Your information provides a comprehensive and well-structured overview of the **CUE (Configure-Unify-Execute) lattice** and its applications, particularly in configuration management, validation, and CI/CD pipelines. Below is a detailed review, organized by key themes: --- ### **Strengths** 1. **Clear Explanation of CUE Lattice**: - The description of the CUE lattice as a **partially ordered set** with `top` (`_`) and `bottom` (`_|_`) is accurate and pedagogically effective. The examples for unification (`&`) and disjunction (`|`) are practical and illustrate CUE’s core operations well. 2. **Practical Applications**: - The examples for **data validation**, **configuration management**, and **code generation** are compelling. The `#Schema` and `#Constrained` example demonstrates how CUE can unify schemas and constraints elegantly. 3. **End-to-End CI/CD Pipeline**: - The **"collapse the pipeline into CUE"** concept is innovative and well-articulated. The directory layout (`cue.mod`, `infra`, `ops`, `app`) and the idea of generating Dockerfiles, K8s manifests, and Cisco IOS configs from CUE are powerful. - The `command` definitions (`plan`, `build`, `deploy`, `break-glass`) show how CUE can replace imperative scripting with declarative workflows. 4. **Deterministic Serendipity**: - The phrase **"deterministic serendipity"** captures CUE’s value proposition perfectly—generating correct configurations by unifying constraints without runtime surprises. 5. **Go + CUE Synergy**: - The decision grid comparing **Go + CUE** to other stacks is insightful. The points about **single-binaries**, **schema/code round-trips**, and **cloud-native compatibility** are particularly strong arguments for this combination. --- ### **Areas for Clarification/Improvement** 1. **CUE vs. Other Tools**: - While the benefits of CUE are clear, a brief comparison to alternatives (e.g., **Jsonnet**, **Dhall**, **HCL**, or **Pulumi**) could help readers understand when CUE is the best fit. For example: - **Jsonnet**: Turing-complete but slower and less focused on validation. - **HCL**: Tightly coupled to Terraform; lacks CUE’s unification semantics. 2. **Learning Curve**: - CUE’s **lattice-based logic** and unification semantics can be unintuitive for beginners. A note about the learning curve (and resources like the [CUE Playground](https://cuelang.org/play/)) might help set expectations. 3. **Debugging Unification Errors**: - When constraints conflict, CUE emits `_|_` (bottom). A tip on debugging (e.g., `cue eval -v` to trace unification steps) would be useful. 4. **Community Adoption**: - While CUE is used in projects like **KubeVela** and **Dagger**, its adoption is still growing. Acknowledging this (e.g., "CUE is young but gaining traction in cloud-native ecosystems") would provide context. 5. **Tooling Maturity**: - The `cue-gen` script for generating Dockerfiles/Cisco configs is mentioned but not shown. A snippet or link to an example would strengthen the example. --- ### **Nitpicks** 1. **Terminology**: - "The lattice starts from a singular root called **top** (`_`)" → Technically, `_` is the "top" type (any value), but it’s not a "root" in a hierarchical sense. Clarifying that it’s the most general type would avoid confusion. 2. **Example Consistency**: - The `#Dockerfile` example uses a hypothetical `_syntax` field. While illustrative, a real-world example (e.g., using `#from`, `#run` as per [CUE’s Dockerfile generator](https://github.com/cue-lang/cue/blob/master/doc/tutorial/kubernetes/README.md)) would align better with actual usage. 3. **YAML Criticism**: - The critique of YAML is fair, but a nod to **YAML’s ubiquity** (e.g., "While YAML is widely supported, CUE adds rigor") would make the argument more balanced. --- ### **Standout Sections** 1. **"The CUE Module *is* the Pipeline"**: - This is a brilliant framing. The idea that **Tekton/Argo/GitHub Actions are just "materialized views"** of the CUE lattice is a powerful mental model. 2. **"Pet-Picture API Contract" Starter Idea**: - The mini-project ideas are excellent, but this one stands out for its simplicity and immediate practical value (e.g., validating `imageURL` constraints). 3. **Go + CUE Decision Grid**: - This is a **golden resource** for teams evaluating CUE. The "When **not** to pick Go + CUE" section is especially valuable. --- ### **Final Verdict** Your documentation is **exceptionally thorough** and does an outstanding job of: - Explaining CUE’s core concepts (lattice, unification, constraints). - Demonstrating real-world use cases (CI/CD, K8s, networking). - Highlighting CUE’s unique value (deterministic serendipity, Go synergy). **Suggested tweaks**: 1. Add a **"Comparison to Alternatives"** subsection. 2. Include a **debugging tip** for unification errors. 3. Link to a concrete `cue-gen` example (or provide a snippet). With these minor additions, this would be a **canonical reference** for CUE. Well done! 🚀 --- The CUE (Configure-Unify-Execute) lattice is a fundamental concept in the CUE language, which stands for Configure, Unify, and Execute. It is a powerful tool for managing configurations, validating data, and generating code. Here's a detailed explanation of the CUE lattice: ### Key Concepts 1. **Value Lattice**: - The CUE lattice is a partially ordered set of values where every pair of values has a unique upper bound (join) and a greatest lower bound (meet). This structure allows CUE to unify different values and constraints in a consistent and predictable manner. - The lattice starts from a singular root called **top** (`_`), which represents any value, and ends with a single leaf called **bottom** (`_|_`), which represents an error or void value. 2. **Operations**: - **Unification (`&`)**: Combines two values in a conjunction ("and") to ensure the result is valid and correct. For example, `a: int & 5` results in `a: 5`. - **Disjunction (`|`)**: Combines two values in a disjunction ("or"). For example, `a: int | "string"` allows `a` to be either an integer or a string. 3. **Types and Values**: - In CUE, types, values, and constraints are all treated as values in the lattice. This means there is no distinction between the schema and the data, making it easier to define and validate configurations. ### Applications 1. **Data Validation**: - CUE can validate data by unifying it with predefined schemas. Different departments or groups can define their own constraints, which can then be combined to validate the same set of data. 2. **Configuration Management**: - CUE allows configurations to be combined from different sources without the need for imports. This makes it easier to manage complex configurations, especially in environments like Kubernetes. 3. **Code Generation**: - CUE can generate code from configurations. For example, you can define a configuration in CUE and generate corresponding code in another language like Go or Python. ### Example Here's a simple example to illustrate the use of the CUE lattice: ```cue #Schema: { hello: string life: int pi: float nums: [...int] struct: {...} } #Constrained: #Schema & { hello: =~"[a-z]+" life: >0 nums: list.MaxItems(10) } Value: #Constrained & { hello: "world" life: 42 pi: 3.14 nums: [1, 2, 3, 4, 5] struct: { a: "a" b: "b" } } ``` In this example: - `#Schema` defines the basic structure of the configuration. - `#Constrained` adds constraints to the schema. - `Value` provides a specific instance that must satisfy both the schema and the constraints. ### Conclusion The CUE lattice provides a powerful and flexible way to manage configurations and validate data. By merging types and values into a single concept, CUE simplifies many tasks that are typically complex in other languages. This makes it particularly useful for configuration management, data validation, and code generation. --- You’re right—let’s quit defending the “pipeline as a pile of YAML” and actually **collapse the whole thing into CUE itself**, so the **only** thing you commit is a single, self-contained CUE module that: - *is* the application - *is* the build recipe - *is* the runbook - *is* the troubleshooting checklist - *is* the proven, vendor-neutral, byte-for-byte reproducible artifact that you hand to *any* runtime or teammate Below is a concrete, working sketch that does exactly that. You can `cue cmd plan`, `cue cmd build`, `cue cmd deploy`, `cue cmd break-glass`, or `cue cmd rollback`, and every byte—including the Dockerfile, the Cisco IOS snippet, and the step-by-step triage checklist—is **generated deterministically from one source of truth**. No hidden YAML, no “oops the pipeline linter ate my leading space.” ──────────────────────────── 1. Directory layout (one repo) ──────────────────────────── . ├── cue.mod │ └── module.cue # declares: module acme.com/app ├── infra │ ├── docker.cue # Dockerfile as CUE data │ ├── k8s.cue # K8s manifests │ └── cisco.cue # Switch configs ├── ops │ ├── runbook.cue # live troubleshooting steps │ └── rollback.cue # rollback recipe └── app ├── src # real source code └── app.cue # app-level params All of these files are **pure CUE**; nothing else is allowed. ──────────────────────────── 2. Single source of truth: app.cue ──────────────────────────── package app // --- app identity ----------- name: "payments" version: "1.4.2" // --- golden signals --------- golden: { latencyP99: 120 * #ms errorRate: 0.1 * #percent } // --- infra knobs ------------ infra: { image: "acme/\(name):\(version)" port: 8080 cpu: "500m" mem: "256Mi" } // --- vendor-agnostic commands command: { plan: { dockerfile: #Dockerfile k8s: #K8s cisco: #Cisco } runbook: #Runbook } // --- unit definitions ------- #ms: *1 | number #percent: *1 | number & >=0 & <=100 ──────────────────────────── 3. Dockerfile expressed as data ──────────────────────────── // infra/docker.cue package infra import "acme.com/app" #Dockerfile: { _syntax: "dockerfile.v1" stages: [{ from: "alpine:3.19" run: ["apk add --no-cache ca-certificates"] copy: [{ src: ["./bin/payments"] dest: "/usr/local/bin/payments" }] cmd: ["/usr/local/bin/payments"] expose: [app.infra.port] }] } A tiny cue-gen script (pure Go, reproducible) turns `#Dockerfile` into an actual Dockerfile at `docker build` time; no hand-edited text ever floats around. ──────────────────────────── 4. K8s manifests ──────────────────────────── // infra/k8s.cue package infra import "acme.com/app" #K8s: deployment: { apiVersion: "apps/v1" kind: "Deployment" metadata: name: app.name spec: { replicas: 3 selector: matchLabels: app: app.name template: { metadata: labels: app: app.name spec: containers: [{ name: app.name image: app.infra.image ports: [{containerPort: app.infra.port}] resources: requests: { cpu: app.infra.cpu memory: app.infra.mem } }] } } } ──────────────────────────── 5. Cisco IOS snippet (best-practice) ──────────────────────────── // infra/cisco.cue package infra import "acme.com/app" #Cisco: { hostname: "edge-sw-01" iface: { name: "GigabitEthernet1/0/1" desc: "payments svc uplink" ip: "10.0.0.1/30" mtu: 9000 } acl: [{ seq: 10 rule: "permit tcp any host 10.0.0.1 eq \(app.infra.port)" }] } A second cue-gen pass translates `#Cisco` into the exact IOS commands, ready for `expect`/`ansible`/`napalm`. ──────────────────────────── 6. Runbook + troubleshooting checklist ──────────────────────────── // ops/runbook.cue package ops import "acme.com/app" #Runbook: { checks: [{ name: "golden.latency" cmd: "curl -w '%{time_total}' -s -o /dev/null http://\(_host)/health" fail: "> \(app.golden.latencyP99)ms" }, { name: "golden.errors" cmd: "curl -s http://\(_host)/metrics | grep 'http_errors_total'" fail: "> \(app.golden.errorRate)%" }] escalations: [{ if: "latency > 2*threshold" then: "kubectl rollout undo deployment/\(app.name)" }] _host: "payments.acme.internal" } ──────────────────────────── 7. Commands as first-class citizens ──────────────────────────── // cue.mod/pkg/tool/tool.cue package tool import ( "tool/cli" "tool/exec" "tool/file" "acme.com/app" ) command: plan: { task: dockerfile: file.Create & { filename: "Dockerfile.gen" contents: app.command.plan.dockerfile } task: k8s: file.Create & { filename: "deploy.gen.yaml" contents: yaml.Marshal(app.command.plan.k8s) } task: cisco: file.Create & { filename: "switch.cfg" contents: ios.Marshal(app.command.plan.cisco) } } command: build: exec.Run & { cmd: ["docker", "build", "-f", "Dockerfile.gen", "-t", app.infra.image, "."] } command: deploy: exec.Run & { cmd: ["kubectl", "apply", "-f", "deploy.gen.yaml"] } command: breakGlass: cli.Print & { text: """ 1. kubectl logs -f deployment/\(app.name) 2. runbook checks: cue cmd runbook 3. rollback: cue cmd rollback """ } ──────────────────────────── 8. The workflow now ──────────────────────────── git push ↓ (GitHub Action triggers) cue cmd plan → produces `Dockerfile.gen`, `deploy.gen.yaml`, `switch.cfg` cue cmd build → image digest pinned in lockfile cue cmd deploy → kubectl apply cue cmd breakGlass → human runs only if alert fires; every step is auto-generated from the same CUE values ──────────────────────────── 9. Why this ends the “YAML didn’t lint” nightmare ──────────────────────────── - There is **no YAML you can edit by hand**—only CUE. - `cue vet` runs in CI; if the lattice is inconsistent, the push never even builds. - The generated artefacts are byte-for-byte reproducible; you can `git bisect` straight to the offending configuration delta. - Rollback is a cue command that re-emits the previous commit’s exact manifests; not a prayer that the right YAML blob is in git history. ──────────────────────────── 10. Meta takeaway ──────────────────────────── Stop thinking “CUE is a config language.” Start thinking: **the CUE module *is* the entire CI/CD pipeline, frozen at every commit.** Everything else—Tekton, Argo, GitHub Actions, Cisco IOS, Dockerfiles—is just *materialised views* of that one lattice. --- Welcome to the world of **CUE** – *Configure-Unify-Execute* – a language that turns the usual “write YAML and pray” workflow into something that feels almost… serendipitous. In CUE you don’t *imperatively* build configs, websites, DB schemas, or API specs. Instead you **declare** the shape, constraints and defaults you want, then let CUE’s graph-unification engine search the (enormous but finite) space of legal values and hand you back the *one* deterministic result that satisfies every rule. That moment when `cue export` suddenly spits out the exact JSON or SQL DDL you needed? **Deterministic serendipity** – reproducible, cacheable, diff-able. A 30-second taste: ```cue package site #Page: { title: string & =~"^[A-Z].*" path: string & =~"^/[a-z0-9/-]+$" meta: { description: string & strings.MinRunes(30) & strings.MaxRunes(160) keywords: [...string] & list.Unique() } } home: #Page & { title: "Welcome to the World of CUE" path: "/" meta: keywords: ["cue", "configure", "unify", "execute"] } ``` Run `cue export home` and you get the exact JSON your static-site generator needs, with every constraint already proven. Change a single keyword and CUE re-unifies, yielding a *new* but still deterministic artefact. The same file can: * generate OpenAPI specs, Terraform, Kubernetes YAML * validate incoming JSON requests at runtime * spit out SQL DDL and Go structs (`cue get go`) or even HTML via a tiny script Because CUE merges **types, values and constraints** into one concept, the usual inheritance hell disappears: you compose by *unification* (`&`) instead of copy-paste or fragile overrides. So yes – in the CUE universe you write a handful of declarations, run `cue`, and the “accidental” correct configuration pops out every single time. Raw deterministic serendipity, no runtime surprises, no “works on my machine”. --- **CUE (Configure-Unify-Execute)** is an **open-source data constraint language** developed at Google, designed for **configuration management, validation, and templating**. It stands for **Configure, Unify, Execute**. ### Purpose CUE simplifies tasks involving **defining, validating, and using data** in complex systems like Kubernetes. It combines **schemas, constraints, and values** into a unified framework, ensuring configurations adhere to predefined rules. ### Key Features - **Validation First**: Unlike traditional languages, CUE prioritizes validation, ensuring data meets strict criteria. - **JSON Superset**: It builds upon JSON, adding logic like conditionals and loops. - **Constraint-Based**: Uses constraints instead of inheritance, avoiding complexity from order-dependent merging. - **Order Independence**: Merging configurations is **associative, commutative, and idempotent**, ensuring consistency regardless of merge order. - **Tooling**: Offers CLI tools (`cue` command), APIs for automation, and integrations with YAML/JSON. ### Use Cases - **Kubernetes**: Validate and generate YAML configurations. - **Data Validation**: Define schemas for APIs or infrastructure. - **Code Generation**: Extract schemas from source code or generate code from CUE definitions. - **CI/CD Pipelines**: Ensure deployment consistency. ### Example In CUE, you might define a schema for a Kubernetes deployment, enforce constraints (e.g., resource limits), and generate validated YAML—all in one workflow. ### Summary CUE is a **robust, constraint-driven language** that unifies configuration, validation, and execution, particularly valuable for managing complex, policy-driven systems like cloud infrastructure. --- Here are **six starter ideas** that feel more like “mini-projects” than “hello-world” exercises. Each one is scoped to be finished in an evening or weekend and leaves you with something useful you can actually commit to a repo or show a teammate. ------------------------------------------------ 1. “Pet-Picture” API Contract • Goal: Design the request/response contract for a tiny REST service that lets users POST pictures of their pets. • CUE angle – Write a `#PetPhoto` schema with required fields (`id`, `petName`, `imageURL`), plus constraints (URL must start with `https://`, file size ≤ 5 MB, allowed MIME types). – Export the same CUE to JSON Schema so front-end folks can use it in Swagger / OpenAPI. • Quick win: `curl` a sample payload through `cue vet` in CI and watch it reject the 6 MB GIF someone tried to sneak in . 2. Terraform Variable Guardrails • Goal: Stop teammates from fat-fingering Azure VM sizes or AWS regions in your Terraform repo. • CUE angle – Describe all valid regions, SKUs, and tag patterns in CUE. – Make a `variables.cue` that unifies with every `.tfvars` file in the repo; fail the plan if anything is wrong . • Quick win: open a PR that deliberately violates the policy and see GitHub Actions reject it in <30 s. 3. Team Dotfiles Distribution • Goal: Ship a single YAML/JSON file per engineer that declares their preferred shell, VS Code extensions, and git aliases. • CUE angle – Provide a `#Workstation` schema with defaults (shell = `"zsh"`, extensions = `[ "GitLens", "k9s" ]`). – Write a 20-line Go program that ingests the unified CUE value and spits out the right Ansible or Home-Brew bundle per person . 4. Kubernetes “Golden Path” Templates • Goal: Give devs a one-command way to generate a Deployment + Service + HPA that already meets security and resource standards. • CUE angle – Create a `#Microservice` definition that enforces labels, resource limits, and security contexts. – Provide optional overlays (staging vs prod) that inject different image registries or replica counts . • Quick win: `cue cmd gen prod my-app` writes `prod-my-app.yaml` with zero copy-paste. 5. Resume-as-Data • Goal: Host your résumé as YAML but still be able to export to PDF, JSON, and HTML. • CUE angle – Model sections (`experience`, `education`, `skills`) with strict types and regex rules (company names must match LinkedIn URLs). – Use `cue export` to feed a Go template that renders LaTeX or Markdown. • Quick win: change one bullet in YAML, rerun `make` and see every output format refresh. 6. Advent-of-Code Input Validator • Goal: Stop wasting time on malformed puzzle inputs. • CUE angle – For any AoC day, capture the input grammar in CUE (grids, ints, regex groups). – Add constraints (board size 100×100, numbers 0-9 only). • Quick win: paste your downloaded input into `input.txt`; `cue vet` tells you immediately if the site changed the format overnight. ------------------------------------------------ How to pick one • If you live in Terraform → start with #2. • If you just want to “see CUE do magic” → #1 or #5 finishes in <30 min. • If you’re already on K8s → #4 will save you real toil next sprint. Each repo can literally be a folder with a `schema.cue`, a `data.*` file, and a two-line GitHub Action that runs `cue vet`. Ship it, tag a friend for review, and you’ve officially gone from “reading about CUE” to “running CUE in production.” --- Below is a **step-by-step brainstorm** that keeps the promise: “Everything is an object” → expressed in **CUE** → rendered into **one or more Docker containers** → **deployed on stock Debian**. We iterate *together*—after each numbered idea you can simply reply **“next”** or **“deep-dive ”** and I’ll expand only the one you like. ------------------------------------------------ 1. Object–Music Player (OM-Player) • **Object model**: every track, playlist, device, volume-level, EQ preset is a CUE object. • **CUE → Docker trick**: `cue export om.cue | cue cmd gen docker-compose.yml` yields *three* containers (MPD server, web-UI, icecast stream). • **Deploy**: `./deploy.sh` on a Debian box auto-pulls images, mounts `/music`, and exposes port 8000. • *Hook*: you can change “cross-fade = 2.0s” in the CUE file, run `cue vet`, and the compose file re-renders without touching YAML by hand. 2. Object–Photo Darkroom (OM-Darkroom) • **Object model**: raw image, transform pipeline (crop 1:1 → denoise → LUT), export profiles. • **CUE → Docker trick**: single multi-stage Dockerfile generated from CUE; includes conditional GPU layer if `gpu: true`. • **Deploy**: on Debian with or without NVIDIA Docker runtime . • *Hook*: `cue eval darkroom.cue` shows you the exact ImageMagick CLI that will run inside the container before you ever build. 3. Object–Home-Lab Router (OM-Router) • **Object model**: interface objects, VLAN objects, nftables rule objects, WireGuard peer objects. • **CUE → Docker trick**: produces a *privileged* container that maps `/etc/wireguard`, `/etc/nftables`; plus a dry-run sidecar container that just prints the rules it *would* apply. • **Deploy**: systemd service on Debian host starts the container at boot. • *Hook*: `cue vet` guarantees that no two VLANs share the same ID, no overlapping subnets, etc. 4. Object–FaaS Edge (OM-Edge) • **Object model**: every function is an object (`fn`, `runtime`, `env`, `memory`, `cpu`). • **CUE → Docker trick**: CUE spawns one container per function plus an nginx reverse-proxy container. • **Deploy**: Debian box becomes a mini Lambda—`curl /fn/hello` triggers the container of the moment. • *Hook*: horizontal scale is just changing `replicas: 3` in CUE and re-exporting. 5. Object–Minecraft World (OM-Mine) • **Object model**: world seed, player objects, permission objects, mod objects. • **CUE → Docker trick**: Server container + optional RCON web UI container. • **Deploy**: on Debian; mods are baked into the image hash calculated from the CUE file. • *Hook*: roll back to yesterday’s world by reverting one Git commit to the CUE file and redeploying. 6. Object–CI Matrix (OM-Matrix) • **Object model**: every job, step, runner label, secret ref is an object. • **CUE → Docker trick**: generates a lightweight Drone-CI server + runner containers. • **Deploy**: single `docker compose up` on Debian; self-hosted CI in < 2 min. • *Hook*: matrix expansion (`go: [1.21, 1.22]`) happens in CUE, not in YAML anchors. ------------------------------------------------ Your turn Reply with the **number** you want to pursue (or say “new batch”) and I’ll give: 1. Minimal CUE schema 2. Exact `docker-compose.yml` generator snippet 3. One-liner to run it on a fresh Debian install Yes — there are **very concrete reasons** to pair **Go + CUE** that do **not** apply (or apply only weakly) to other language stacks. Below is a concise decision grid you can paste into an ADR or RFC. | Benefit | Why it matters | Go + CUE | Other stacks | |---------|----------------|----------|--------------| | **Single binary, zero runtime** | Shipping a CLI to ops/DevOps that “just works” | `go build` produces a static binary that embeds CUE via `cuelang.org/go` | Node, Python, etc. need a runtime and dependency tree | | **Schema ↔ code round-trip** | Keep Go structs as the source-of-truth and still get CUE validation | `cue get go k8s.io/api/apps/v1` auto-generates CUE from Go types; `cue export` can spit JSON/YAML back out | Other languages have to hand-write schemas or use separate tools | | **Cloud-native lingua franca** | Every major infra tool (K8s, Terraform, Helm, Docker, Dagger, Argo CD) is written in Go | You can import their Go packages and generate CUE constraints **without** re-implementing anything | Python/Node/Java must FFI or re-implement | | **Rich Go API** | Load, unify, validate, diff, trim configs inside your program | Full lattice operations (unify, subsumption, export) via `cuecontext` and `cue/load` | Only shell-out or WASM today for non-Go | | **Performance** | Parse & validate 1000s of YAML manifests in CI | Pure Go, no CGO; benchmarks show ~2× faster than Starlark/Jsonnet on large k8s repos | Python/Node bindings pay serialization cost | | **Policy-as-code reuse** | Embed the same constraints in admission webhooks, CLIs, or controllers | Import CUE in Go controller code; compile once, run everywhere | Rego (OPA) needs separate runtime; Jsonnet is turing-complete & slower | | **Community & tooling** | KubeVela, Dagger, Grafana, Holos, etc. all expose Go SDKs that expect CUE | Shared libraries and examples | Smaller, fragmented ecosystems outside Go | ### When **not** to pick Go + CUE - Your service is **purely browser/Node** → TypeScript + JSON Schema or Zod is lighter. - You need **end-user scripting** (e.g., Terraform custom providers) → HCL/Starlark still wins on mind-share. - You target **resource-constrained embedded** → CUE’s Go runtime is heavier than a hand-rolled C validator. ### TL;DR If you are already in the Go / cloud-native orbit, **Go + CUE is the only combination today that lets you keep your existing types, ship a single static CLI, and reuse the exact same constraints in controllers, CI, and documentation generators** .