cli: hide unsupported commands (#289)

Use a simple feature flag system that checks env vars if a feature is
enabled.

.cspell.json

@@ -7,34 +7,53 @@
   "words": [
     "acraccesstokens",
     "admissionregistration",
+    "alertmanager",
+    "alertmanagers",
     "anthos",
     "apiextensions",
+    "apimachinery",
+    "apiobjects",
+    "apiservers",
     "applicationset",
     "applicationsets",
     "appproject",
     "appprojects",
     "argoproj",
+    "argumentless",
     "authcode",
     "authorizationpolicies",
+    "authorizationpolicy",
     "authpolicy",
     "authproxy",
     "authroutes",
+    "automount",
+    "automounting",
+    "autoscaler",
     "balancereader",
+    "blackbox",
     "buildplan",
+    "builtinpluginloadingoptions",
+    "cadvisor",
     "cainjector",
     "CAROOT",
+    "certificaterequest",
     "certificaterequests",
     "certificatesigningrequests",
     "clsx",
+    "clusterexternalsecret",
     "clusterexternalsecrets",
     "clusterissuer",
     "clusterissuers",
     "clusterrole",
     "clusterrolebinding",
+    "clustersecretstore",
     "clustersecretstores",
+    "clusterwide",
     "CNCF",
     "CODEOWNERS",
     "configmap",
+    "configmapargs",
+    "connectrpc",
     "cookiesecret",
     "coredns",
     "corev",
@@ -42,99 +61,165 @@
     "crds",
     "creds",
     "crossplane",
+    "crunchydata",
     "cuecontext",
     "cuelang",
     "customresourcedefinition",
     "daemonset",
+    "deploymentruntimeconfig",
+    "destinationrule",
     "destinationrules",
     "devicecode",
     "dnsmasq",
     "dscacheutil",
     "ecrauthorizationtokens",
+    "edns",
+    "endpointslices",
     "entgo",
+    "envoyfilter",
     "envoyfilters",
+    "errdetails",
     "errgroup",
     "etcdsnapshotfiles",
     "externalsecret",
     "externalsecrets",
     "fctr",
     "fieldmaskpb",
+    "fieldspec",
     "flushcache",
+    "fullname",
+    "gatewayclass",
     "gatewayclasses",
     "gcraccesstokens",
     "gendoc",
+    "generationbehavior",
+    "generatorargs",
+    "generatoroptions",
+    "genproto",
     "ggnpl",
     "ghaction",
     "githubaccesstokens",
     "gitops",
     "godoc",
     "golangci",
+    "gomarkdoc",
+    "googleapis",
     "goreleaser",
+    "gotypesalias",
     "grpcreflect",
+    "grpcroute",
     "grpcroutes",
     "grpcurl",
+    "healthchecks",
     "healthz",
+    "helmchartargs",
     "helmchartconfigs",
     "helmcharts",
     "Hiera",
     "holos",
     "holoslogger",
     "horizontalpodautoscaler",
+    "horizontalpodautoscalers",
+    "Hostaliases",
     "Hostnames",
+    "htpasswd",
     "httpbin",
     "httproute",
     "httproutes",
+    "iampolicygenerator",
     "Infima",
+    "intstr",
     "isatty",
     "istiod",
     "jbrx",
     "jeffmccune",
     "jetstack",
+    "jiralert",
     "Jsonnet",
     "kfbh",
     "killall",
     "kubeadm",
     "kubeconfig",
+    "kubelet",
     "kubelogin",
+    "kubernetesobjects",
     "Kustomization",
     "Kustomizations",
     "kustomize",
+    "kustomizebuild",
+    "kvpairsources",
+    "labeldrop",
+    "labelmap",
     "ldflags",
     "leaderelection",
     "ledgerwriter",
     "libnss",
+    "limitranges",
+    "livez",
     "loadbalancer",
+    "loadrestrictions",
+    "logfmt",
     "mattn",
     "mccutchen",
+    "metav",
     "mindmap",
     "mktemp",
     "msqbn",
     "mtls",
     "Multicluster",
     "mutatingwebhookconfiguration",
+    "mutatingwebhookconfigurations",
     "mxcl",
     "myhostname",
+    "myRegistrKeySecretName",
+    "mysecret",
+    "nameofclusterrole",
     "nameserver",
+    "namespacedname",
+    "ndots",
+    "networkpolicies",
+    "nodename",
     "nolint",
+    "oauthproxy",
+    "objectmap",
+    "objectmeta",
     "organizationconnect",
     "orgid",
     "otelconnect",
+    "overriden",
     "Parentspanid",
+    "patchstrategicmerge",
     "pcjc",
+    "peerauthentication",
     "peerauthentications",
+    "persistentvolumeclaim",
+    "persistentvolumeclaims",
+    "persistentvolumes",
     "pflag",
+    "pgadmin",
+    "pgupgrade",
     "pipefail",
     "PKCE",
     "platformconnect",
+    "pluginconfig",
+    "pluginrestrictions",
     "podcli",
     "poddisruptionbudget",
+    "poddisruptionbudgets",
     "podinfo",
     "portmapping",
+    "postgrescluster",
+    "privs",
+    "prometheuses",
     "promhttp",
     "protobuf",
     "protojson",
+    "providerconfig",
+    "proxyconfig",
     "proxyconfigs",
     "Pulumi",
+    "pushgateway",
+    "pushsecret",
     "pushsecrets",
     "putenv",
     "qjbp",
@@ -143,11 +228,19 @@
     "readyz",
     "referencegrant",
     "referencegrants",
+    "Registr",
+    "replacementfield",
+    "replicasets",
+    "replicationcontrollers",
+    "requestauthentication",
     "requestauthentications",
+    "resourcequotas",
     "retryable",
     "rolebinding",
+    "rootfs",
     "ropc",
     "seccomp",
+    "secretargs",
     "SECRETKEY",
     "secretstore",
     "secretstores",
@@ -156,29 +249,47 @@
     "serviceaccount",
     "servicebindings",
     "serviceentries",
+    "serviceentry",
+    "servicemonitor",
+    "somevalue",
+    "SOMEVAR",
+    "sortoptions",
     "spanid",
     "spiffe",
+    "stackdriver",
     "startupapicheck",
     "statefulset",
+    "statefulsets",
     "stefanprodan",
+    "storageclasses",
+    "streamwatcher",
     "struct",
     "structpb",
+    "subcharts",
     "subjectaccessreviews",
     "svclb",
+    "sysfs",
     "systemconnect",
     "tablewriter",
+    "templatable",
+    "thanos",
     "Tiltfile",
     "timestamppb",
     "Timoni",
     "tlsclientconfig",
     "tokencache",
     "Tokener",
+    "tolerations",
     "Traceid",
     "traefik",
     "transactionhistory",
+    "tsdb",
+    "typemeta",
+    "udev",
     "uibutton",
     "unstage",
     "untar",
+    "upbound",
     "Upsert",
     "urandom",
     "usecases",
@@ -186,11 +297,18 @@
     "userdata",
     "userservice",
     "validatingwebhookconfiguration",
+    "validatingwebhookconfigurations",
     "vaultdynamicsecrets",
+    "virtualservice",
     "virtualservices",
+    "volumeattachments",
+    "wasmplugin",
     "wasmplugins",
     "workloadentries",
+    "workloadentry",
+    "workloadgroup",
     "workloadgroups",
+    "yournamespace",
     "zerolog",
     "zitadel",
     "ztunnel"

api/author/v1alpha3/header.yaml

@@ -0,0 +1,4 @@
+---
+description: Simplified abstraction to generate core v1alpha3 components.
+sidebar_position: 997
+---

api/author/v1alpha4/header.yaml

@@ -0,0 +1,4 @@
+---
+description: Simplified abstraction to generate core v1alpha4 build plans.
+sidebar_position: 996
+---

api/core/v1alpha2/header.yaml

@@ -0,0 +1,4 @@
+---
+description: Core v1alpha4 schema for advanced use cases.
+sidebar_position: 998
+---

api/core/v1alpha3/header.yaml

@@ -0,0 +1,4 @@
+---
+description: Core v1alpha3 schema for advanced use cases.
+sidebar_position: 997
+---

api/core/v1alpha4/header.yaml

@@ -0,0 +1,4 @@
+---
+description: Core v1alpha2 schema for advanced use cases.
+sidebar_position: 996
+---

api/core/v1alpha4/types.go

@@ -365,7 +365,7 @@ type Component struct {
 	// Model represents the platform model holos gets from from the
 	// PlatformService.GetPlatform rpc method and provides to CUE using a tag.
 	// Injected as the tag "holos_model".
-	Model map[string]any `json:"model"`
+	Model map[string]any `json:"model,omitempty"`
 	// Tags represents cue @tag variables injected into the holos render component
 	// command from the holos render platform command.  Tags with a "holos_"
 	// prefix are reserved for use by the Holos Authors.

doc/md/api/author/v1alpha3.md

@@ -1,3 +1,7 @@
+---
+description: Simplified abstraction to generate core v1alpha3 components.
+sidebar_position: 997
+---
 <!-- Code generated by gomarkdoc. DO NOT EDIT -->
 
 # v1alpha3

doc/md/api/author/v1alpha4.md

@@ -1,3 +1,7 @@
+---
+description: Simplified abstraction to generate core v1alpha4 build plans.
+sidebar_position: 996
+---
 <!-- Code generated by gomarkdoc. DO NOT EDIT -->
 
 # v1alpha4

doc/md/api/core/v1alpha2.md

@@ -1,3 +1,7 @@
+---
+description: Core v1alpha4 schema for advanced use cases.
+sidebar_position: 998
+---
 <!-- Code generated by gomarkdoc. DO NOT EDIT -->
 
 # v1alpha2

doc/md/api/core/v1alpha3.md

@@ -1,3 +1,7 @@
+---
+description: Core v1alpha3 schema for advanced use cases.
+sidebar_position: 997
+---
 <!-- Code generated by gomarkdoc. DO NOT EDIT -->
 
 # v1alpha3

doc/md/api/core/v1alpha4.md

@@ -1,3 +1,7 @@
+---
+description: Core v1alpha2 schema for advanced use cases.
+sidebar_position: 996
+---
 <!-- Code generated by gomarkdoc. DO NOT EDIT -->
 
 # v1alpha4
@@ -234,7 +238,7 @@ type Component struct {
     // Model represents the platform model holos gets from from the
     // PlatformService.GetPlatform rpc method and provides to CUE using a tag.
     // Injected as the tag "holos_model".
-    Model map[string]any `json:"model"`
+    Model map[string]any `json:"model,omitempty"`
     // Tags represents cue @tag variables injected into the holos render component
     // command from the holos render platform command.  Tags with a "holos_"
     // prefix are reserved for use by the Holos Authors.

doc/md/guides/deploy-a-service.mdx

@@ -94,8 +94,8 @@ an ArgoCD Application or Flux Kustomization.
 consistently add common labels.
 
 :::tip
-[ComponentFields] in the Author API describes the fields common to all kinds of
-component.
+[ComponentConfig] in the Author API describes the fields common to all kinds of
+components.
 :::
 
 We'll start with a [Helm] component to deploy the service, then compare it to a
@@ -356,10 +356,17 @@ import ks "sigs.k8s.io/kustomize/api/types"
 let Chart = {
   // highlight-next-line
   Name:    "podinfo"
-  Version: "6.6.2"
   // highlight-next-line
   Namespace: #Migration.Namespace
 
+  Chart: {
+      version: "6.6.2"
+      repository: {
+        name: "podinfo"
+        url: "https://stefanprodan.github.io/podinfo"
+      }
+  }
+
   // Necessary to ensure the resources go to the correct namespace.
   // highlight-next-line
   EnableKustomizePostProcessor: true
@@ -368,9 +375,6 @@ let Chart = {
     namespace: Namespace
   }
 
-  Repo: name: "podinfo"
-  Repo: url:  "https://stefanprodan.github.io/podinfo"
-
   // Allow the platform team to route traffic into our namespace.
   // highlight-next-line
   Resources: ReferenceGrant: grant: #ReferenceGrant & {
@@ -396,19 +400,19 @@ Name as the sub-directory name when it writes the rendered manifest into
 `deploy/`.  Normally this name also matches the directory and file name of the
 component, `podinfo/podinfo.cue`, but `holos` doesn't enforce this convention.
 
-**Line 11**: We use the same namespace we registered with the `namespaces`
+**Line 10**: We use the same namespace we registered with the `namespaces`
 component as the value we pass to Helm.  This is a good example of Holos
 offering safety and consistency with CUE, if we change the value of
 `#Migration.Namespace`, multiple components stay consistent.
 
-**Lines 14-15**: Unfortunately, the Helm chart doesn't set the
+**Lines 20-21**: Unfortunately, the Helm chart doesn't set the
 `metadata.namespace` field for the resources it generates, which creates a
 security problem.  The resources will be created in the wrong namespace.  We
 don't want to modify the upstream chart because it creates a maintenance burden.
 We solve the problem by having Holos post-process the Helm output with
 Kustomize.  This ensures all resources go into the correct namespace.
 
-**Lines 23**: The migration team grants the platform team permission to route
+**Lines 27**: The migration team grants the platform team permission to route
 traffic into the `migration` Namespace using a [ReferenceGrant].
 
 :::note
@@ -780,7 +784,7 @@ the bank to register with. The `#HTTPRoutes` struct is similar to the
 As a member of the migration team, we'll add the file
 `projects/migration-routes.cue` to expose the service we're migrating.
 
-Go ahead and create this file with the following content.
+Go ahead and create this file (if it hasn't been created previously) with the following content.
 
 <Tabs groupId="6F9044EC-1737-4926-BD07-455536BA6573">
   <TabItem value="projects/migration-routes.cue" label="projects/migration-routes.cue">
@@ -813,7 +817,7 @@ import v1 "gateway.networking.k8s.io/httproute/v1"
   // For the guides, we simplify this down to a flat namespace.
   // highlight-next-line
   [Name=string]: v1.#HTTPRoute & {
-    let HOST = Name + "." + #Platform.Domain
+    let HOST = Name + "." + #Organization.Domain
 
     // highlight-next-line
     _backendRefs: [NAME=string]: {
@@ -925,37 +929,38 @@ git diff
   <TabItem value="output" label="Output">
 ```diff
 diff --git a/deploy/clusters/workload/components/httproutes/httproutes.gen.yaml b/deploy/clusters/workload/components/httproutes/httproutes.gen.yaml
-index 4b476da..a150015 100644
+index 06f7c91..349e070 100644
 --- a/deploy/clusters/workload/components/httproutes/httproutes.gen.yaml
 +++ b/deploy/clusters/workload/components/httproutes/httproutes.gen.yaml
-@@ -46,3 +46,27 @@ spec:
-         - name: frontend
-           namespace: bank-frontend
-           port: 80
+@@ -47,3 +47,28 @@ spec:
+     - path:
+         type: PathPrefix
+         value: /
 +---
-+# Source: CUE apiObjects.HTTPRoute.migration-podinfo
 +apiVersion: gateway.networking.k8s.io/v1
 +kind: HTTPRoute
 +metadata:
-+  name: migration-podinfo
-+  namespace: istio-ingress
 +  labels:
 +    app: migration-podinfo
++    argocd.argoproj.io/instance: httproutes
++    holos.run/component.name: httproutes
++  name: migration-podinfo
++  namespace: istio-ingress
 +spec:
 +  hostnames:
-+    - migration-podinfo.holos.localhost
++  - migration-podinfo.holos.localhost
 +  parentRefs:
-+    - name: default
-+      namespace: istio-ingress
++  - name: default
++    namespace: istio-ingress
 +  rules:
-+    - matches:
-+        - path:
-+            type: PathPrefix
-+            value: /
-+      backendRefs:
-+        - name: podinfo
-+          port: 9898
-+          namespace: migration
++  - backendRefs:
++    - name: podinfo
++      namespace: migration
++      port: 9898
++    matches:
++    - path:
++        type: PathPrefix
++        value: /
 
 ```
   </TabItem>
@@ -1428,10 +1433,10 @@ for some time.
 
 [Quickstart]: /docs/quickstart/
 [Change a Service]: /docs/guides/change-a-service/
-[Helm]: /docs/api/author/v1alpha3/#Helm
-[Kubernetes]: /docs/api/author/v1alpha3/#Kubernetes
-[Kustomize]: /docs/api/author/v1alpha3/#Kustomize
-[ComponentFields]: /docs/api/author/v1alpha3/#ComponentFields
+[Helm]: /docs/api/author/v1alpha4/#Helm
+[Kubernetes]: /docs/api/author/v1alpha4/#Kubernetes
+[Kustomize]: /docs/api/author/v1alpha4/#Kustomize
+[ComponentConfig]: /docs/api/author/v1alpha4/#ComponentConfig
 [platform-files]: /docs/quickstart/#how-platform-rendering-works
 [AppProject]: https://argo-cd.readthedocs.io/en/stable/user-guide/projects/
 [unification operator]: https://cuelang.org/docs/reference/spec/#unification

doc/md/guides/helm-component.mdx

@@ -1,15 +0,0 @@
----
-description: Helm Component
-slug: /guides/helm-component
-sidebar_position: 400
----
-
-# Helm Component
-
-The [Deploy a Service](/docs/guides/deploy-a-service/) guide is the best guide
-we have on wrapping a Helm chart in a Holos Component.  The [Helm] section of
-the Author API may also be useful.
-
-[Helm]: /docs/api/author/v1alpha3/#Helm
-[Kubernetes]: /docs/api/author/v1alpha3/#Kubernetes
-[Kustomize]: /docs/api/author/v1alpha3/#Kustomize

doc/md/guides/kubernetes-component.mdx

@@ -1,20 +0,0 @@
----
-description: Kubernetes Component
-slug: /guides/kubernetes-component
-sidebar_position: 500
----
-
-# Kubernetes Component
-
-:::warning
-TODO
-:::
-
-This is a placeholder for a guide for managing Kubernetes resources directly
-from a Holos Component with strong type checking.
-
-In the meantime, please refer to the [Kubernetes] section of the Author API.
-
-[Helm]: /docs/api/author/v1alpha3/#Helm
-[Kubernetes]: /docs/api/author/v1alpha3/#Kubernetes
-[Kustomize]: /docs/api/author/v1alpha3/#Kustomize

doc/md/guides/kustomize-component.mdx

@@ -1,20 +0,0 @@
----
-description: Wrap a Kustomize Kustomization in a Holos Component.
-slug: /guides/kustomize-component
-sidebar_position: 600
----
-
-# Kustomize Component
-
-:::warning
-TODO
-:::
-
-This is a placeholder for a guide on wrapping a Kustomize Kustomization base
-with a Holos component.
-
-In the meantime, please refer to the [Kustomize] section of the Author API.
-
-[Helm]: /docs/api/author/v1alpha3/#Helm
-[Kubernetes]: /docs/api/author/v1alpha3/#Kubernetes
-[Kustomize]: /docs/api/author/v1alpha3/#Kustomize

doc/md/start/concepts.md

@@ -42,9 +42,9 @@ graph TB
     Kustomize[<a href="#component">Kustomize</a>]
     CUE[<a href="#component">CUE</a>]
 
-    Cluster --> Platform
-    Fleet --> Cluster
-    Component --> Fleet
+    Fleet --> Platform
+    Cluster --> Fleet
+    Component --> Cluster
     Helm --> Component
     Kustomize --> Component
     CUE --> Component

doc/md/start/support.md

@@ -8,7 +8,7 @@ sidebar_position: 900
 
 ## Community Support
 
-You can ask questions in our community forums in [GitHub Discussions](https://github.com/holos-run/holos/discussions) or [Google Groups](https://groups.google.com/g/holos-discuss).
+You can ask questions in our community forums in [GitHub Discussions](https://github.com/holos-run/holos/discussions), [Discord](https://discord.gg/JgDVbNpye7), or [Google Groups](https://groups.google.com/g/holos-discuss).
 
 ## Commercial Support and Services
 

doc/md/technical-overview.md

@@ -45,7 +45,7 @@ Go command line tool leveraging [CUE] to fill this gap.
 
 ```mermaid
 ---
-title: Figure 1 - v1alpha4 Render Pipeline
+title: Figure 1 - v1alpha4 Rendered Manifest Pipeline
 ---
 graph LR
     Platform[<a href="/docs/api/author/v1alpha4/#Platform">Platform</a>]
@@ -60,18 +60,19 @@ graph LR
     ResourcesArtifact[<a href="/docs/api/core/v1alpha4/#artifact">Resources<br/>Artifact</a>]
     GitOpsArtifact[<a href="/docs/api/core/v1alpha4/#artifact">GitOps<br/>Artifact</a>]
 
-    Generator[<a href="/docs/api/core/v1alpha4/#generators">Generator</a>]
-    Transformer[<a href="/docs/api/core/v1alpha4/#transformer">Transformer</a>]
+    Generators[<a href="/docs/api/core/v1alpha4/#generators">Generators</a>]
+    Transformers[<a href="/docs/api/core/v1alpha4/#transformer">Transformers</a>]
+    Files[Manifest<br/>Files]
 
     Platform --> Component
     Component --> Helm --> BuildPlan
     Component --> Kubernetes --> BuildPlan
     Component --> Kustomize --> BuildPlan
 
-    BuildPlan --> ResourcesArtifact --> Generator
-    BuildPlan --> GitOpsArtifact --> Generator
+    BuildPlan --> ResourcesArtifact --> Generators
+    BuildPlan --> GitOpsArtifact --> Generators
 
-    Generator --> Transformer --> Files --> KubeAPI
+    Generators --> Transformers --> Files
 ```
 
 ## Use Case

doc/website/blog/2024-09-24-holos-announcement/index.md

@@ -1,94 +0,0 @@
----
-slug: holos-platform-manager
-title: Holos Platform Manager
-authors: [jeff]
-tags: [holos]
----
-
-## Introducing Holos
-
-I’m excited to announce Holos, a tool designed to help engineering teams
-manage their software development platforms built on the Kubernetes resource
-model.
-
-:::tip
-For a hands-on introduction, check out our [Quickstart] Guide.
-:::
-
-<!-- truncate -->
-
-### The Backstory
-
-In our roles at [Open Infrastructure Services], and earlier at Puppet, we helped
-many companies automate infrastructure management. In 2017, we had the
-opportunity to work with Twitter to improve their configuration management
-system.  This opportunity gave us insight into the challenges of managing a
-large-scale platform with multiple engineering teams. Our work involved
-everything from observability systems to application deployment workflows and of
-course, managing the core infrastructure.
-
-This experience demonstrated the value of platform engineering. As the pandemic
-hit, I began thinking about what a fully cloud-native platform might look like
-using the Kubernetes resource model. Around the same time, I came across the
-Hacker News post, “[Why Are We Templating YAML]?”, which sparked a good
-discussion. It was clear I wasn’t alone in my frustration with managing YAML
-files and ensuring clear, predictable changes before merging them into
-production.
-
-A common pain point and theme is the complexity of working with nested YAML
-configurations, especially with tools like ArgoCD and Helm. The lack of a
-standard for rendering YAML templates makes it difficult to see what changes are
-actually being applied to the Kubernetes API. This often results in trial and
-error, costly blue-green deployments, and hours of debugging.
-
-During the pandemic, I began experimenting with a tool to address this issue,
-drawing on lessons from our work at Twitter. The key problems we aimed to solve
-are:
-
-- **Lack of visibility**: Engineers struggled to foresee the impact of small changes.
-- **Large blast radius**: Small changes affected global systems, with no way to limit the impact.
-- **Incomplete tooling**: While processes were in place, the right information wasn’t surfaced at the right time.
-
-We built several iterations of a reference platform based on Kubernetes,
-initially focusing on fully rendering manifests into plain files—a pattern now
-called the [rendered manifests pattern]. Over time, we realized we were spending
-most of our time maintaining bash scripts and YAML templates. This led back to
-the question: Why are we templating YAML? What _should_ replace templates?
-
-We'd previously seen a colleague use CUE effectively to generate large scale
-configurations for Envoy, and ran into CUE again when we worked on a project
-involving Dagger, but I still hadn't taken a deep look at CUE.
-
-At the end of 2023, I decided to dive deep with [CUE].  I quickly came to
-appreciate CUE’s unified approach where **order is irrelevant**.  Before CUE, we
-handled configuration data in a hierarchy with a precedence ordering, similar to
-how we handled data in Puppet with Hiera.  CUE's promise of no longer needing to
-think about ordering and precedence rules held, alleviating a large cognitive
-burden when dealing with complex configurations. CUE quickly allowed me to
-replace the unmaintainable bash scripts and complex Helm templates, simplifying
-our workflow.
-
-### Enter Holos
-
-Holos adds CUE as a well-specified integration layer over tools like Helm,
-Kustomize, ArgoCD, and Crossplane. With Holos, we can now efficiently integrate
-upstream Helm charts and Kustomize bases into our platform without the
-complexity of templates and scripts. This has also made it easy for one team to
-define "golden paths" that other teams can follow—like automatically configuring
-namespaces and security policies when dev teams start new projects.
-
-We've found Holos incredibly useful and hope you do too. Let us know your
-thoughts!
-
-[Guides]: /docs/guides/
-[API Reference]: /docs/api/
-[Quickstart]: /docs/quickstart/
-[CUE]: https://cuelang.org/
-[Author API]: /docs/api/author/
-[Core API]: /docs/api/core/
-[Open Infrastructure Services]: https://openinfrastructure.co/
-[Why are we templating YAML]: https://hn.algolia.com/?dateRange=all&page=0&prefix=false&query=https%3A%2F%2Fleebriggs.co.uk%2Fblog%2F2019%2F02%2F07%2Fwhy-are-we-templating-yaml&sort=byDate&type=story
-
-[Holos]: https://holos.run/
-[Quickstart]: /docs/quickstart/
-[rendered manifests pattern]: https://akuity.io/blog/the-rendered-manifests-pattern/

doc/website/blog/2024-10-28-holos.md

@@ -0,0 +1,125 @@
+---
+slug: announcing-holos
+title: Announcing Holos
+authors: [jeff]
+tags: [holos, launch]
+image: /img/cards/announcing-holos.png
+description: Holistically manage Helm and Kustomize with CUE
+---
+
+<head>
+  <title>Announcing Holos</title>
+  <meta property="og:title" content="Announcing Holos" />
+</head>
+
+I'm excited to share Holos, a Go command line tool we developed to make it
+easier to manage a platform built on Kubernetes.  Holos implements the rendered
+manifests pattern as a data pipeline to fully render manifests generated from
+[Helm], [Kustomize], or [CUE] in a holistic way.
+
+[Helm]: https://helm.sh/
+[Kustomize]: https://kustomize.io/
+[CUE]: https://cuelang.org/
+
+```mermaid
+---
+title: Rendered Manifest Pipeline
+---
+graph LR
+    Platform[<a href="/docs/api/author/v1alpha4/#Platform">Platform</a>]
+    Component[<a href="/docs/api/author/v1alpha4/#ComponentConfig">Components</a>]
+
+    Helm[<a href="/docs/api/author/v1alpha4/#Helm">Helm</a>]
+    Kustomize[<a href="/docs/api/author/v1alpha4/#Kustomize">Kustomize</a>]
+    Kubernetes[<a href="/docs/api/author/v1alpha4/#Kubernetes">Kubernetes</a>]
+
+    BuildPlan[<a href="/docs/api/core/v1alpha4/#buildplan">BuildPlan</a>]
+
+    ResourcesArtifact[<a href="/docs/api/core/v1alpha4/#artifact">Resources<br/>Artifact</a>]
+    GitOpsArtifact[<a href="/docs/api/core/v1alpha4/#artifact">GitOps<br/>Artifact</a>]
+
+    Generators[<a href="/docs/api/core/v1alpha4/#generators">Generators</a>]
+    Transformers[<a href="/docs/api/core/v1alpha4/#transformer">Transformers</a>]
+    Files[Manifest<br/>Files]
+
+    Platform --> Component
+    Component --> Helm --> BuildPlan
+    Component --> Kubernetes --> BuildPlan
+    Component --> Kustomize --> BuildPlan
+
+    BuildPlan --> ResourcesArtifact --> Generators
+    BuildPlan --> GitOpsArtifact --> Generators
+
+    Generators --> Transformers --> Files
+```
+
+<!-- truncate -->
+
+At the start of the pandemic I was migrating our platform from VMs managed by
+Puppet to Kubernetes.  My primary goal was to build an observability system
+similar to what we had when we managed Puppet at Twitter prior to the
+acquisition.  I started building the observability system with the official
+[prometheus community charts], but quickly ran into issues where the
+individual charts didn’t work with each other.  I was frustrated with how
+complicated and difficult to configure these charts were.  They weren’t well
+integrated, so I switched to the [kube-prometheus-stack] umbrella chart which
+attempts to solve this integration problem.
+
+The umbrella chart got us further, as long as we didn’t stray too far from the
+default values, but we quickly ran into operational challenges.  Upgrading the
+chart introduced breaking changes we couldn’t see until they were applied,
+causing incidents.  We needed to manage secrets securely so we mixed in
+ExternalSecrets with many of the charts.  We decided to handle these
+customizations by implementing the [rendered manifests pattern] using scripts in
+our CI pipeline.
+
+These scripts got us further, but we found them costly to maintain.
+Teammates needed to be careful to execute them with the same context they were
+executed in CI.  We realized we were reinventing Hiera to manage a hierarchy of
+helm values.yaml files to inject into multiple charts.
+
+At this point I started looking for a more holistic solution to this problem of
+integrating multiple charts together.  We saw the value in the rendered
+manifests pattern, but we couldn’t find an agreed upon implementation.  We built
+a Go command line tool to implement the pattern as a data pipeline.  I’d been
+thinking about the comments from the [Why are we templating YAML] posts and
+wondering what an answer to this question would look like.
+
+The Go command line tool was an incremental improvement over the CI scripts, but
+we still didn’t have a good way to handle the data values.  We were still
+templating YAML which didn’t catch errors early enough.  It was too easy to
+render invalid resources Kubernetes rejected, causing deployment problems.  I
+searched for a solution to manage helm values, something like Hiera which we
+knew well from Puppet, but not hierarchical because we knew it was important to
+trace where config values came from in an outage.  A few HN comments mentioned
+CUE, and an engineer we worked with at Twitter used CUE to configure Envoy at
+scale, so I gave it a try.  I quickly appreciated how CUE provides both strong
+type checking and validation of constraints, unifies all configuration data, and
+provides clarity into where values originate from.
+
+Take a look at Holos if you’re looking to implement the rendered manifests
+pattern or can’t shake that feeling it should be easier to integrate third party
+software into Kubernetes like we felt.
+
+1. [Helm Guide] Walks through how we solved the challenges we faced with the prometheus Helm charts.
+2. [Quickstart] Works through how a platform team can define golden paths for other teams using CUE.
+3. [Author API] provides an ergonomic way to work with Helm, Kustomize, and CUE resources.
+
+[Helm Guide]: /docs/guides/helm/
+[Guides]: /docs/guides/
+[API Reference]: /docs/api/
+[Quickstart]: /docs/quickstart/
+[Author API]: /docs/api/author/
+[Core API]: /docs/api/core/
+[Open Infrastructure Services]: https://openinfrastructure.co/
+[Why are we templating YAML]: https://hn.algolia.com/?dateRange=all&page=0&prefix=false&query=https%3A%2F%2Fleebriggs.co.uk%2Fblog%2F2019%2F02%2F07%2Fwhy-are-we-templating-yaml&sort=byDate&type=story
+
+[Holos]: https://holos.run/
+[Quickstart]: /docs/quickstart/
+
+[Helm]: https://helm.sh/
+[Kustomize]: https://kustomize.io/
+[CUE]: https://cuelang.org/
+[rendered manifests pattern]: https://akuity.io/blog/the-rendered-manifests-pattern/
+[prometheus community charts]: https://github.com/prometheus-community/helm-charts
+[kube-prometheus-stack]: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack

doc/website/blog/2024-10-28-why-cue.md

@@ -0,0 +1,123 @@
+---
+slug: why-cue-for-configuration
+title: Why CUE for Configuration
+authors: [jeff]
+tags: [holos, cue]
+image: /img/cards/why-cue.png
+description: Why we use CUE for configuration in Holos
+date: 2024-10-28T16:00
+---
+
+We selected [CUE](https://cuelang.org/) as the configuration language in Holos
+for a number of reasons described in this post.  The process was a combination
+of process by elimination and the unique way CUE _unifies_ configuration.
+
+<!-- truncate -->
+We evaluated a number of domain specific and general purpose languages before
+deciding on CUE.  The CUE website, GitHub issues, and Marcel's videos do a great
+job of explaining most of these reasons, so I'll summarize and cite them here.
+
+## DSL or GPL
+
+The first decision was if we should use a turing complete general purpose
+language, or a domain specific language (DSL).  We decided to use a DSL because
+we knew from hard won experience configuration with general purpose languages
+invites too many problems over time.
+
+1. Configuration easily becomes non-deterministic, especially when remote procedure calls are involved.
+2. Many general purpose languages support type checking, but few support constraints and validation of data.  We must write our own validation logic which often means validation happens haphazardly, if at all.
+3. Data is usually mutable, making it difficult to know where an output value came from.
+4. Configuration code is read much more frequently, and at more critical times like an outage, than it's written.  I felt this pain and I don't want anyone using Holos to feel that way.
+
+For these reasons we sought a domain specific language that focused on
+simplicity, readability, and data validation.  This quote from Marcel got my attention focused on CUE.
+
+> I would argue that for configuration languages maintainability and readability are more important even than for programming languages, because they are ofter viewed by a larger group, often need to be changed in emergency conditions, and also as they are supposed to convey a certain contract. Most configuration languages, like GCL (my own doing), are more like scripting languages, making it easier to crank out definitions of large swats of data compactly, but being harder to comprehend and modify later.
+
+Source: [Comparisons between CUE, Jsonnet, Shall, OPA, etc.](https://github.com/cuelang/cue/discussions/669#discussioncomment-306811)
+
+## Other DSLs
+
+### Template Engines
+
+Template engines are not exactly a domain specific language, but they're
+similar.  We already used Go templates in Helm to produce YAML, and previously
+used Jinja2 and ERB templates extensively for configuration tasks.
+
+The fundamental problem with text template engines is that they manipulate text,
+not data.  As a result, output is often rendered without error or indication the
+configuration is invalid until it is applied to the live system.  Errors need
+to be handled faster and earlier, ideally immediately as we're writing in our
+editor.
+
+For these reasons we can set aside all tools based on text templating.
+
+### Jsonnet
+
+Marcel and the CUE website explain this much better than I can.  We used Jsonnet
+to configure the kubernetes prometheus stack and experienced Jsonnet's lack of
+validation features first hand.
+
+> Like Jsonnet, CUE is a superset of JSON. They also are both influenced by GCL. CUE, in turn is influenced by Jsonnet. This may give the semblance that the languages are very similar. At the core, though, they are very different.
+> 
+> CUE’s focus is data validation whereas Jsonnet focuses on data templating (boilerplate removal). Jsonnet was not designed with validation in mind.
+> 
+> Jsonnet and GCL can be quite powerful at reducing boilerplate. The goal of CUE is not to be better at boilerplate removal than Jsonnet or GCL. CUE was designed to be an answer to two major shortcomings of these approaches: complexity and lack of typing. Jsonnet reduces some of the complexities of GCL, but largely falls into the same category. For CUE, the tradeoff was to add typing and reduce complexity (for humans and machines), at the expense of giving up flexibility.
+
+Source: [CUE Configuration Use Case - Jsonnet / GCL](https://cuelang.org/docs/concept/configuration-use-case/#jsonnet-gcl)
+
+Marcel answered this question in more depth earlier:
+
+> Jsonnet is based on BCL, an internal language at Google. It fixes a few things relative to BCL, but is mostly the same. This means it copies the biggest mistakes of BCL. Even though BCL is still widely used at Google, its issues are clear. It was just that the alternatives weren't that much better.
+> 
+> There are a myriad of issues with BCL (and Jsonnet and pretty much all of its descendants), but I will mention a couple:
+> 
+> 1. Most notably, the basic operation of composition of BCL/Jsonnet, inheritance, is not commutative and idempotent in the general case. In other words, order matters. This makes it, for humans, hard to track where values are coming from. But also, it makes it very complicated, if not impossible, to do any kind of automation. The complexity of inheritance is compounded by the fact that values can enter an object from one of several directions (super, overlay, etc.), and the order in which this happens matters. The basic operation of CUE is commutative, associative and idempotent. This order independence helps both humans and machines. The resulting model is much less complex.  
+> 2. Typing: most of the BCL offshoots do not allow for schema definitions. This makes it hard to detect any kind of typos or user errors. For a large code bases, no one will question a requirement to have a compiled/typed language. Why should we not require the same kind of rigor for data? Some offshoots of BCL internal to Google and also external have tried to address this a bit, but none quite satisfactory. In CUE types and values are the same thing. This makes things both easier than schema-based languages (less concepts to learn), but also more powerful. It allows for intuitive but also precise typing.  
+> 
+> There are many other issues, like handling cycles, unprincipled workarounds for hermeticity, poor tooling and so forth that make BCL and offsprings often awkward.  
+> 
+> So why CUE? Configuration is still largely an unsolved problem. We have tried using code to generate configs, or hybrid languages, but that often results in a mess. Using generators on databases doesn't allow keeping it sync with revision control. Simpler approaches like HCL and Kustomize recognize the complexity issue by removing a lot of it, but then sometimes become too weak, and actually also reintroduce some of this complexity with overlays (a poor man's inheritance, if you will, but with some of the same negative consequences). Other forms of removing complexity, for instance by just introducing simpler forms/ abstraction layers of configuration, may work within certain context but are domain-specific and relatively hard to maintain.  
+> 
+> So inheritance-based languages, for all its flaws, were the best we had. The idea behind CUE is to recognize that a declarative language is the best approach for many (not all) configuration problems, but to tackle the fundamental issues of these languages.  
+> 
+> The idea for CUE is actually not new. It was invented about 30 years ago and has been in use and further developed since that time in the field of computational linguistics, where the concept is used to encode entire lexicons as well as very detailed grammars of human languages. If you think about it, these are huge configurations that are often maintained by both computer scientists and linguists. You can see this as a proof of concept that large-scale, declarative configuration for a highly complex domain can work.  
+> 
+> CUE is a bit different from the languages used in linguistics and more tailored to the general configuration issue as we've seen it at Google. But under the hood it adheres strictly to the concepts and principles of these approaches and we have been careful not to make the same mistakes made in BCL (which then were copied in all its offshoots). It also means that CUE can benefit from 30 years of research on this topic. For instance, under the hood, CUE uses a first-order unification algorithm, allowing us to build template extractors based on anti-unification (see issue #7 and #15), something that is not very meaningful or even possible with languages like BCL and Jsonnet.
+
+Source: [how CUE differs from jsonnet](https://github.com/cuelang/cue/issues/33#issuecomment-483615374)
+
+### Dhall
+
+> Dhall addresses some of the issues of GCL and Jsonnet (like lack of typing), but lacks the detailed typing of CUE. But it still misses the most important property of CUE: its model of composability. Some of the benefits are explained in the above link. Conceptually, CUE is an aspect-oriented and constraint-based language. It allows you to specify fine-grained constraints on what are valid values. These constraints then double as templates, allowing to remove boilerplate often with the same efficacy as inheritance, even if it works very differently.
+
+Source [Comparisons between CUE, Jsonnet, Dhall, OPA, etc.](https://github.com/cuelang/cue/discussions/669#discussioncomment-306811)
+
+### Rego (OPA)
+
+> CUE also can be used for policy specification, like Rego (OPA).CUE unifies values, types, and constraints in a single continuum. As it is a constraint-based language first and foremost, it is well suited for defining policy. It is less developed in that area than Rego, but it I expect it will ultimately be better suited for policy. Note that Rego is based on Datalog, which is more of a query language at hart, giving it quite a different feel for defining policy than CUE. Both are logic programming languages, though, and share many of the same properties.
+
+Source [Comparisons between CUE, Jsonnet, Dhall, OPA, etc.](https://github.com/cuelang/cue/discussions/669#discussioncomment-306811)
+
+### PKL
+
+I didn't look deeply into [Pkl](https://github.com/apple/pkl) primarily because
+CUE, like Holos, is written in Go.  It was straight forward to integrate CUE 
+into Holos.
+
+### HCL
+
+I have extensive experience with HCL and found it challenging to work with at medium to large scales.
+
+See also: [CUE Configuration Use Case - HCL](https://cuelang.org/docs/concept/configuration-use-case/#hcl)
+
+## Editor Integration
+
+CUE has good support today for Visual Studio Code, and better support coming,
+see the [CUE LSP Roadmap](https://github.com/orgs/cue-lang/projects/15)
+
+## Additional Resources
+
+The video [Large-Scale Engineering of Configuration with Unification (Marcel van
+Lohuizen)](https://www.youtube.com/watch?v=jSRXobu1jHk) motivated me to go
+deeper and invest significant time into CUE.

doc/website/docusaurus.config.ts

@@ -116,6 +116,11 @@ const config: Config = {
           label: 'GitHub',
           position: 'right',
         },
+        {
+          href: 'https://discord.gg/JgDVbNpye7',
+          label: 'Discord',
+          position: 'right',
+        },
       ],
     },
     footer: {
@@ -150,8 +155,8 @@ const config: Config = {
               href: '/docs/support',
             },
             {
-              label: 'Announcements List',
-              href: 'https://groups.google.com/g/holos-announce',
+              label: 'Discord',
+              href: 'https://discord.gg/JgDVbNpye7',
             },
             {
               label: 'Discussion List',

doc/website/static/.well-known/atproto-did

@@ -0,0 +1 @@
+did:plc:7jly72mfd42u4fj4mfyovxqz

doc/website/static/img/github-mark-white.svg

@@ -0,0 +1 @@
+<svg width="98" height="96" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M48.854 0C21.839 0 0 22 0 49.217c0 21.756 13.993 40.172 33.405 46.69 2.427.49 3.316-1.059 3.316-2.362 0-1.141-.08-5.052-.08-9.127-13.59 2.934-16.42-5.867-16.42-5.867-2.184-5.704-5.42-7.17-5.42-7.17-4.448-3.015.324-3.015.324-3.015 4.934.326 7.523 5.052 7.523 5.052 4.367 7.496 11.404 5.378 14.235 4.074.404-3.178 1.699-5.378 3.074-6.6-10.839-1.141-22.243-5.378-22.243-24.283 0-5.378 1.94-9.778 5.014-13.2-.485-1.222-2.184-6.275.486-13.038 0 0 4.125-1.304 13.426 5.052a46.97 46.97 0 0 1 12.214-1.63c4.125 0 8.33.571 12.213 1.63 9.302-6.356 13.427-5.052 13.427-5.052 2.67 6.763.97 11.816.485 13.038 3.155 3.422 5.015 7.822 5.015 13.2 0 18.905-11.404 23.06-22.324 24.283 1.78 1.548 3.316 4.481 3.316 9.126 0 6.6-.08 11.897-.08 13.526 0 1.304.89 2.853 3.316 2.364 19.412-6.52 33.405-24.935 33.405-46.691C97.707 22 75.788 0 48.854 0z" fill="#fff"/></svg>

doc/website/static/img/github-mark.svg

@@ -0,0 +1 @@
+<svg width="98" height="96" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M48.854 0C21.839 0 0 22 0 49.217c0 21.756 13.993 40.172 33.405 46.69 2.427.49 3.316-1.059 3.316-2.362 0-1.141-.08-5.052-.08-9.127-13.59 2.934-16.42-5.867-16.42-5.867-2.184-5.704-5.42-7.17-5.42-7.17-4.448-3.015.324-3.015.324-3.015 4.934.326 7.523 5.052 7.523 5.052 4.367 7.496 11.404 5.378 14.235 4.074.404-3.178 1.699-5.378 3.074-6.6-10.839-1.141-22.243-5.378-22.243-24.283 0-5.378 1.94-9.778 5.014-13.2-.485-1.222-2.184-6.275.486-13.038 0 0 4.125-1.304 13.426 5.052a46.97 46.97 0 0 1 12.214-1.63c4.125 0 8.33.571 12.213 1.63 9.302-6.356 13.427-5.052 13.427-5.052 2.67 6.763.97 11.816.485 13.038 3.155 3.422 5.015 7.822 5.015 13.2 0 18.905-11.404 23.06-22.324 24.283 1.78 1.548 3.316 4.481 3.316 9.126 0 6.6-.08 11.897-.08 13.526 0 1.304.89 2.853 3.316 2.364 19.412-6.52 33.405-24.935 33.405-46.691C97.707 22 75.788 0 48.854 0z" fill="#24292f"/></svg>

doc/website/static/img/logo-holos-dark.svg

@@ -0,0 +1,4 @@
+<svg width="200" height="200" xmlns="http://www.w3.org/2000/svg">
+  <circle cx="100" cy="100" r="90" fill="#FDF6E3" stroke="#073642" stroke-width="4" />
+  <text x="50%" y="50%" text-anchor="middle" fill="#073642" font-size="96" dy=".35em" font-family="Arial, sans-serif" font-weight="bold">H</text>
+</svg>

doc/website/static/img/logo-holos.svg

@@ -0,0 +1,4 @@
+<svg width="200" height="200" xmlns="http://www.w3.org/2000/svg">
+  <circle cx="100" cy="100" r="90" stroke="#FDF6E3" fill="#073642" stroke-width="4" />
+  <text x="50%" y="50%" text-anchor="middle" fill="#FDF6E3" font-size="96" dy=".35em" font-family="Arial, sans-serif" font-weight="bold">H</text>
+</svg>

doc/website/static/img/logo-ois-dark.svg

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Created with Vectornator (http://vectornator.io/) -->
+<svg style="fill-rule:nonzero;clip-rule:evenodd;stroke-linecap:round;stroke-linejoin:round;" version="1.1" viewBox="0 0 605.044 336.948" xmlns="http://www.w3.org/2000/svg" xmlns:vectornator="http://vectornator.io" xmlns:xlink="http://www.w3.org/1999/xlink">
+<defs/>
+<g id="Logo" vectornator:layerName="Logo">
+<g opacity="1">
+<path d="M591.109 167.89C580.229 111.687 546.936 77.6261 491.282 65.5687C433.469 53.0447 384.362 69.3554 342.802 110.398C310.616 142.185 278.709 174.259 246.482 205.995C225.922 226.226 205.922 247.343 179.109 259.626C149.202 273.334 119.469 272.37 93.4157 251.847C66.8557 230.91 61.2157 201.791 69.349 169.809C81.5757 121.787 138.509 102.695 182.402 131.721C187.656 135.193 192.829 138.787 198.149 142.406C200.682 140.009 202.496 138.35 204.242 136.622C224.509 116.598 244.109 95.8634 265.162 76.7034C293.082 51.2821 325.909 36.9234 364.469 39.9821C377.656 41.0274 390.656 44.4154 406.242 47.1781C374.122 16.6794 338.802 2.73806 296.776 9.35939C257.362 15.5701 226.149 36.7381 199.789 65.6101C193.602 72.3927 188.029 74.0394 179.256 70.7394C168.722 66.7727 158.376 64.2394 148.229 63.0127L148.229 63.0087C148.216 63.0074 148.189 63.0074 148.176 63.0061C148.056 62.9914 147.936 62.9714 147.816 62.9581C147.802 62.9687 147.802 62.9767 147.789 62.9874C21.4957 55.3727 9.17567 165.405 9.17567 165.405C-2.58433 286.525 80.029 311.302 80.029 311.302L80.069 311.302C90.0823 315.263 100.456 318.062 111.029 320.229L111.042 320.25C111.042 320.25 112.962 320.745 116.509 321.295C117.456 321.47 118.402 321.653 119.349 321.819C119.376 321.781 119.402 321.745 119.416 321.706C138.362 324.111 187.416 325.538 246.122 289.946C246.242 289.951 246.376 289.939 246.496 289.95C284.176 252.225 321.882 214.525 359.722 176.97C377.829 159.006 394.296 138.981 418.056 127.409C455.242 109.302 501.269 117.934 522.642 147.982C539.616 171.834 541.616 197.893 529.402 223.943C516.682 251.057 493.776 265.733 464.016 266.622C423.082 267.846 382.082 267.358 341.122 267.277C332.309 267.259 325.469 269.946 319.336 276.357C306.549 289.741 293.216 302.61 280.202 315.782C278.402 317.595 275.269 320.245 272.429 323.437C276.522 323.878 281.362 324.021 283.762 324.023C330.429 324.065 377.096 324.385 423.762 323.905C446.856 323.666 470.549 324.903 492.896 320.317C561.376 306.267 604.602 237.579 591.109 167.89" fill="#fdf6e3" fill-rule="nonzero" opacity="1" stroke="none"/>
+<path d="M202.896 194.097C202.896 228.629 174.909 256.622 140.376 256.622C105.842 256.622 77.8423 228.629 77.8423 194.097C77.8423 159.565 105.842 131.57 140.376 131.57C174.909 131.57 202.896 159.565 202.896 194.097" fill="#fdf6e3" fill-rule="nonzero" opacity="1" stroke="none"/>
+</g>
+</g>
+</svg>

doc/website/static/img/logo-ois.svg

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Created with Vectornator (http://vectornator.io/) -->
+<svg style="fill-rule:nonzero;clip-rule:evenodd;stroke-linecap:round;stroke-linejoin:round;" version="1.1" viewBox="0 0 605.044 336.948" xmlns="http://www.w3.org/2000/svg" xmlns:vectornator="http://vectornator.io" xmlns:xlink="http://www.w3.org/1999/xlink">
+<defs/>
+<g id="Logo" vectornator:layerName="Logo">
+<g opacity="1">
+<path d="M591.109 167.89C580.229 111.687 546.936 77.6261 491.282 65.5687C433.469 53.0447 384.362 69.3554 342.802 110.398C310.616 142.185 278.709 174.259 246.482 205.995C225.922 226.226 205.922 247.343 179.109 259.626C149.202 273.334 119.469 272.37 93.4157 251.847C66.8557 230.91 61.2157 201.791 69.349 169.809C81.5757 121.787 138.509 102.695 182.402 131.721C187.656 135.193 192.829 138.787 198.149 142.406C200.682 140.009 202.496 138.35 204.242 136.622C224.509 116.598 244.109 95.8634 265.162 76.7034C293.082 51.2821 325.909 36.9234 364.469 39.9821C377.656 41.0274 390.656 44.4154 406.242 47.1781C374.122 16.6794 338.802 2.73806 296.776 9.35939C257.362 15.5701 226.149 36.7381 199.789 65.6101C193.602 72.3927 188.029 74.0394 179.256 70.7394C168.722 66.7727 158.376 64.2394 148.229 63.0127L148.229 63.0087C148.216 63.0074 148.189 63.0074 148.176 63.0061C148.056 62.9914 147.936 62.9714 147.816 62.9581C147.802 62.9687 147.802 62.9767 147.789 62.9874C21.4957 55.3727 9.17567 165.405 9.17567 165.405C-2.58433 286.525 80.029 311.302 80.029 311.302L80.069 311.302C90.0823 315.263 100.456 318.062 111.029 320.229L111.042 320.25C111.042 320.25 112.962 320.745 116.509 321.295C117.456 321.47 118.402 321.653 119.349 321.819C119.376 321.781 119.402 321.745 119.416 321.706C138.362 324.111 187.416 325.538 246.122 289.946C246.242 289.951 246.376 289.939 246.496 289.95C284.176 252.225 321.882 214.525 359.722 176.97C377.829 159.006 394.296 138.981 418.056 127.409C455.242 109.302 501.269 117.934 522.642 147.982C539.616 171.834 541.616 197.893 529.402 223.943C516.682 251.057 493.776 265.733 464.016 266.622C423.082 267.846 382.082 267.358 341.122 267.277C332.309 267.259 325.469 269.946 319.336 276.357C306.549 289.741 293.216 302.61 280.202 315.782C278.402 317.595 275.269 320.245 272.429 323.437C276.522 323.878 281.362 324.021 283.762 324.023C330.429 324.065 377.096 324.385 423.762 323.905C446.856 323.666 470.549 324.903 492.896 320.317C561.376 306.267 604.602 237.579 591.109 167.89" fill="#142831" fill-rule="nonzero" opacity="1" stroke="none"/>
+<path d="M202.896 194.097C202.896 228.629 174.909 256.622 140.376 256.622C105.842 256.622 77.8423 228.629 77.8423 194.097C77.8423 159.565 105.842 131.57 140.376 131.57C174.909 131.57 202.896 159.565 202.896 194.097" fill="#142831" fill-rule="nonzero" opacity="1" stroke="none"/>
+</g>
+</g>
+</svg>

hack/gendoc

@@ -1,5 +1,12 @@
 #! /bin/bash
 #
+
+tmpdir="$(mktemp -d)"
+finish() {
+  rm -rf "$tmpdir"
+}
+trap finish EXIT
+
 set -euo pipefail
 
 # Generate the documentation for the package the calls go:generate
@@ -10,8 +17,5 @@ gomarkdoc --output "doc/md/${package%/}.md" "./${package}"
 
 # Fix heading anchors by making them explicit
 # Refer to https://docusaurus.io/docs/markdown-features/toc#heading-ids
-stamp=$RANDOM
-# sed 's/^## type /## /' "doc/md/${package%/}.md" > "doc/md/${package%/}.md.${stamp}"
-
-sed -E 's/## type ([A-Za-z0-9_]+)/## type \1 {#\1}/' "doc/md/${package%/}.md" > "doc/md/${package%/}.md.${stamp}"
-mv "doc/md/${package%/}.md.${stamp}" "doc/md/${package%/}.md"
+sed -E 's/## type ([A-Za-z0-9_]+)/## type \1 {#\1}/' "doc/md/${package%/}.md" > "${tmpdir}/doc.md"
+cat "./${package%%/}/header.yaml" "${tmpdir}/doc.md" > "doc/md/${package%/}.md"

internal/cli/build/build.go

@@ -43,8 +43,9 @@ func makeBuildRunFunc(cfg *client.Config) command.RunFunc {
 }
 
 // New returns the build subcommand for the root command
-func New(cfg *holos.Config) *cobra.Command {
+func New(cfg *holos.Config, feature holos.Flagger) *cobra.Command {
 	cmd := command.New("build DIRECTORY")
+	cmd.Hidden = !feature.Flag(holos.BuildFeature)
 	cmd.Args = cobra.ExactArgs(1)
 	cmd.Short = "write kubernetes manifests to standard output"
 	cmd.Example = "  holos build components/argo/crds"

internal/cli/create/create.go

@@ -12,9 +12,10 @@ import (
 )
 
 // New returns the create command for the cli
-func New(cfg *holos.Config) *cobra.Command {
+func New(cfg *holos.Config, feature holos.Flagger) *cobra.Command {
 	cmd := command.New("create")
 	cmd.Short = "create resources"
+	cmd.Hidden = !feature.Flag(holos.ServerFeature)
 	cmd.Flags().SortFlags = false
 	cmd.RunE = func(c *cobra.Command, args []string) error {
 		return c.Usage()

internal/cli/destroy/delete.go

@@ -11,8 +11,9 @@ import (
 )
 
 // New returns the command for the cli
-func New(cfg *holos.Config) *cobra.Command {
+func New(cfg *holos.Config, feature holos.Flagger) *cobra.Command {
 	cmd := command.New("delete")
+	cmd.Hidden = !feature.Flag(holos.ServerFeature)
 	cmd.Aliases = []string{"destroy"}
 	cmd.Short = "delete resources"
 	cmd.Flags().SortFlags = false

internal/cli/generate/generate.go

@@ -14,14 +14,14 @@ import (
 )
 
 // New returns a new generate command.
-func New(cfg *holos.Config) *cobra.Command {
+func New(cfg *holos.Config, feature holos.Flagger) *cobra.Command {
 	cmd := command.New("generate")
 	cmd.Aliases = []string{"gen"}
 	cmd.Short = "generate local resources"
 	cmd.Args = cobra.NoArgs
 
 	cmd.AddCommand(NewPlatform(cfg))
-	cmd.AddCommand(NewComponent())
+	cmd.AddCommand(NewComponent(feature))
 
 	return cmd
 }
@@ -48,9 +48,10 @@ func NewPlatform(cfg *holos.Config) *cobra.Command {
 }
 
 // NewComponent returns a command to generate a holos component
-func NewComponent() *cobra.Command {
+func NewComponent(feature holos.Flagger) *cobra.Command {
 	cmd := command.New("component")
 	cmd.Short = "generate a component from an embedded schematic"
+	cmd.Hidden = !feature.Flag(holos.GenerateComponentFeature)
 
 	for _, name := range generate.Components("v1alpha3") {
 		cmd.AddCommand(makeSchematicCommand("v1alpha3", name))

internal/cli/get/get.go

@@ -16,8 +16,10 @@ import (
 )
 
 // New returns the get command for the cli.
-func New(hc *holos.Config) *cobra.Command {
+func New(hc *holos.Config, feature holos.Flagger) *cobra.Command {
 	cmd := command.New("get")
+	// not supported as of v0.97
+	cmd.Hidden = !feature.Flag(holos.ServerFeature)
 	cmd.Short = "get resources"
 	cmd.Aliases = []string{"list"}
 	cmd.Flags().SortFlags = false

internal/cli/kv/kv.go

@@ -10,8 +10,9 @@ import (
 )
 
 // New returns the kv root command for the cli
-func New(cfg *holos.Config) *cobra.Command {
+func New(cfg *holos.Config, feature holos.Flagger) *cobra.Command {
 	cmd := command.New("kv")
+	cmd.Hidden = !feature.Flag(holos.SecretsFeature)
 	cmd.Short = "work with secrets in the provisioner cluster"
 	cmd.Flags().SortFlags = false
 	cmd.RunE = func(c *cobra.Command, args []string) error {

internal/cli/login/login.go

@@ -13,8 +13,9 @@ import (
 )
 
 // New returns a new login command.
-func New(cfg *holos.Config) *cobra.Command {
+func New(cfg *holos.Config, feature holos.Flagger) *cobra.Command {
 	cmd := command.New("login")
+	cmd.Hidden = !feature.Flag(holos.ServerFeature)
 	cmd.Short = "log in by caching credentials"
 	var printClaims bool
 

internal/cli/logout/logout.go

@@ -11,8 +11,9 @@ import (
 	"github.com/spf13/cobra"
 )
 
-func New(cfg *holos.Config) *cobra.Command {
+func New(cfg *holos.Config, feature holos.Flagger) *cobra.Command {
 	cmd := command.New("logout")
+	cmd.Hidden = !feature.Flag(holos.ServerFeature)
 	cmd.Short = "log out by deleting cached credentials"
 	cmd.RunE = func(c *cobra.Command, args []string) error {
 		if err := os.RemoveAll(token.CacheDir); err != nil {

internal/cli/main.go

@@ -18,7 +18,8 @@ func MakeMain(options ...holos.Option) func() int {
 		cfg := holos.New(options...)
 		slog.SetDefault(cfg.Logger())
 		ctx := context.Background()
-		if err := New(cfg).ExecuteContext(ctx); err != nil {
+		feature := &holos.EnvFlagger{}
+		if err := New(cfg, feature).ExecuteContext(ctx); err != nil {
 			return HandleError(ctx, err, cfg)
 		}
 		return 0

internal/cli/preflight/preflight.go

@@ -25,10 +25,10 @@ func newConfig() (*config, *flag.FlagSet) {
 }
 
 // New returns the preflight command for the root command.
-func New(hc *holos.Config) *cobra.Command {
+func New(hc *holos.Config, feature holos.Flagger) *cobra.Command {
 	cfg, flagSet := newConfig()
-
 	cmd := command.New("preflight")
+	cmd.Hidden = !feature.Flag(holos.PreflightFeature)
 	cmd.Short = "run holos preflight checks"
 	cmd.Flags().AddGoFlagSet(flagSet)
 	cmd.RunE = makePreflightRunFunc(hc, cfg)

internal/cli/pull/pull.go

@@ -14,8 +14,9 @@ import (
 	"github.com/spf13/cobra"
 )
 
-func New(cfg *holos.Config) *cobra.Command {
+func New(cfg *holos.Config, feature holos.Flagger) *cobra.Command {
 	cmd := command.New("pull")
+	cmd.Hidden = !feature.Flag(holos.ServerFeature)
 	cmd.Short = "pull resources from holos server"
 	cmd.Args = cobra.NoArgs
 

internal/cli/push/push.go

@@ -14,9 +14,10 @@ import (
 	"github.com/spf13/cobra"
 )
 
-func New(cfg *holos.Config) *cobra.Command {
+func New(cfg *holos.Config, feature holos.Flagger) *cobra.Command {
 	cmd := command.New("push")
 	cmd.Short = "push resources to holos server"
+	cmd.Hidden = !feature.Flag(holos.ServerFeature)
 	cmd.Args = cobra.NoArgs
 
 	config := client.NewConfig(cfg)

internal/cli/register/register.go

@@ -10,8 +10,9 @@ import (
 )
 
 // New returns a new register command.
-func New(cfg *holos.Config) *cobra.Command {
+func New(cfg *holos.Config, feature holos.Flagger) *cobra.Command {
 	cmd := command.New("register")
+	cmd.Hidden = !feature.Flag(holos.ServerFeature)
 	cmd.Short = "rpc UserService.RegisterUser"
 	cmd.Long = "register with holos server"
 	cmd.Args = cobra.NoArgs

internal/cli/render/render.go

@@ -22,10 +22,10 @@ import (
 	"github.com/spf13/cobra"
 )
 
-func New(cfg *holos.Config) *cobra.Command {
+func New(cfg *holos.Config, feature holos.Flagger) *cobra.Command {
 	cmd := command.New("render")
 	cmd.Args = cobra.NoArgs
-	cmd.Short = "render platforms and components into the deploy/ directory"
+	cmd.Short = "render platforms and components to manifest files"
 	cmd.AddCommand(NewComponent(cfg))
 	cmd.AddCommand(NewPlatform(cfg))
 	return cmd
@@ -35,7 +35,7 @@ func New(cfg *holos.Config) *cobra.Command {
 func NewComponent(cfg *holos.Config) *cobra.Command {
 	cmd := command.New("component DIRECTORY")
 	cmd.Args = cobra.ExactArgs(1)
-	cmd.Short = "render specific components"
+	cmd.Short = "render a platform component"
 	cmd.Example = "  holos render component --inject holos_cluster=aws2 ./components/monitoring/kube-prometheus-stack"
 	cmd.Flags().AddGoFlagSet(cfg.WriteFlagSet())
 	cmd.Flags().AddGoFlagSet(cfg.ClusterFlagSet())

internal/cli/root.go

@@ -35,7 +35,7 @@ import (
 var helpLong string
 
 // New returns a new root *cobra.Command for command line execution.
-func New(cfg *holos.Config) *cobra.Command {
+func New(cfg *holos.Config, feature holos.Flagger) *cobra.Command {
 	rootCmd := &cobra.Command{
 		Use:     "holos",
 		Short:   "holos manages a holistic integrated software development platform",
@@ -67,36 +67,37 @@ func New(cfg *holos.Config) *cobra.Command {
 	rootCmd.PersistentFlags().AddGoFlagSet(cfg.LogFlagSet())
 
 	// subcommands
-	rootCmd.AddCommand(build.New(cfg))
-	rootCmd.AddCommand(render.New(cfg))
-	rootCmd.AddCommand(get.New(cfg))
-	rootCmd.AddCommand(create.New(cfg))
-	rootCmd.AddCommand(destroy.New(cfg))
-	rootCmd.AddCommand(preflight.New(cfg))
-	rootCmd.AddCommand(login.New(cfg))
-	rootCmd.AddCommand(logout.New(cfg))
-	rootCmd.AddCommand(token.New(cfg))
-	rootCmd.AddCommand(generate.New(cfg))
-	rootCmd.AddCommand(register.New(cfg))
-	rootCmd.AddCommand(pull.New(cfg))
-	rootCmd.AddCommand(push.New(cfg))
-	rootCmd.AddCommand(newOrgCmd())
+	rootCmd.AddCommand(build.New(cfg, feature))
+	rootCmd.AddCommand(render.New(cfg, feature))
+	rootCmd.AddCommand(get.New(cfg, feature))
+	rootCmd.AddCommand(create.New(cfg, feature))
+	rootCmd.AddCommand(destroy.New(cfg, feature))
+	rootCmd.AddCommand(preflight.New(cfg, feature))
+	rootCmd.AddCommand(login.New(cfg, feature))
+	rootCmd.AddCommand(logout.New(cfg, feature))
+	rootCmd.AddCommand(token.New(cfg, feature))
+	rootCmd.AddCommand(generate.New(cfg, feature))
+	rootCmd.AddCommand(register.New(cfg, feature))
+	rootCmd.AddCommand(pull.New(cfg, feature))
+	rootCmd.AddCommand(push.New(cfg, feature))
+	rootCmd.AddCommand(newOrgCmd(feature))
 
 	// Maybe not needed?
 	rootCmd.AddCommand(txtar.New(cfg))
 
 	// Deprecated, remove?
-	rootCmd.AddCommand(kv.New(cfg))
+	rootCmd.AddCommand(kv.New(cfg, feature))
 
 	// Server
-	rootCmd.AddCommand(server.New(cfg))
+	rootCmd.AddCommand(server.New(cfg, feature))
 
 	return rootCmd
 }
 
-func newOrgCmd() (cmd *cobra.Command) {
+func newOrgCmd(feature holos.Flagger) (cmd *cobra.Command) {
 	cmd = command.New("orgid")
 	cmd.Short = "print the current context org id."
+	cmd.Hidden = !feature.Flag(holos.ServerFeature)
 	cmd.RunE = func(cmd *cobra.Command, args []string) error {
 		ctx := cmd.Root().Context()
 		cc := holos.NewClientContext(ctx)

internal/cli/root_test.go

@@ -14,7 +14,7 @@ import (
 func newCommand() (*cobra.Command, *bytes.Buffer) {
 	var b1, b2 bytes.Buffer
 	// discard stdout for now, it's a bunch of usage messages.
-	cmd := New(holos.New(holos.Stdout(&b1), holos.Stderr(&b2)))
+	cmd := New(holos.New(holos.Stdout(&b1), holos.Stderr(&b2)), &holos.EnvFlagger{})
 	return cmd, &b2
 }
 
@@ -90,7 +90,7 @@ func TestInvalidArgs(t *testing.T) {
 	}
 	for _, args := range invalidArgs {
 		var b bytes.Buffer
-		cmd := New(holos.New(holos.Stdout(&b)))
+		cmd := New(holos.New(holos.Stdout(&b)), &holos.EnvFlagger{})
 		cmd.SetArgs(args)
 		err := cmd.Execute()
 		if err == nil {
@@ -115,7 +115,7 @@ func TestLoggerFromContext(t *testing.T) {
 
 func TestVersion(t *testing.T) {
 	var b bytes.Buffer
-	cmd := New(holos.New(holos.Stdout(&b)))
+	cmd := New(holos.New(holos.Stdout(&b)), &holos.EnvFlagger{})
 	cmd.SetOut(&b)
 	cmd.SetArgs([]string{"--version"})
 	if err := cmd.Execute(); err != nil {

internal/cli/secret/secret_test.go

@@ -77,7 +77,7 @@ func cmdHolos(ts *testscript.TestScript, neg bool, args []string) {
 		holos.Stderr(ts.Stderr()),
 	)
 
-	cmd := cli.New(cfg)
+	cmd := cli.New(cfg, &holos.EnvFlagger{})
 	cmd.SetArgs(args)
 	err := cmd.Execute()
 

internal/cli/token/token.go

@@ -13,8 +13,9 @@ import (
 )
 
 // New returns a new login command.
-func New(cfg *holos.Config) *cobra.Command {
+func New(cfg *holos.Config, feature holos.Flagger) *cobra.Command {
 	cmd := command.New("token")
+	cmd.Hidden = !feature.Flag(holos.ServerFeature)
 	cmd.Short = "write id token to stdout"
 	cmd.Long = "Useful with curl / grpcurl -H $(holos token)"
 

internal/generate/platforms/cue.mod/gen/github.com/holos-run/holos/api/core/v1alpha4/types_go_gen.cue

@@ -392,7 +392,7 @@ package v1alpha4
 	// Model represents the platform model holos gets from from the
 	// PlatformService.GetPlatform rpc method and provides to CUE using a tag.
 	// Injected as the tag "holos_model".
-	model: {...} @go(Model,map[string]any)
+	model?: {...} @go(Model,map[string]any)
 
 	// Tags represents cue @tag variables injected into the holos render component
 	// command from the holos render platform command.  Tags with a "holos_"

internal/generate/platforms/cue.mod/pkg/github.com/holos-run/holos/api/author/v1alpha4/definitions.cue

@@ -59,18 +59,33 @@ import (
 			artifact: "\(_path)/\(Name).gen.yaml"
 			let ResourcesOutput = "resources.gen.yaml"
 			let IntermediateOutput = "combined.gen.yaml"
-			generators: [{
-				kind:      "Resources"
-				output:    ResourcesOutput
-				resources: Resources
-			}]
+			generators: [
+				{
+					kind:      "Resources"
+					output:    ResourcesOutput
+					resources: Resources
+				},
+				for x in KustomizeConfig.Files {
+					kind:   "File"
+					output: x.Source
+					file: source: x.Source
+				},
+				for x in KustomizeConfig.Resources {
+					kind:   "File"
+					output: x.Source
+					file: source: x.Source
+				},
+			]
 			transformers: [
 				core.#Transformer & {
 					kind: "Kustomize"
-					inputs: [ResourcesOutput]
+					inputs: [for x in generators {x.output}]
 					output: IntermediateOutput
 					kustomize: kustomization: KustomizeConfig.Kustomization & {
-						resources: inputs
+						resources: [
+							ResourcesOutput,
+							for x in KustomizeConfig.Resources {x.Source},
+						]
 					}
 				},
 				_Transformer & {

internal/generate/platforms/generate.go

@@ -1,16 +1,19 @@
 package platforms
 
+// TODO: Remove env GODEBUG=gotypesalias=0 when cue 0.11 is released and used.
+// See: https://github.com/cue-lang/cue/issues/3539
+
 //go:generate rm -rf cue.mod/gen/github.com/holos-run/holos/api/v1alpha1
-//go:generate cue get go github.com/holos-run/holos/api/v1alpha1/...
+//go:generate env GODEBUG=gotypesalias=0 cue get go github.com/holos-run/holos/api/v1alpha1/...
 
 //go generate rm -rf cue.mod/gen/github.com/holos-run/holos/api/core
-//go:generate cue get go github.com/holos-run/holos/api/core/...
+//go:generate env GODEBUG=gotypesalias=0 cue get go github.com/holos-run/holos/api/core/...
 
 //go generate rm -rf cue.mod/gen/github.com/holos-run/holos/api/meta
-//go:generate cue get go github.com/holos-run/holos/api/meta/...
+//go:generate env GODEBUG=gotypesalias=0 cue get go github.com/holos-run/holos/api/meta/...
 
 //go generate rm -rf cue.mod/gen/github.com/holos-run/holos/api/author
-//go:generate cue get go github.com/holos-run/holos/api/author/...
+//go:generate env GODEBUG=gotypesalias=0 cue get go github.com/holos-run/holos/api/author/...
 
 //go generate rm -rf cue.mod/gen/github.com/holos-run/holos/service/gen/holos/object
 //go:generate cue import ../../../service/holos/object/v1alpha1/object.proto -o cue.mod/gen/github.com/holos-run/holos/service/gen/holos/object/v1alpha1/object.proto_gen.cue -I ../../../proto -f

internal/generate/platforms/v1alpha4/fleets.cue

@@ -0,0 +1,8 @@
+package holos
+
+import api "github.com/holos-run/holos/api/author/v1alpha4"
+
+// Manage a workload cluster named local for use with the guides.
+_Fleets: api.#StandardFleets & {
+	workload: clusters: local: _
+}

internal/generate/platforms/v1alpha4/platform/platform.gen.cue

@@ -2,9 +2,9 @@ package holos
 
 import api "github.com/holos-run/holos/api/author/v1alpha4"
 
-#Platform: api.#Platform & {
-	Name: "guide"
+_Platform: api.#Platform & {
+	Name: "default"
 }
 
 // Render a Platform resource for holos to process
-#Platform.Resource
+_Platform.Resource

internal/generate/platforms/v1alpha4/schema.cue

@@ -2,9 +2,6 @@ package holos
 
 import api "github.com/holos-run/holos/api/author/v1alpha4"
 
-// Manage a workload cluster named workload for use with the guides.
-#Fleets: api.#StandardFleets
-
 // Define the default organization name.
 #Organization: api.#OrganizationStrict & {
 	DisplayName: string | *"Bank of Holos"

internal/holos/types.go

@@ -2,6 +2,7 @@ package holos
 
 import (
 	"fmt"
+	"os"
 	"strings"
 )
 
@@ -25,3 +26,23 @@ func (i *StringSlice) Set(value string) error {
 	}
 	return nil
 }
+
+type feature string
+
+const BuildFeature = feature("BUILD")
+const ServerFeature = feature("SERVER")
+const PreflightFeature = feature("PREFLIGHT")
+const GenerateComponentFeature = feature("GENERATE_COMPONENT")
+const SecretsFeature = feature("SECRETS")
+
+// Flagger is the interface to check if an experimental feature is enabled.
+type Flagger interface {
+	Flag(name feature) bool
+}
+
+type EnvFlagger struct{}
+
+func (e *EnvFlagger) Flag(name feature) bool {
+	envVar := "HOLOS_FEATURE_" + strings.ToUpper(string(name))
+	return os.Getenv(envVar) != ""
+}

internal/server/cli.go

@@ -26,11 +26,12 @@ import (
 var helpLong string
 
 // New builds a root cobra command with flags linked to the Config field.
-func New(cfg *holos.Config) *cobra.Command {
+func New(cfg *holos.Config, feature holos.Flagger) *cobra.Command {
 	cmd := &cobra.Command{
-		Use:   "server",
-		Short: "run the holos server",
-		Long:  helpLong,
+		Use:    "server",
+		Short:  "run the holos server",
+		Hidden: !feature.Flag(holos.ServerFeature),
+		Long:   helpLong,
 		// We handle our own errors.
 		SilenceUsage:  true,
 		SilenceErrors: true,

version/embedded/patch

@@ -1 +1 @@
-0
+2