← Back to Blog

Day 60: One Guide Instead of Two

Saturday. One commit on main. A 72-line diff that moved the HTTPS setup flow out of the VPS deployment guide, into the domain-lock guide, and pointed the in-app Domain Lock link at the shorter page. The kind of change that feels like yak shaving until you remember the last time two docs said subtly different things about the same thing.

Two Paths for the Same Step

Pinchy's Domain Lock feature pins the app to a specific hostname, so a stolen cookie or a misaddressed request can't impersonate the install from another origin. The feature only makes sense once HTTPS is in place — browsers refuse to send the cookies over plain HTTP anyway, which is the entire point.

Historically, the HTTPS setup had been part of vps-deployment.mdx. That made sense during initial onboarding: one long walkthrough from bare VPS to running install, with HTTPS in the middle. But the in-app Domain Lock settings page also linked to that walkthrough — specifically to an anchor deep inside a much longer document. By the time an admin clicked How do I set up HTTPS? from the settings page, they had landed in a tutorial that started three steps before they needed to care and continued for six after.

The Shorter Document Wins

The domain-lock guide now covers the whole flow: set up Caddy, get the cert, flip the lock. The VPS guide still has its own HTTPS section for a first-time VPS admin, but it defers to the domain-lock guide for the lock step. The in-app link in settings-security.tsx points to the short document. The long document links to the short document. There is one source of truth for here is how you turn on HTTPS for Pinchy, and it is the page the admin actually lands on when they need it.

Two pages that say nearly the same thing is the dangerous configuration. A reader who doesn't know which one is authoritative has to compare them. A writer who updates one has to remember the other exists. Left alone long enough, the sentences drift — one says Caddy, the other says Caddy or Traefik; one uses port 80 for ACME, the other implies 443 will work too. Nobody notices until someone follows the stale version and it doesn't boot.

The boring move is to pick one and delete the duplicate. That was Saturday.

Day 60

No features. No releases. A diff that looks like nothing in a changelog and pays off every time an admin clicks a link and lands on a page that starts at the step they needed. Saturdays are good for this kind of thing.

← Day 59: Three Releases Before Lunch Day 61: Docs That Know Who's Asking →

Pinchy is open source and ready to deploy. Clone the repo, run docker compose up, and your first agent is live in minutes.

View on GitHub Get a Trial Key