." — verdict: contradicted. Spurious: the footnote text being extracted reads "Also covered in the [original post]. Last year you could ask Neo to do it once. This year you can put it on a schedule." The footnote explicitly distinguishes on-demand (original) from scheduling (this post) — the extracted claim inverts that distinction. The post itself is asserting the opposite of what the verifier flagged.

💡 Pre-existing issues in touched files (optional)

• [L231] content/blog/10-more-things-you-can-do-with-neo/index.md — "…root user access keys that shouldn't exist (IAM.4), or CloudTrail not being enabled (CloudTrail.1)." — Pre-existing: this line is unchanged by the PR (the diff only retitled section 10's H2 on L227 from "Fix CIS Benchmark failures" → "Fix AWS CIS Benchmark failures"). The control IDs S3.1, IAM.4, CloudTrail.1 are AWS Security Hub's Foundational Security Best Practices (FSBP) control IDs; the CIS AWS Foundations Benchmark uses different rule numbering (e.g., root-access-key checks are 1.12 in CIS v1.2.0 / 1.4 in v1.4.0+). Worth fixing on a follow-up pass, but it's not in scope for this SEO keyword PR.

✅ Resolved since last review

No items resolved since the last review.

📜 Review history

• 2026-05-22T21:26:36Z — SEO/AEO keyword pass: 3 contradicted SEO additions (Datadog APM label, Jira automation phrasing, Lambda invocation-block claim); 5 unverifiable/contradicted extractions triaged as mis-sourced or spurious; 1 pre-existing CIS rule-ID mismatch on an untouched line. (5bbcbe9)

---

Need a re-review? Want to dispute a finding? Mention @claude and include #update-review.
(For ad-hoc questions or fixes, just @claude — no hashtag.)