GloriousFlywheel Hosted Exception Policy 2026-04-17

Snapshot date: 2026-04-17

Purpose

Define when a GitHub-hosted path is acceptable, when it is only a temporary bridge, and when it directly breaks a runner-dogfood claim.

Companion notes:

• gloriousflywheel-exception-register-and-promotion-rules-2026-04-17.md
• gloriousflywheel-tier-scorecard-and-template-remediation-2026-04-17.md
• gloriousflywheel-contract-rollout-pr-stack-2026-04-17.md
• gloriousflywheel-rollout-gates-and-failure-modes-2026-04-17.md

Core Rule

A hosted path is not automatically a problem.

It becomes a problem when the hosted path still owns the same user-visible or repo-authoritative path we are trying to describe as GloriousFlywheel dogfood.

That gives three real classes:

1. durable hosted policy exception
2. bounded hosted external-authority exception
3. claim-breaking hosted drift

Exception Classes

Class A: Durable Hosted Policy Exception

Definition:

• the path is intentionally GitHub-hosted
• the path is outside the self-hosted runner contract we are claiming
• the hosted choice is stable and acceptable, not a migration failure

Typical reasons:

• GitHub-native publication or deploy authority
• hosted OIDC or GitHub Pages integration
• public-network or external-URL checking that is more honest from hosted infrastructure

Examples:

• GloriousFlywheel GitHub Pages deploy
• GloriousFlywheel GitHub Release creation
• GloriousFlywheel FlakeHub publish
• GloriousFlywheel external link checking
• yt-text docs deploy when the issue is specifically Pages OIDC/routing

Effect on reporting:

• does not disqualify a narrower self-hosted claim for a different path
• must still be named explicitly

Class B: Bounded Hosted External-Authority Exception

Definition:

• the repo has a real self-hosted contract for one surface
• a different authority path remains hosted because it belongs to another system or deployment boundary
• the hosted path can remain acceptable only if the repo claim is narrowly scoped

Typical reasons:

• external SaaS deploy authority
• cloud-specific deploy tooling
• non-package release authority kept outside the GF runner contract

Examples:

• acuity-middleware
  • package CI and publish on repo-owned GF lane
  • Modal deploy hosted separately

Effect on reporting:

• repo remains Tier X hybrid
• acceptable only if status surfaces say exactly which path is self-hosted and which remains hosted

Class C: Temporary Migration Bridge

Definition:

• the hosted path is not inherently GitHub-native
• it is currently hosted because migration is incomplete
• the repo can still be discussed honestly, but not as homogeneous dogfood

Typical reasons:

• authoritative CI path not yet moved
• staging or deploy lane still on hosted while the rest of the repo moved
• template contract not yet explicit enough to migrate safely

Examples:

• tinyland.dev Bazel CI on ubuntu-latest
• tinyland.dev staging deploy on ubuntu-latest
• GloriousFlywheel branch-gated proof as a bridge before default-branch proof

Effect on reporting:

• repo stays hybrid
• migration work remains active

Class D: Claim-Breaking Hosted Drift

Definition:

• the hosted path still owns the same dogfood or product-proof path we are using to claim GloriousFlywheel runner health
• failure on the hosted path can still masquerade as platform failure

Typical reasons:

• post-deploy checks still hosted
• beta or smoke validation still hosted
• template fallback still silently routes the claimed package path to hosted

Examples:

• MassageIthaca beta and alpha post-deploy validation until PR #189 lands
• any repo reported as self-hosted package dogfood while js-bazel-package still silently falls back to ["ubuntu-latest"]

Effect on reporting:

• repo must not be counted as clean dogfood for that path
• PM surfaces should describe the hosted path as the blocker, not as generic CI flakiness

Repo-Level Application

GloriousFlywheel

Hosted paths:

• Pages deploy
• FlakeHub publish
• release and image publication
• some default-branch validation jobs

Policy read:

• Pages, FlakeHub, and release publication can be durable hosted policy exceptions
• hosted validation remains a temporary bridge until source default-branch proof is real

MassageIthaca

Hosted paths:

• beta and alpha post-deploy validation on current active branch

Policy read:

• claim-breaking hosted drift

Reason:

• those jobs are part of the same visible product dogfood proof path

yt-text

Hosted path:

• docs deploy

Policy read:

• durable hosted policy exception if the repo claim stays about heavy-Nix CI and not end-to-end docs publication

acuity-middleware

Hosted path:

• Modal deploy

Policy read:

• bounded hosted external-authority exception

Reason:

• package CI and publish can still prove the repo-owned runner contract
• but the repo remains hybrid until deploy authority is either migrated or permanently bounded

tinyland.dev

Hosted paths:

• Bazel CI
• nix-check
• staging deploy

Policy read:

• temporary migration bridge today
• claim-breaking drift if the repo is reported as a clean product dogfood repo

scheduling-kit

Hosted paths:

• none in the inspected package CI and publish path

Policy read:

• this is why it is the first clean V2 pilot

Reporting Rules

Allowed Sentence: acuity-middleware

”acuity-middleware is a self-hosted package-contract pilot with a named hosted Modal deploy exception.”

Not Allowed Sentence: acuity-middleware

”acuity-middleware is now a fully dogfooded GloriousFlywheel product repo.”

Allowed Sentence: yt-text

”yt-text is a real self-hosted heavy-Nix canary; docs deploy remains a hosted Pages exception.”

Not Allowed Sentence: MassageIthaca

”MassageIthaca is a clean runner-dogfood repo while beta validation still runs on ubuntu-latest.”

Decision Matrix

Recommendation

Use this sentence as the policy test:

“Is the hosted path outside the exact path we are claiming as GloriousFlywheel runner dogfood?”

If yes:

• it may be a durable or bounded exception

If no:

• it is still drift and should block the claim