Tracking issue for the worker pairing + sharing capability. Spec at docs/superpowers/specs/2026-04-14-worker-sharing-design.md.
Sharing is the load-bearing new capability. Pairing is the prereq the spec lifts to first-class with an OTP flow that doesn't require editing config files.
Phases
Each phase ships something useful on its own.
Phase 1 — Pairing + tier A sharing
The smallest end-to-end useful slice. Friends-and-family GPU lending works at this point.
- OTP generation in worker tray + CLI
/api/cluster/pair flow- Cluster app pairing UI
- Trust tier A only (inference)
- Owner-issued share creation
- Capability allowlist + concurrent-jobs limit
- Per-share expiry + manual revoke
- Recipient borrowed-worker UI (badge + colour border)
- Owner observability (notifications + Activity card)
- Discovery for cloud-account users
Phase 2 — Tier B + storage + encryption
- Trust tier B (scoped writes)
- Storage quotas + worker disk floor
- Encrypted volumes (LUKS-inside-container; gocryptfs fallback)
- Pause without revoke
Phase 3 — Tier C + container isolation
- Trust tier C (full agent host)
- Tier C container management on the worker side
- Audit logging
Phase 4 — Recipient-requested shares + Headscale relay
- Recipient-initiated request flow
- Cloud-account contact picker
- Headscale-routed connections for cloud-account users behind NAT
Phase 5 — Follow-ups (scoped at the time)
- Firecracker microVM isolation
- Time windows, compute budgets, model allowlist
- Ranked priority between sharers
- Cross-controller share inheritance
- Confidential computing path
Related existing issues
These either become absorbed into a phase or stay separate but coordinate:
Acceptance for the epic
This issue stays open until all five phases either ship or get explicitly descoped. Each phase gets its own implementation-plan PR and per-phase tracking.
Tracking issue for the worker pairing + sharing capability. Spec at docs/superpowers/specs/2026-04-14-worker-sharing-design.md.
Sharing is the load-bearing new capability. Pairing is the prereq the spec lifts to first-class with an OTP flow that doesn't require editing config files.
Phases
Each phase ships something useful on its own.
Phase 1 — Pairing + tier A sharing
The smallest end-to-end useful slice. Friends-and-family GPU lending works at this point.
/api/cluster/pairflowPhase 2 — Tier B + storage + encryption
Phase 3 — Tier C + container isolation
Phase 4 — Recipient-requested shares + Headscale relay
Phase 5 — Follow-ups (scoped at the time)
Related existing issues
These either become absorbed into a phase or stay separate but coordinate:
Acceptance for the epic
This issue stays open until all five phases either ship or get explicitly descoped. Each phase gets its own implementation-plan PR and per-phase tracking.