docs: enforce Sphinx -W in CI (Sphinx cleanup PR 3)

[igerber]

Summary

Adds a `sphinx-build` job to `.github/workflows/docs-tests.yml` that runs `make -C docs html SPHINXOPTS="-W"` so any Sphinx warning becomes a build failure. This locks in the 0-warning state PR #410 achieved across the 3-PR Sphinx cleanup wave (PR #405: 86 ERRORs → 0; PR #407: 2,170 → 635 WARNINGs; PR #410: 635 → 0).

The job mirrors the RTD build at `.readthedocs.yaml`: Python 3.11, `pandoc` apt package for nbsphinx, and the same docs extras pinned in `pyproject.toml [project.optional-dependencies.docs]`. Skips the maturin/Rust build (docs/conf.py imports diff_diff via sys.path from checked-out source, matching RTD).

Also adds `tutorials/21_had_pretest_workflow` to the `Tutorials: Business Applications` toctree at `docs/index.rst:84`. PR #409 landed this notebook without a toctree entry; the local smoke test of `-W` caught it before push.

Methodology references

• N/A - CI workflow + one-line toctree addition; no methodology changes.

Validation

• Tests added/updated: No test changes. New `sphinx-build` job validates the docs build itself.
• Backtest / simulation / notebook evidence: Local smoke `make -C docs html SPHINXOPTS="-W"` succeeded (initial run failed only on the T21 toctree gap, fixed in this PR).

Security / privacy

• Confirm no secrets/PII in this PR: Yes

[github-actions]

Overall Assessment

✅ Looks good — no unmitigated P0/P1 findings. One non-blocking P2 CI coverage gap is noted.

Executive Summary

• No estimator, math, variance/SE, weighting, assumptions, or defaults are changed.
• Methodology registry check found the linked T21 tutorial is already documented as shipped in PR Tutorial 21: HAD pre-test workflow (composite QUG + Stute + Yatchew) #409.
• The new Sphinx job matches the RTD Python version, pandoc dependency, and docs/runtime dependency set.
• The toctree entry points to an existing notebook path.
• P2: .readthedocs.yaml is a mirrored docs-build surface but is not included in docs-tests.yml path filters.

Methodology

Finding: No methodology defect
Severity: P3 informational
Impact: The PR changes docs CI and navigation only. docs/methodology/REGISTRY.md:L2556 already documents docs/tutorials/21_had_pretest_workflow.ipynb; no new estimator behavior or paper-adherence issue is introduced.
Concrete fix: None.

Code Quality

Finding: No code quality defect
Severity: P3 informational
Impact: The workflow is straightforward and consistent with the existing ready-for-CI gating pattern.
Concrete fix: None.

Performance

Finding: No performance defect
Severity: P3 informational
Impact: The added Sphinx job will add CI time, but that is expected for enforcing warning-free docs.
Concrete fix: None.

Maintainability

Finding: No blocking maintainability defect
Severity: P3 informational
Impact: The install command is duplicated between .github/workflows/docs-tests.yml:L85-L95 and .readthedocs.yaml:L13-L21, but this is intentional in the PR and mirrors the existing RTD setup.
Concrete fix: Optional future cleanup only: centralize docs dependency installation if drift becomes frequent.

Tech Debt

Finding: No new untracked blocker
Severity: P3 informational
Impact: No new deferred correctness or methodology debt is introduced.
Concrete fix: None.

Security

Finding: No security issue found
Severity: P3 informational
Impact: No secrets, credentials, or elevated token permissions are introduced; workflow permissions remain contents: read.
Concrete fix: None.

Documentation/Tests

Finding: RTD config-only changes will not trigger the new docs build
Severity: P2
Impact: The new Sphinx job explicitly mirrors .readthedocs.yaml, but the workflow path filters include docs/**, diff_diff/**, pyproject.toml, and the workflow file only; .readthedocs.yaml is omitted. A future PR changing only RTD Python version, apt packages, or post-install docs dependencies would skip this GitHub docs-build guard. See .github/workflows/docs-tests.yml:L6-L26 and .readthedocs.yaml:L6-L25.
Concrete fix: Add .readthedocs.yaml to both push.paths and pull_request.paths in .github/workflows/docs-tests.yml.

Validation note: I did not run make -C docs html SPHINXOPTS="-W" because this review environment is read-only and the Sphinx build writes under docs/_build. Static audits covered the changed workflow, RTD mirror, docs extras, toctree target, methodology registry, TODO carve-outs, sibling workflow surfaces, and pattern-wide inference grep.

[igerber]

/ai-review

[github-actions]

🔁 AI review rerun (requested by @igerber)

Head SHA: 35ad65be46cf8b9c0e5f0376762d4e69cc60277d

---

Overall Assessment

✅ Looks good — no unmitigated P0/P1 findings. The previous P2 path-filter gap is resolved.

Executive Summary

• Re-review finding addressed: .readthedocs.yaml now triggers the docs workflow on both push and PR events.
• No estimator, math, weighting, SE/variance, assumptions, or defaults changed.
• The Sphinx job mirrors RTD’s Python version, pandoc dependency, and install command.
• The new toctree entry points to an existing tutorial, already documented in the methodology registry.
• Completeness audits covered sibling push/PR filters, RTD mirror dependencies, workflow guard symmetry, transitive docs-build files, and an inference-pattern grep; no blocking issues found.

Methodology

Finding: No methodology defect
Severity: P3 informational
Impact: This PR changes docs CI and docs navigation only. The added T21 tutorial entry is already registered in docs/methodology/REGISTRY.md:L2556, and no estimator or cited-method implementation surface is modified.
Concrete fix: None.

Code Quality

Finding: Workflow structure is consistent with existing CI gating
Severity: P3 informational
Impact: The new sphinx-build job uses the same ready-for-ci PR guard pattern as the existing docs snippet job at .github/workflows/docs-tests.yml:L70-L75. A dry-run confirmed make -C docs html SPHINXOPTS="-W" expands to sphinx-build -M html "." "_build" -W.
Concrete fix: None.

Performance

Finding: Expected CI runtime increase from Sphinx build
Severity: P3 informational
Impact: The new job at .github/workflows/docs-tests.yml:L70-L101 adds a docs build, but that is the intended enforcement mechanism for warning-free docs.
Concrete fix: None.

Maintainability

Finding: RTD mirror is now covered by workflow triggers
Severity: P3 informational
Impact: The prior gap is fixed: .readthedocs.yaml is included in both push.paths and pull_request.paths at .github/workflows/docs-tests.yml:L16-L18 and .github/workflows/docs-tests.yml:L29-L31. The install command matches .readthedocs.yaml:L13-L21 and pyproject.toml:L47-L75.
Concrete fix: None.

Tech Debt

Finding: No new untracked tech debt
Severity: P3 informational
Impact: No new deferred methodology, correctness, or docs-build limitation is introduced. The pre-existing unrelated-label CI retrigger issue remains tracked in TODO.md:L121-L123.
Concrete fix: None for this PR.

Security

Finding: No security issue found
Severity: P3 informational
Impact: The workflow keeps permissions: contents: read at .github/workflows/docs-tests.yml:L38-L39; no secrets, credential handling, or elevated token permissions are added.
Concrete fix: None.

Documentation/Tests

Finding: Prior docs-build coverage gap resolved
Severity: P3 informational
Impact: RTD config-only changes now trigger the workflow. The added toctree entry at docs/index.rst:L75-L84 points to an existing docs/tutorials/21_had_pretest_workflow.ipynb file; I verified existence without loading notebook JSON.
Concrete fix: None.

Validation note: I did not run the full Sphinx build because this review workspace is read-only and the real build writes under docs/_build; static and dry-run audits passed.