Public Alpha Reopen Readiness

Public Alpha Reopen Readiness

Snapshot date: 2026-04-29

This page is the short gate for returning tinyland-inc/GloriousFlywheel to public alpha visibility.

Post-merge update: PR #419 landed the scrubbed public-alpha export seed at cacc9497617f8c2f096afb5152d16e8774dd8d14, TIN-551 is Done, and the default-branch proof package is green. That completes the safe export route. It does not clear direct full-repo visibility.

Current hygiene update: main is green at 8e46bf2b847a60f9f7672960a6e3be40df5d32af after PR #470. That proof keeps the public-alpha and implementation-overlay docs aligned after the ARC state-rehome closeout: the six Jess personal-boundary compatibility releases are now Jess-overlay-owned quarantine, not core-state residue, while #412 remains open for actual lane retirement. Earlier PRs #445 and #456 still define just check as the fast hygiene gate, keep heavyweight Nix/OpenTofu validation explicit through just check-full / just nix-check, route OpenTofu resolution through the repo-owned wrapper, and harden the local state-file handoff runbook. PR #444 proof still records the Docker placement boundary: stateless Docker CI can use sting, but kube-API mutation workflows such as ARC plan/apply remain honey-bound until sting control-plane reachability is proved.

Current Position

GloriousFlywheel is a working alpha implementation of a pooled, cache-first build and runner substrate. It is not a hosted service and it is not yet a complete remote-execution platform.

Current main proves:

  • source-repo dogfood on shared self-hosted runner lanes
  • Bazel shared-cache attachment through the repo-managed wrapper path
  • Attic/Nix acceleration as part of the live substrate
  • generated public-docs references and public-docs export scrub gates
  • green default-branch proof package and CI secret scanning
  • bounded local validation that does not accidentally turn every hygiene pass into a heavyweight Nix/OpenTofu build
  • stateless Docker runner placement relief on sting, with kube mutation deliberately retained on a honey-reachable capability lane

Current main does not yet prove:

  • universal full remote offload for every developer workload
  • hosted-workflow elimination across every GitHub control-plane job
  • forge-neutral mutation authority
  • native aarch64, riscv, Dawn/GPU, or localized warm-cache guarantees
  • a stable public external Bazel cache endpoint for arbitrary consumers

Public Alpha Thesis

The public alpha story should stay narrow:

  • run the platform yourself on Kubernetes
  • use capability-class runners, not repo-shaped runner labels
  • attach Nix and Bazel work to shared cache surfaces
  • use repo-managed wrappers and devshell entrypoints instead of heavy raw local toolchain work
  • treat advanced runner classes and remote-offload promises as roadmap work

Surface Model

Reopen Gates

Before flipping the GitHub repository back to public, verify:

  • just check passes, including dogfood-contract-audit
  • just public-alpha-visibility-report has no unresolved direct-visibility blockers, or the team has chosen a public export/mirror route instead of a direct visibility flip
  • node scripts/public-docs-export.js check passes
  • node scripts/public-docs-export.js check --manifest config/public-alpha-export.json passes
  • node scripts/generate-public-docs-reference.js check passes
  • node scripts/check-links.js --mode markdown passes
  • default-branch Secret Detection is green after the alpha-readiness PR lands
  • local gitleaks via Nix passed on 2026-04-27 after scanning 592 commits; current-tree --no-git mode also passed
  • root README.md states the alpha/product boundary without overclaiming
  • active docs/examples do not teach repo-specific runner labels, stale cache endpoints, or raw heavy Bazel as the normal path

Do not treat the full repo tree or Git history as already scrubbed for public visibility. For now, the sanitized future-public docs package is public-docs/, enforced by config/public-docs-export.json.

The direct visibility gate remains blocked. The current tree and Git history include internal downstream reporting and planning surfaces such as config/orgwide-enrollment-*.json, docs/research/, and historical docs/superpowers/plans/ content. Deleting those files from the current branch would not remove them from public Git history. Use config/public-alpha-visibility-gate.json and scripts/public-alpha-visibility-gate.js to keep this explicit.

Safe routes are:

  • publish a sanitized public alpha export or mirror with fresh public history using just public-alpha-export (recommended short-term)
  • rewrite history, validate main, then flip the canonical repository public
  • explicitly accept historical internal exposure before flipping visibility

Public Alpha Export

The executable short-term route is implemented and should remain green:

just public-alpha-export

That command writes .public-alpha-export/ from config/public-alpha-export.json. The export contains the conservative public-docs/ package, consumer examples, and a generated MIRROR.md with fresh-history publication instructions. It deliberately does not include the full root README, internal operator docs, management reports, or source Git history.

The check-only gate is:

just public-alpha-export-check

This route is narrower than direct repo visibility. It is the route to use while direct visibility remains blocked by current-tree or history exposure.

Bzlmod, Bazel, And Nix Boundary

  • The current repo is Bzlmod-based, but MODULE.bazel still uses the compatibility name attic-iac.
  • The overlay/Bzlmod compatibility kit belongs outside the main repo in Jesssullivan/bzl-cross-repo; it is not the primary alpha onboarding story.
  • That compatibility-kit decision did not create or replace the Tinyland or Jess Honey implementation-overlay authorities. Those authorities now exist in tinyland-inc/tinyland-infra and Jesssullivan/jesssullivan-infra, and both strict enrollment preflights pass against selected stable core 637b7167c400a842cdc7af0709b2251c0542a48a. The six selected Jess personal-boundary compatibility releases have moved out of core state and into the Jess overlay state. Overlay CI and preflight are proof of registration and cache/auth reachability; actual retirement of compatibility lanes remains separate #412 follow-through.
  • Consumer repos should use flake/devshell/direnv entrypoints plus a cache-backed Bazel wrapper.
  • BAZEL_REMOTE_CACHE must be operator-provided or runner-injected. The repo does not invent a public cache endpoint for arbitrary local sessions.
  • Current proof is shared cache acceleration, not full remote execution.

Immediate Mini-Sprint

The public-alpha mini-sprint closeout is:

  1. Keep dogfood contract drift guarded by just dogfood-contract-audit.
  2. Keep public-docs export, generated references, and link checks green.
  3. Keep the public-alpha mirror export reproducible from config/public-alpha-export.json.
  4. Keep Linear/admin surfaces pointed at the completed export route and the still-blocked direct visibility gate, not old completed boards.
  5. Scrub, rewrite, or explicitly accept internal downstream/reporting surfaces before any full repository visibility flip.
  6. Flip GitHub visibility only after the chosen direct-visibility route is recorded and the merged branch is green on main.

Open Follow-Up

  • Keep the source repo on the zero-exception hosted-runner rule for first-party CI, publication, status, and release workflows; do not treat downstream hosted compatibility debt as GloriousFlywheel dogfood evidence.
  • Decide the disposition of full-repo internal planning and downstream reporting files before the visibility flip.
  • Harden or replace the advisory-only devshell Bazel shim.
  • Repair remaining GitLab compatibility drift after the primary GitHub path is stable.
  • Define future proof packages for aarch64, riscv, Dawn/GPU, Chapel, heavy Hackage, and localized warm-cache guarantees.

GloriousFlywheel