package-channel-policy
Package Channel Policy
This document is the source of truth for GHCR package visibility and intended usage.
Channel matrix
| Channel | Package | Visibility | Audience | Used by |
|---|---|---|---|---|
| Public | ghcr.io/<org>/aisopsflow-core |
public | general users, plugin developers | public quickstart compose |
| Public | ghcr.io/<org>/aisopsflow-runner |
public | general users, plugin developers | public quickstart compose |
| Public | ghcr.io/<org>/aisopsflow-console |
public | general users, operators | public and customer deployments |
| Commercial | ghcr.io/<org>/aisopsflow-core-commercial |
private | paid customers | commercial deployment assets |
| Commercial | ghcr.io/<org>/aisopsflow-runner-commercial |
private | paid customers | commercial deployment assets |
| Commercial | ghcr.io/<org>/aisopsflow-console-commercial |
private | paid customers | commercial deployment assets |
Required settings
- repository source remains private
- public packages must not inherit customer-only metadata
- commercial packages must not be made public for convenience
- public and commercial package READMEs should describe different intended usage
Tag policy
Public packages:
core-vX.Y.Zrunner-vX.Y.Zconsole-vX.Y.Zrelease-vX.Y.Z
Commercial packages:
commercial-core-vX.Y.Zcommercial-runner-vX.Y.Zcommercial-console-vX.Y.Zcommercial-release-vX.Y.Z
Quickstart boundary
aisopsflow-plugin-sdk/deploy/docker-compose.public.ymlmay reference only the public package names- commercial deployment assets must reference only the commercial package names
- public docs must never ask users to authenticate to pull the public channel