Skip to content

policy: Guix primary + sealed-container escape; retire Nix-mirror-everywhere #101

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
hyperpolymath merged 1 commit into from
May 18, 2026
+25 −4
Merged

policy: Guix primary + sealed-container escape; retire Nix-mirror-everywhere #101

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 10 additions & 1 deletion .machine_readable/agent_instructions/debt.a2ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@

[metadata]
version = "1.0.0"
last-updated = "2026-03-24"
last-updated = "2026-05-18"

# ============================================================================
# DEBT ITEMS
Expand All @@ -34,6 +34,15 @@ last-updated = "2026-03-24"
# impact = "medium"
# discovered = "2026-03-23"

[[debt.should]]
component = "estate-wide / standards CLAUDE.md §Package Management"
issue = "Guix-primary ruling 2026-05-18 (Guix primary + sealed-container escape; NO Nix mirror). Tech debt to clear: (1) update standards CLAUDE.md §Package Management ('Fallback: Nix (flake.nix)' -> 'Escape hatch: sealed container; no Nix mirror'); (2) estate-wide sweep removing every flake.nix that only mirrors a guix.scm/manifest (echidna flake.nix deprecated in its L3/L1 PR as the pilot). A second packager is permitted ONLY where it is the sole source of a specific named dependency, documented as such."
effort = "hard"
impact = "medium"
priority = "should"
discovered = "2026-05-18"
ref = "memory: reference_packaging_guix_primary_container_escape"

# ============================================================================
# COULD — would fix eventually
# ============================================================================
Expand Down
18 changes: 15 additions & 3 deletions rhodium-standard-repositories/spec/LANGUAGE-POLICY.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -196,15 +196,27 @@ Both are FOSS with independent governance.

== Package Management

RULED 2026-05-18 (estate-wide): **Guix primary + sealed-container escape; NO
Nix mirror.** One packager per repo. A `flake.nix` that only mirrors a Guix
manifest is drift to remove, not a fallback. A second packager is permitted
only where it is the *sole* source of a *specific named* dependency, and that
dependency is documented as the reason. Supersedes the prior "Nix fallback
everywhere" rule.

[cols="1,2"]
|===
| Priority | Tool

| *Primary*
| Guix (guix.scm)
| Guix (`guix.scm`, `manifest.scm`)

| *Escape hatch*
| Sealed container (Podman / Containerfile, Svalinn-sealed) — the single
universal path for the not-in-Guix / non-free tail. Not a Nix mirror.

| *Fallback*
| Nix (flake.nix)
| *Second packager*
| Permitted only as the sole source of a specific named dependency,
documented as such (never a blanket mirror).

| *JS deps*
| Deno (deno.json imports)
Expand Down
Loading