Install
Download a signed B8Grid CLI artifact from B8Grid Releases.Log in
Use device-style Cloud Trust auth and keep token material out of project config.Initialize
Run source init so the local workspace and cloud project become one visible spine.Operate
Review, sync, audit, and manage the same Source Graph actions from CLI or web.Security and platform teams
One user loop, two trusted surfaces
Source Graph treats identity, policy, audit, and source movement as one product loop, so teams can trust local and hosted work without hidden actor spoofing.
- Cloud Trust sessions are the authority for hosted actions.
- Session metadata is safe to persist; token material stays in secure storage or env handoff during alpha.
- Audit, policy, provenance, and production posture are surfaced as product state.
System checklist
Done vs left
Done
- Local Source Graph primitives, review proposals, native remotes, and Git compatibility.
- Hosted product and management pages with metadata-only source safety.
- Signed local actor sessions and focused hosted acceptance gates.
Left
- Production B8Grid Releases signing infrastructure and installer mirrors.
- External IdP, KMS, WAF/rate limits, audit export, support, billing, and deployed smoke evidence.
- Promotion remains blocked: generalAvailability is false and production-paas-alpha is Not GA.
CLI/Web parity
Same Source Graph control from both sides
| Operation | CLI | Web | Status |
|---|---|---|---|
| source.init | supported | supported | Project appears in app after local init. |
| proposal.review | supported | supported | Review, comments, queue, merge, audit. |
| policy.management | supported | supported | Rules, import preflight, roster, admin actions. |
| workspace.local-hydrate | supported | intentionally-local-only | Keeps local filesystem materialization honest. |