Alembic Complete Visual Course

Infra and deployment

DevOps-as-code for the three-plane topology: host, droplet, and CI.

Read the plain version, or open the technical layer on any section.

Three-plane topology

@alembic/infra encodes the operational topology of Alembic:

Host (Mac): local models, agent-browser, nightly cron jobs. Private.
Droplet (DigitalOcean): public TLS termination, council-api, gateway. The only public plane.
CI (GitHub Actions): builds, tests, deploys. Stateless.

The package ships Terraform, Docker Compose, Caddy, launchd, and GitHub Actions artifacts as sibling directories, and exposes a typed config validator with no external dependencies.

Think of it like… a city plan: residential (host), downtown (droplet), and construction yard (CI), each with its own zoning rules.

Under the hood

parseInfraConfig validates DigitalOcean and GitHub config without throwing. findExposureViolations enforces that only droplet workloads may be public. Provisioning helpers for Terraform, docker compose, and launchd are currently dry-run stubs. Secrets are referenced by env-var name, never inlined.

In one picture

Host is private, droplet is the only public plane, CI is stateless.

In the code

# existing CI workflow
.github/workflows/ci.yml

# infra artifact directories
packages/infra/terraform
packages/infra/docker
packages/infra/caddy
packages/infra/host

Implementation notes

The CI workflow installs pnpm, runs typecheck/build/test, runs alembic doctor --json, and runs impeccable detect as a design gate. Infra provisioning helpers are TODOs awaiting real credentials and apply logic.

Try it

Read packages/infra/src/topology.ts and list the default workloads. Which plane is each on?

Design: Why must the host plane never be public?

Quick check

Which plane is allowed to be public?

host droplet ci all three