Limits, fallbacks, and safety boundaries
The old roadmap called major platform capabilities “non-goals.” The v0.0.2
truth reset removes that escape hatch. Missing, partial, blocked, and
research-only work is now owned by one of 15 implementation phases.
Limitations that are being implemented
Section titled “Limitations that are being implemented”| Capability | Current truth | Owning phase |
|---|---|---|
Trusted Homebrew/archive/.pkg install |
Does not exist; source development only. | 02 and 15 |
Apple container + Containerization parity |
Apple provider is narrow; direct helper absent. | 03 |
| Complete Manifest/lifecycle/rollback | Restricted v2 subset and narrow apply only. | 04 |
| OCI/registry/Keychain/supply chain | Local reference and policy fragments only. | 05 |
| Persistent storage/data protection | Scaffolding and guarded mounts only. | 06 |
| Networks/DNS/ingress/TLS/tunnels | Metadata/research; no complete implementation. | 07 |
| Autonomous daemon/observability/GC | Foreground loop and local events/diagnostics only. | 08 |
| API/auth/RBAC/admission/audit/plugins | One-shot API and reviewed-local handshake only. | 09 |
| Scheduler/optimization/accelerators | Advisory models/research only. | 10 |
| Multi-Mac consensus/HA | Research only. | 11 |
| Kubernetes/CRI/CNI/CSI/Helm | Not implemented. | 12 |
| Docker/Compose/Podman/Testcontainers/IDE | Narrow import only; no Docker API. | 13 |
| GUI/team/MDM/optional cloud | Requirements/local profiles only. | 14 |
| Security/fuzz/soak/conformance/signed GA | Not qualified. | 15 |
Fallbacks for external constraints
Section titled “Fallbacks for external constraints”- Homebrew-core acceptance is external. Hostwright guarantees a vendor tap once Phase 02 passes; the unqualified formula is submitted in Phase 15.
- Direct guest GPU/ANE passthrough waits for a supported public Apple API. Phase 10 implements a signed authenticated host-native Metal/Core ML/MLX service instead of fabricating passthrough.
- Multi-Mac mutation becomes read-only without etcd quorum rather than acknowledging unsafe conflicting writes.
- Third-party tunnels are optional providers; Hostwright-to-Hostwright secure tunnels remain a first-party Phase 07 outcome.
Permanent boundaries
Section titled “Permanent boundaries”Only the unsafe mechanism is excluded:
- private or undocumented Apple APIs;
- Intel or old-macOS emulation outside the Apple-silicon platform;
- cluster mutation without quorum;
- silent telemetry or automatic diagnostics upload;
- unauthenticated public control;
- deletion of resources Hostwright cannot prove it owns.
Conservative cleanup stays permanent
Section titled “Conservative cleanup stays permanent”A tool that deletes the wrong resource once loses trust. Names and similarity never prove ownership. Hostwright can discover or quarantine an unmanaged resource, but adoption and deletion require explicit identity and authorization. See the safety model.
