Organic search traffic to krillswarm.com dropped after the 2026-06-30 SEO
commit (ad2bed7). That commit blanket-applied noindex,follow to every
page under /lessons/, treating them as “internal dev notes” — but the
lessons were the site’s long-tail search surface: hundreds of concrete bug
post-mortems (AGP bumps, ProGuard duplicate entries, shadowJar merges,
Roborazzi headless rendering) that people and agents find when they hit the
same error.
The noindex was applied as a confidentiality measure, but it never was one:
the pages are publicly served and linked (follow) regardless of indexing,
so anyone with a URL — or any crawler ignoring robots meta — could read them
either way. The only real effect was removing Google discoverability, i.e.
exactly the traffic the pages were generating. A content audit of all 263
lessons found no credentials, no real hostnames/IPs, no personal data; the
riskiest category (fixed-vulnerability post-mortems) is standard disclosure
practice once the fix has shipped.
docs/_layouts/lesson.html: lessons index by default; a rare sensitive
lesson opts out via noindex: true front matter. Per-page meta
description now derives from the lesson content (was: one identical
site-wide description on all 250+ pages).docs/assets/robots.txt: updated the /lessons/ comment to describe the
new default.docs/lessons/README.md: added a “Publication rules” checklist —
no secrets/tokens even in log pastes, no real hostnames or LAN IPs, no
exploit step-by-steps before the fixed release ships, and the
noindex: true + sitemap: false escape hatch.