Roadmap¶
Where Punix is going next.
Stage 7 — Corpus scale ✅¶
The bulk-port arc is done. The brew→PCL translator (tools/migrate-brew.py) ships in production form, handling every dominant brew install shape (cargo, go, npm, autotools, cmake, meson, swift, pip, git-tag source). 365 recipes build green under make dogfood from source; 62 % of Homebrew's top-500 install-on-request set is fully resolvable through the corpus.
See Corpus status for the per-topic breakdown and Corpus blockers for the bounded list of recipes that don't yet ship and the shape the fix takes.
The next moves on the corpus side are translator extensions (multi-source Perl-CPAN, head do git-only sources, vendored-submodule fetchers) and per-recipe build-shape fixes. Each unblocks a known set documented in blockers.
Stage 8 — Lifecycle + multi-backend demos¶
Active arc.
The "the deploy demos actually run the service" stage. Closes most of the known limitations:
- Lifecycle wired:
punix service deployinvokessystemctl daemon-reload+systemctl restartend-to-end. Themonitoringstack's Grafana on:3000returns 200 as a proof-of-life. - Non-systemd generators:
launchd(macOS),supervisord,docker-compose. The old-Punix generators slot in unchanged behind the transport seam. --unit-dir: user-mode systemd at~/.config/systemd/user/. Enables non-root SSH deploys.- Cross-host pinned-path check: rollback verifies on the target host through the transport, not on the deploy side. Closes the Stage ⅚ cross-host gap.
punix service set-current STACK N: multi-step rollback + forward-roll in one command.from_fileconformance: dedicated property test.EnvironmentFile=opt-in: tighter secret visibility (0600 sidecar file instead of in-unitEnvironment=).- Cross-arch deploy: build on the target host via the transport, instead of failing at push time when arches differ.
Stage 9 — Release evidence¶
The release-evidence the v2.0 launch ships behind:
- A ~3-minute screencast deploying
monitoringto a VPS from a Mac. - A blog post with verbatim copy-paste commands yielding a working Grafana.
- Public CI green badges for x86_64 + aarch64 Linux.
docs/KNOWN-LIMITATIONS.md(which is this docs site's limitations page).
v2.0 = "it works, look at this."
Stage 10 — Polish and substituter¶
Post-v2.0.
- Substituter seam: cache mirrors (S3-style or P2P); the realise loop tries
hasthenfetchbefore falling through to a real build. The seam is already shaped —RealiseSubstitute(inner, substituters)is an empty-list pass-through in v2. Stage 10 wires an actual cache backend. - Reproducibility CI: a job that builds the corpus on x86_64 + aarch64, snapshots the store, swaps hosts, rebuilds, diffs. Drift ⇒ red.
punix doctor: a single command that runs every diagnostic (store verify,manifest verify,provenance audit).- Translator extensions for the long tail: multi-source Perl-CPAN bundles;
head dogit-only sources; vendored-submodule fetchers; xcodebuild. Each unblocks ~5–15 recipes from blockers.
What's not on the roadmap¶
Some items the design rules out deliberately:
- Subtyping in PCL. Ever. The proof of decidability of the type checker depends on its absence — adding subtyping would break a structural property the whole language rides on.
- First-class type members. Same reason.
- Import-from-derivation (running a build to discover what the next build needs). Belongs below the eval/realise seam, as a deploy-time fetch, not in the pure config layer.
→ Reference: decisions for the full constitutional layer.
Related¶
- What works — current state of the engine.
- Corpus status — what works on the package side.
- Limitations — the gap list.
- Reference: conformance — what each stage's property pin adds.