GloriousFlywheel Program Surface 2026-04-15

Snapshot date: 2026-04-15

Purpose

Capture the current planning and project-management surface for GloriousFlywheel only.

Public status now lives in ../current-state.md. This note is the deeper execution and evidence companion, not the primary public status page.

Use README.md in this directory as the note index and canonicalization layer.

This note should be read alongside the smallest active companion set:

• gloriousflywheel-cleanup-structure-2026-04-17.md
• gloriousflywheel-post-209-pr-slice-map-2026-04-16.md
• gloriousflywheel-backend-target-state-2026-04-16.md
• gloriousflywheel-honey-onprem-rollout-2026-04-16.md
• gloriousflywheel-builder-runtime-sprint-priorities-2026-04-16.md
• gloriousflywheel-clean-derivation-promotion-workflow-2026-04-15.md
• gloriousflywheel-downstream-adoption-and-migration-kit-2026-04-16.md

Current Baseline

Repo baseline from direct inspection on 2026-04-15:

• workflows: 8
• composite actions: 3
• tofu stacks: 4
• tofu modules: 17
• lingering attic-iac / Attic IaC / attic-cache references: 185
• stale fuzzy-dev cache references: 10
• GitLab-state-related references: 78
• files with identity drift: 45
• files with GitLab coupling: 135
• files with explicit state-backend semantics: 17
• non-research FlakeHub / clean-derivation refs: 0

Historical GitHub baseline on 2026-04-15:

• open PRs: 1
• reset-milestone open issues: 7
• active public milestones: 7 (M#6 through M#12)
• reset milestone issue range: #167 through #173

GitHub live status verified on 2026-04-16:

• open GitHub milestones: 0
• #169 closed on 2026-04-16 at 12:32:21Z
• #172 closed on 2026-04-16 at 12:37:11Z
• #208 closed on 2026-04-16 at 16:56:05Z
• #209 merged on 2026-04-16
• the #167 to #173 range is now a historical closeout tranche, not the active execution lane for on-prem rollout work
• PR #209 feat(honey): migrate IaC stacks to on-prem honey cluster established the merged rollout baseline for honey
• live follow-on GitHub ownership also now exists for the adjacent planning lanes:
  • #210 Inventory first downstream adoption tranche and publish migration kit
  • #211 Define GitHub-first primary surface with GitLab and Codeberg compatibility boundaries
  • #212 Benchmark GloriousFlywheel runners against GitHub-hosted and commercial baselines
  • #213 Harden honey runner workspace hygiene and stale checkout recovery
  • #215 Define FlakeHub publication RFC and clean builder-facing runtime boundaries
• #214 Audit honey runner memory envelopes and placement for Rust-heavy CI is now historical closeout work: the heavy lane is live, baseline auth drift is fixed, and the remaining deadnix failure was split into #225 and closed
• current cleanup-adjacent open issue set is now: #210, #211, #212, #213, #215, #66, and #44
• new downstream dogfood evidence now also exposes a honey runner-host hygiene class of failure: stale read-only files in persistent _work/ directories can kill actions/checkout before repo code runs
• another downstream dogfood signal now shows a runner-envelope ambiguity: Rust-heavy clippy can be SIGKILLed inside the default tinyland-nix runner pod even though aggregate honey cluster capacity is much larger
• the current builder-side follow-on note for that ambiguity now lives in gloriousflywheel-nix-builder-bootstrap-and-scaling-options-2026-04-16.md
• the dev ARC additive policy now includes tinyland-nix-heavy as the first repo-owned heavy Nix canary for memory-heavy Rust/Nix workloads
• the near-term builder/runtime sprint focus is now explicit too:
  • live rollout and validation of tinyland-nix-heavy on honey
  • normalization of workflow-owned Nix bootstrap
  • FlakeHub cleanup and a narrower later RFC for publication/discovery
• current open-PR reality is now 0
• the in-repo research and execution notes remain the canonical repo-local companion surface for the still-partially-local honey deployment push
• backend target direction is now explicit in gloriousflywheel-backend-target-state-2026-04-16.md: current repo support is still generic HTTP init, but the target family for honey rollout convergence is environment-owned S3-compatible state on honey
• repo-footprint, direct-adoption, forge-parity, and competitive-reality findings now live in gloriousflywheel-adoption-forge-and-competitive-reality-2026-04-16.md
• the direct follow-on planning notes now live in:
  • gloriousflywheel-downstream-adoption-and-migration-kit-2026-04-16.md
  • gloriousflywheel-runner-benchmark-methodology-2026-04-16.md
  • gloriousflywheel-github-first-forge-parity-2026-04-16.md
  • gloriousflywheel-post-209-pr-slice-map-2026-04-16.md
• root init and stack-example surfaces now also encode that backend-family boundary explicitly: current inputs still feed backend "http", so later S3-compatible migration will require stack backend changes rather than only new config files

Repo-footprint and direct-adoption reality verified on 2026-04-16:

• tinyland-inc: 136 total repos, 117 non-forks
• Jesssullivan: 250 total repos, 147 non-forks
• combined footprint: 386 total repos, 264 non-forks
• current direct GitHub workflow adoption of tinyland-* runner labels is visibly present in 12 repos:
  • tinyland-inc/GloriousFlywheel
  • tinyland-inc/betterkvm
  • tinyland-inc/blahaj
  • tinyland-inc/ironclaw
  • tinyland-inc/lab
  • tinyland-inc/tinyland.dev
  • Jesssullivan/XoxdWM
  • Jesssullivan/fuzzy-crush
  • Jesssullivan/remote-juggler
  • Jesssullivan/tinyclaw
  • Jesssullivan/tinyland-hexstrunk
  • Jesssullivan/yt-text
• combined direct label-use evidence currently spans 51 workflow-file hits across those 12 repos
• current direct workflow use of tinyland-inc/GloriousFlywheel/.github/actions/... is visibly downstream in Jesssullivan/XoxdWM
• no current visible Jesssullivan/GloriousFlywheel/.github/actions/... workflow references were found in this pass
• the narrower operational first migration tranche remains 5 repos: GloriousFlywheel, blahaj, lab, tinyland.dev, and XoxdWM

Meaning:

• the addressable repo footprint is large, but the immediately exposed migration surface is currently much smaller than the raw repo count suggests
• the repo should distinguish between the broader 12-repo direct usage surface and the narrower 5-repo first migration tranche
• the active repo-local program now has one rollout P0 and three adjacent planning lanes in GitHub, plus two live runner-platform hygiene lanes, not just a single catch-all issue

Current live PR reality:

• open PR count is now 0
• PR #209 is merged, so the remaining rollout, backend-authority, dashboard, and PM/doc convergence work is back to issue-driven and local-slice driven
• follow-on work should be split into reviewable slices rather than reopening old foundation-PR coordination narratives

Recommended current slice map:

• rollout lane: post-#209 follow-on slices for backend authority, operator-path convergence, and honey rollout hardening
• dashboard lane: auth, control, and audit work as a separate reviewable slice
• PM/docs lane: issue-and-PR-driven planning consolidation across #210, #211, #212, #213, #214, and the convergence-slice note
• residual cleanup lane: dogfood and secondary docs cleanup after rollout truth lands

Current cleanup structure is now split more explicitly:

• public workstream view: ../cleanup-program.md
• internal execution structure: gloriousflywheel-cleanup-structure-2026-04-17.md

Recent CI signal:

• one recent failed Actions run in the last 20 runs checked
• failed run: Deploy ARC Runners on 2026-04-01
• failure cause surfaced in logs: Longhorn pre-upgrade hook job BackoffLimitExceeded

Established Planning Surface

GitHub

• historical GitHub milestone vocabulary:
  • M#6 closeout tranche: Milestone 6: Truthing, Cache/State Realignment, Runner Platform Reset
  • local milestone ladder used in repo and Linear notes: M#7 through M#12
• current live GitHub milestone reality:
  • open milestone count: 0
  • GitHub milestones are not the active execution control surface right now
• historical issue map for M#6 closeout:
  • #167 Modernize Attic cache defaults after honey on-prem migration and FlakeHub adoption
  • #168 Reset primary repo identity away from attic-iac / attic-cache lineage
  • #169 Define local-first Tofu deployment and blahaj cluster contract for GloriousFlywheel
  • #170 Replace Liqo-era ARC expansion assumptions with a post-Liqo runner topology and lifecycle model
  • #171 Define Linux builder, FlakeHub, and clean-derivation publication contract
  • #172 Define tailnet-first operator plane and multi-org runner enrollment model
  • #173 Create GloriousFlywheel user stories, storyboard flows, KPIs, and program asks
• historical rollout issue:
  • #208 Execute honey on-prem rollout and backend-authority convergence
  • closed on 2026-04-16 at 16:56:05Z
• merged rollout baseline:
  • PR #209 feat(honey): migrate IaC stacks to on-prem honey cluster
  • merged on 2026-04-16 and now serves as the landed baseline for honey rollout rather than the active open execution anchor
• current adjacent execution issues:
  • #210 Inventory first downstream adoption tranche and publish migration kit
  • #211 Define GitHub-first primary surface with GitLab and Codeberg compatibility boundaries
  • #212 Benchmark GloriousFlywheel runners against GitHub-hosted and commercial baselines
  • #213 Harden honey runner workspace hygiene and stale checkout recovery
• current open-issue reality after that follow-on scaffolding:
  • active cleanup-adjacent open issues: #210, #211, #212, #213, #215
  • older open issues still outside the current convergence lane: #66, #44
  • open PRs: 0

Linear

• initiative:
  • GloriousFlywheel Runner Platform Reset
• project:
  • GloriousFlywheel: Truthing, Runners, and CI/CD Reset
• umbrella issue:
  • TIN-123 Sprint: GloriousFlywheel truthing and runner-platform reset

Linear milestones

• M1: Truthing and Identity Reset
• M2: Cache, FlakeHub, and State Convergence
• M3: Runner Substrate and Builder Contracts
• M4: Local-First Deployment and Tailnet Operations
• M5: UX, Storyboarding, and FOSS Product Surface

Linear Issue Map

M1

• TIN-124 Reset primary repo identity away from attic-iac / attic-cache lineage

M2

• TIN-125 Converge cache, FlakeHub, and state contracts from current runtime truth

M3

• TIN-126 Replace Liqo-era runner expansion assumptions with a post-Liqo ARC topology and lifecycle model
• TIN-127 Define Linux builder, FlakeHub, and clean-derivation publication contract

M4

• TIN-128 Define local-first Tofu deployment against blahaj and the tailnet-first operator plane
• TIN-129 Define multi-org and org-plus-user runner enrollment and lifecycle management

M5

• TIN-130 Create GloriousFlywheel user stories, storyboard flows, KPIs, and major program asks

KPI Surface

These are the first baseline metrics worth tracking for the reset.

Truth metrics

• active primary-surface attic-iac references
• active primary-surface stale cache endpoint references
• active primary-surface GitLab-state references
• count of mixed-era topology statements in primary docs

Runner-platform metrics

• number of first-class documented ARC pool types
• number of runner classes with explicit lifecycle ownership
• number of org enrollment paths with explicit documentation
• number of canary workloads with named builder contracts

Deployment metrics

• number of explicitly documented GloriousFlywheel stack targets
• number of stacks with clear state-backend authority
• number of public versus tailnet-only operator endpoints with documented ownership

Adoption metrics

• number of directly exposed downstream repos with written migration entries
• number of downstream repos still using stale Jesssullivan/GloriousFlywheel action paths
• number of downstream repos using current shared runner labels

Benchmark metrics

• cold-start latency for named benchmark workloads
• warm-cache runtime delta for named benchmark workloads
• queue latency by runner lane
• cache restore and save time by runner lane
• measured operator-debug time for runner-caused failures

Corrected On-Prem Cluster Truth

Authoritative deployment target for the current on-prem push:

• one Kubernetes cluster: honey
• primary context: honey
• primary kubeconfig: ~/.kube/kubeconfig-honey.yaml
• current API server: https://100.113.89.12:6443
• bumble and sting are node-role inputs inside honey, not separate clusters
• operator SSH and cluster management should remain tailnet-first and private
• Kubernetes API should remain private and tailnet-only
• transitional cloud context tinyland-civo-dev is residual compatibility only

Placement bias:

• honey: control plane, primary state anchor, operator-facing services
• bumble: durable bulk storage and stateful backends
• sting: stateless compute expansion and protected scheduling window

Canonical rollout note:

• gloriousflywheel-honey-onprem-rollout-2026-04-16.md

Product-surface metrics

• count of operator flows with explicit step-by-step stories
• count of org-admin flows with explicit enrollment and lifecycle stories
• count of downstream-consumer flows with explicit cache and runner-selection guidance

Major Program Asks

These are the main unresolved asks that still need explicit decisions.

Ask 1: Identity boundary

How far should the reset go on naming?

• remove stale attic-iac wording only from primary surfaces
• or fully rename module and build surfaces now as well

Ask 2: Cache and publication authority

What is the exact contract between:

• FlakeHub
• Attic
• Bazel remote cache
• RustFS-backed state and storage

This needs a written answer, not just runtime folklore.

Ask 3: Runner topology

What replaces the old Liqo-shaped expansion story?

• issue #170 forces this decision now even though PR #166 is already closed
• no more runner expansion work should assume Liqo without explicit override

Ask 4: Linux builder contract

What is the first-class Linux builder path for heavy CI?

• linux-xr already acts like a canary consumer
• the builder contract needs to be defined inside GloriousFlywheel, not inferred
• the contract also needs an explicit answer for self-hosted Nix bootstrap: whether tinyland-nix is a workflow-owned bootstrap lane or a preinstalled runner-state guarantee

Ask 5: Deployment contract

Where is authoritative deployment truth supposed to live for GloriousFlywheel dev and prod stacks targeting the local Tinyland cluster?

This needs an answer that is consistent with:

• GloriousFlywheel repo code
• blahaj runtime truth
• local RustFS-backed environment

What is already answered now:

• honey is the only physical Kubernetes cluster target
• dev and prod are logical deployment environments and can both target honey
• bumble and sting belong in placement guidance, not the cluster target list

What remains unresolved:

• the actual non-legacy backend authority for the local-first apply contract
• the live GitHub rollout tranche that should own the post-M#6 deployment execution

Ask 6: Multi-org and org-plus-user model

How should runner registration, ownership, and lifecycle work across:

• tinyland-inc
• user-owned repos
• future orgs or shared GitHub App installs

Ask 7: Product surface

What are the minimum user-story and storyboard flows required for GloriousFlywheel to stop reading like an internal MVP and start reading like a serious FOSS platform?

Parallel Work Lanes

These lanes can move in parallel without fighting each other if ownership stays clean.

Lane A: Cache And Publication Contract

• owner surface: TIN-125, TIN-127, #167, #171
• files: flake.nix, .github/actions/setup-flywheel/action.yml, .github/actions/nix-job/action.yml, docs/runners/cache-integration.md, docs/runners/github-actions.md, docs/runners/nix-builds.md, docs/reference/environment-variables.md, docs/architecture/cache-architecture.md, docs/build-system/watch-store.md
• no longer the main blocking M2 P0 lane after the first cache-normalization pass

Lane B: Backend And Deploy Authority

• historical owner surface: TIN-128, #169
• historical rollout issue: #208
• merged rollout baseline: PR #209
• current execution mode: local follow-on slice that still needs a new reviewable PR once the backend-authority decision is packaged cleanly
• current canonical notes: gloriousflywheel-deployment-authority-decision-2026-04-15.md, gloriousflywheel-deployment-authority-execution-plan-2026-04-15.md, and gloriousflywheel-honey-onprem-rollout-2026-04-16.md
• files: tofu/stacks/*/backend.tf, Justfile, .github/workflows/deploy-arc-runners.yml, docs/infrastructure/quick-start.md, docs/infrastructure/clusters-and-environments.md, config/organization.example.yaml
• current critical path because backend authority is still unresolved even though the cluster target is now explicit

Lane C: ARC Topology And Builder Contract

• owner surface: TIN-126, TIN-127, #170, #171, #172
• files: tofu/stacks/arc-runners/*, tofu/modules/arc-runner/*, docs/runners/*, docs/guides/github-app-adoption.md
• safe in parallel with Lane B if backend/workflow files stay out of scope

Lane D: Product Stories And Storyboards

• owner surface: TIN-130, #173
• files: docs/research/*, future product-story docs, flow diagrams
• safest parallel lane because it does not need to block on backend decisions

Lane E: Convergence Slice Consolidation

• owner surface: gloriousflywheel-convergence-slice-plan-2026-04-16.md
• focus: reduce the local-only execution surface into reviewable lanes around honey rollout, dashboard auth/control work, PM/docs consolidation, and residual dogfood cleanup
• this is the lane that should keep the repo from accumulating more milestone-era planning sprawl while rollout work is still landing

Lane F: Downstream Adoption And Migration Kit

• owner surface: #210
• canonical note: gloriousflywheel-downstream-adoption-and-migration-kit-2026-04-16.md
• execution matrix: gloriousflywheel-downstream-adoption-inventory-matrix-2026-04-16.md
• repo contract sheet: gloriousflywheel-first-tranche-repo-contracts-2026-04-16.md
• first repo-specific playbooks: gloriousflywheel-xoxdwm-first-patch-playbook-2026-04-16.md and gloriousflywheel-tinyland-dev-first-patch-playbook-2026-04-16.md and gloriousflywheel-lab-first-patch-playbook-2026-04-16.md and gloriousflywheel-blahaj-first-patch-playbook-2026-04-16.md and gloriousflywheel-dogfood-first-patch-playbook-2026-04-16.md
• public checklist: docs/runners/downstream-migration-checklist.md
• focus: first-tranche migration for GloriousFlywheel, blahaj, lab, tinyland.dev, and XoxdWM, while keeping the broader 12-repo direct usage surface visible
• current execution: XoxdWM has a patched local clone and tinyland.dev has a patched local checkout for nix.yml; lab has a patched local checkout for bazel-build.yml; blahaj has a patched local checkout for build-images.yml; GloriousFlywheel has an in-repo dogfood patch for local action paths and ARC runner contract testing; container.yml and staging-deploy.yml remain intentionally outside the first runner-contract proof
• published tranche-1 PR set: Jesssullivan/XoxdWM#28, tinyland-inc/tinyland.dev#136, tinyland-inc/lab#72 (merged 2026-04-16 16:26:56Z), and tinyland-inc/blahaj#68 (merged 2026-04-16 16:36:55Z)
• remaining merge order: tinyland-inc/tinyland.dev#136 -> Jesssullivan/XoxdWM#28
• live blocker notes: tinyland-inc/tinyland.dev#136 has moved from runner-contract execution into a repo-level internal workspace package-resolution/build-order blocker in its Docker lane, and Jesssullivan/XoxdWM#28 is currently queued on self-hosted capacity rather than failing a surfaced check
• branch caveat: tinyland-inc/blahaj#68 merged on domain/tinyland.dev, not main

Lane G: Benchmark And Forge Positioning

• owner surface: #211, #212
• canonical notes: gloriousflywheel-runner-benchmark-methodology-2026-04-16.md and gloriousflywheel-github-first-forge-parity-2026-04-16.md
• execution matrices: gloriousflywheel-benchmark-scorecard-template-2026-04-16.md and gloriousflywheel-forge-support-matrix-2026-04-16.md
• focus: benchmark methodology, commercial comparison, and GitHub-first forge positioning

Current Critical Path

The current blocking path is no longer “which cluster are we targeting?”

That part is now explicit:

• one physical cluster: honey
• logical dev and prod environments can both target honey
• bumble and sting are placement inputs, not alternate clusters

The remaining blocker is backend authority:

• backend "http" ownership across all four active stacks
• the real non-legacy backend endpoint and credential authority
• CI and local convergence on the same backend-init model

Canonical repo notes:

• docs/research/gloriousflywheel-deployment-authority-decision-2026-04-15.md
• docs/research/gloriousflywheel-deployment-authority-execution-plan-2026-04-15.md
• docs/research/gloriousflywheel-honey-onprem-rollout-2026-04-16.md
• docs/research/gloriousflywheel-convergence-slice-plan-2026-04-16.md
• merged rollout baseline: PR #209

Immediate Execution Order

1. package the post-#209 backend-authority and operator-path follow-on work into a new reviewable slice
2. dashboard auth and control-plane work as a separate reviewable slice
3. PM/docs consolidation around the live issue-and-PR surface
4. residual dogfood and secondary docs cleanup

Execution Status

Status as of 2026-04-16:

• M1 P0 completed on the primary landing surface: README.md, docs/index.md, MODULE.bazel, flake.nix, .github/workflows/build-image.yml, .github/workflows/release.yml, app/src/lib/config/app-config.json
• M1 P1 completed on the primary architecture and onboarding docs: docs/architecture/bzlmod-topology.md, docs/architecture/multi-repo-layout.md, docs/architecture/overlay-system.md, docs/getting-started-guide.md, docs/infrastructure/quick-start.md, docs/infrastructure/overlay-creation.md
• onboarding truthing corrected one concrete mismatch: the repo does not use a top-level tfvars/ tree; active local workflows use per-stack {env}.tfvars files under tofu/stacks/*
• config/organization.example.yaml now points at tinyland-inc/GloriousFlywheel instead of a stale personal upstream
• M2 P0 is now partially executed: primary cache defaults and consumer docs were normalized around http://attic.nix-cache.svc.cluster.local, grpc://bazel-cache.nix-cache.svc.cluster.local:9092, and the public Attic URL https://nix-cache.tinyland.dev
• current next execution slice remains the unresolved part of M2 P0: state-backend authority and deployment workflow truth
• the primary operator and planning docs now model honey as the only physical on-prem cluster target, with bumble and sting treated as node-role placement inputs instead of separate clusters
• M#6 is now a closed-issue historical tranche on GitHub
• rollout issue #208 is now closed, and PR #209 is now a merged rollout baseline rather than an open execution surface
• adjacent GitHub PM lanes now exist in #210, #211, and #212
• live read-only validation from this machine now confirms:
  • the honey kubeconfig and context are present and reachable
  • nodes honey, bumble, and sting are all Ready
  • the live cache runtime already exists in namespace nix-cache
  • arc-systems and arc-runners already exist as live namespaces on honey; runner-dashboard does not
  • live ARC runner sets currently include linux-xr-docker, personal-docker, personal-nix, tinyland-dind, tinyland-docker, tinyland-nix, and tinyland-nix-heavy
  • additive heavy-Nix lane tinyland-nix-heavy is now live and targeted at sting as explicit stateless compute-expansion capacity
  • live repo-owned tinyland-nix now runs with its normalized cache env: ATTIC_SERVER = http://attic.nix-cache.svc.cluster.local, ATTIC_CACHE = main, and BAZEL_REMOTE_CACHE = grpc://bazel-cache.nix-cache.svc.cluster.local:9092
  • live repo-owned tinyland-docker now carries the normalized Bazel cache env
  • live tinyland-nix-heavy now carries:
    • 8 CPU limit
    • 16Gi memory limit
    • nodeSelector["kubernetes.io/hostname"] = "sting"
    • toleration for dedicated.tinyland.dev/compute-expansion:NoSchedule
  • live personal-nix and personal-docker are separate personal ARC lanes for jesssullivan/jesssullivan.github.io using github-personal-secret, not repo-owned baseline lanes
  • personal-nix still carries stale ATTIC_SERVER = http://attic-api.nix-cache.svc:8080
  • local ignored operator config is now present enough for real execution: tofu-preflight arc-runners, tofu-init arc-runners, and tofu-plan arc-runners all run successfully from this checkout
  • the surviving legacy GitLab state owner is archived tinyland/gf-overlay (project_id 79706605)
  • attic-dev and arc-runners-dev exist there; runner-dashboard-dev and gitlab-runners-dev do not
  • the real arc-runners convergence plan was applied successfully on 2026-04-16
  • that apply created tinyland-nix-heavy, added the normalized cache env back into repo truth for the baseline lanes, and preserved live ARC 0.14.0 instead of downgrading
  • Longhorn churn is gone from the runner-stack plan after removing stale dev ownership from repo policy
  • live ARC on honey does not currently use imagePullSecrets on the baseline lanes, so repo defaults no longer assume a GHCR pull secret
  • the applied delta also removed stale imagePullSecrets values recorded in Helm release state for the controller and runner sets
  • the remaining blocker is no longer repo-owned ARC runtime drift; it is state convergence for the other stacks and separate ownership of personal ARC lanes

Notes

• This planning surface is intentionally GloriousFlywheel-only.
• Other repos are inputs and runtime context, not execution scope.
• GitHub now has adjacent adoption, forge-parity, and benchmark issues but no open PR carrying the remaining convergence work, and the milestone ladder should be treated as historical or local sequencing vocabulary rather than the active GitHub execution surface.