You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Tracking issue for completing the OSS release of mlxcel. The repository was flipped to PUBLIC on 2026-05-18 and v0.0.27 is now published as the first public stable release. This issue tracks remaining hardening, community-health, and verification work so the public release can be considered fully ready for external contributors.
v0.0.27 live functional verification (Gemma 4 MTP / Qwen 3.5 DFlash byte-equality, /v1/responses cancel-in-flight, downloader progress bars, APC partial adoption) is tracked in a separate issue (#2) and is intentionally out of scope here.
Done so far
Repository metadata & community basics
LICENSE (Apache 2.0) added at repo root
Public-facing README.md rewritten
CODE_OF_CONDUCT.md (Contributor Covenant) added
AGENTS.md contributor guide added
Public docs/ set added: architecture.md, adding-models.md, benchmarks.md, code-guidelines.md, distributed.md, environment-variables.md, installation.md, responses-api.md, supported-models.md, turbo-kv-cache.md, README.md
.gitleaksignore added with 15 known false-positive findings
mlxcel-core/Cargo.toml license aligned to Apache-2.0
release.yml: github.repository == 'lablup/mlxcel' guard against fork workflow_dispatch
release.yml: persist-credentials: false on every actions/checkout@v6 step
pipeline-parallel-ci.yml: fork-PR guard on both two-host-logical and three-host-real-model jobs
update_homebrew_formula.yml: new workflow (port from lablup/all-smi) that updates Formula/mlxcel.rb on lablup/homebrew-tap after each Release completes — workflow_run + workflow_dispatch, gnu-sed in-place version/url/sha256 replace, single macOS Apple Silicon artifact, 1 MB undersized-download abort, idempotent commit (no empty commit on re-run), uses org-wide HOMEBREW_TAP_TOKEN
GitHub project setup
packaging deployment environment created on lablup/mlxcel
packaging env deployment branch policy restricted to v* tags + main branch
Signing secrets registered on packaging env: DEV_ID_CERT_P12, DEV_ID_CERT_PASSWORD (verified)
TEAMS_RELEASE_NOTIFICATION_WORKFLOW_URL added to org-level secret access list for lablup/mlxcel
v0.0.27 published as stable (isPrerelease: false) — first public release
Remaining work
A. Required before fully trusting the release pipeline
packaging environment required reviewers — inureyes registered as required reviewer on 2026-05-18 with prevent_self_review: false (verified via gh api repos/lablup/mlxcel/environments/packaging). Current configuration provides an "abort window" before deployment proceeds rather than a true 4-eyes gate — self-trigger + self-approve is possible by design while release tooling is being automated. Follow-up (deferred): hardening to a real 4-eyes gate tracked in chore: harden packaging environment to enforce 4-eyes review on signed releases #6 — triggered once release tooling is fully automated.
Self-hosted runner group access — configured on 2026-05-18 via org settings UI: lablup/mlxcel is included in the runner group's Repository access list and "Allow public repositories" is enabled on the group containing self-hosted-macos-26-arm64 and GB10 runners. Static API verification (gh api orgs/lablup/actions/runner-groups) requires admin:org scope and was not re-run; the UI change is trusted.
main branch protection — applied via Repository Ruleset main protection (ruleset ID 16521084, enforcement: active, target ~DEFAULT_BRANCH, bypass actors empty). Rules: deletion (deletion blocked) + non_fast_forward (force-push blocked). Required PR review and required status checks were deliberately not included in this initial scope — the ruleset focuses on preventing accidental destructive operations.
TEAMS_RELEASE_NOTIFICATION_WORKFLOW_URL static verification — verified via GitHub UI on 2026-05-18 (org settings → Actions secrets → TEAMS_RELEASE_NOTIFICATION_WORKFLOW_URL → Repository access). lablup/mlxcel is present in the "Selected repositories" list.
B. Community health files (50% → 100% community profile health after PR #3)
All B-section items shipped in PR #3 (squash-merged as cb2002b):
CONTRIBUTING.md — entry-level contributor guide, points to AGENTS.md for the deep working contract
.github/ISSUE_TEMPLATE/bug_report.yml — structured form
.github/ISSUE_TEMPLATE/feature_request.yml — structured form
.github/ISSUE_TEMPLATE/config.yml — disables blank issues; routes security to private advisory, questions to Discussions, upstream MLX bugs to ml-explore/mlx
.github/PULL_REQUEST_TEMPLATE.md — summary + test plan + conventional-commit checklist
CITATION.cff — Citation File Format v1.2.0, Apache-2.0, v0.0.27
C. Homebrew end-to-end verification
Trigger the first auto-bump from a real release (either re-run update_homebrew_formula.yml for v0.0.27 via workflow_dispatch, or wait for the next release) and confirm the placeholder SHA256 in lablup/homebrew-tap/Formula/mlxcel.rb is replaced with the real hash of mlxcel-macos-aarch64.zip.
Verify brew tap lablup/tap && brew install mlxcel works end-to-end on a clean macOS Sonoma+ Apple Silicon machine — both mlxcel and mlxcel-server invocable, mlx.metallib colocated, GPU inference works.
D. Security / quality posture for PUBLIC repo
Re-run gitleaks detect against the now-public history — gitleaks 8.30.1 on 2026-05-18, 564 commits / 16.43 MB scanned in 3.31s → no leaks found, .gitleaksignore in effect.
Secret Scanning enabled + Push Protection enabled (verified via gh api repos/lablup/mlxcel --jq .security_and_analysis on 2026-05-18)
Dependabot version updates — .github/dependabot.yml merged in PR chore: add OSS security automation and community health files #3 (cb2002b): cargo (root, mlxcel-core, mlxcel-surgery) + github-actions, weekly Monday 09:00 KST. First run: next Monday 09:00 KST.
Dependabot security updates — enabled on 2026-05-18 (verified via gh api repos/lablup/mlxcel --jq .security_and_analysis.dependabot_security_updates.status → enabled); auto-PRs will fire for new RUSTSEC/CVE advisories independent of the weekly version-updates schedule
Private vulnerability reporting — enabled on 2026-05-18 (verified via gh api repos/lablup/mlxcel/private-vulnerability-reporting → enabled: true); GitHub Security Advisories channel referenced in SECURITY.md (PR chore: add OSS security automation and community health files #3)
Add status badges to README.md (license, latest release, CI status) — merged in PR chore: add OSS security automation and community health files #3 (cb2002b). Homebrew badge omitted because lablup/tap is a third-party tap and shields.io's homebrew/v badge only resolves against homebrew-core.
Verify all internal links in docs/ resolve in the rendered PUBLIC view — no docs_internal/ references found in docs/, README.md, CONTRIBUTING.md, SECURITY.md, or AGENTS.md (verified via grep -rn docs_internal on 2026-05-18).
Add a "How to contribute" pointer from README.md to CONTRIBUTING.md — merged in PR chore: add OSS security automation and community health files #3 (cb2002b): Contributing section now links to CONTRIBUTING.md for the contributor workflow + SECURITY.md for vulnerability reports.
Tracking issue for completing the OSS release of
mlxcel. The repository was flipped to PUBLIC on 2026-05-18 andv0.0.27is now published as the first public stable release. This issue tracks remaining hardening, community-health, and verification work so the public release can be considered fully ready for external contributors.v0.0.27live functional verification (Gemma 4 MTP / Qwen 3.5 DFlash byte-equality,/v1/responsescancel-in-flight, downloader progress bars, APC partial adoption) is tracked in a separate issue (#2) and is intentionally out of scope here.Done so far
Repository metadata & community basics
LICENSE(Apache 2.0) added at repo rootREADME.mdrewrittenCODE_OF_CONDUCT.md(Contributor Covenant) addedAGENTS.mdcontributor guide addeddocs/set added:architecture.md,adding-models.md,benchmarks.md,code-guidelines.md,distributed.md,environment-variables.md,installation.md,responses-api.md,supported-models.md,turbo-kv-cache.md,README.md.gitleaksignoreadded with 15 known false-positive findingsmlxcel-core/Cargo.tomllicense aligned toApache-2.0README.mdbenchmark snapshot refreshed (de64cb8)CI / release pipeline hardening (bbc5777)
release.yml: default-deny top-levelpermissions: {}+ per-job grantsrelease.yml:github.repository == 'lablup/mlxcel'guard against forkworkflow_dispatchrelease.yml:persist-credentials: falseon everyactions/checkout@v6steppipeline-parallel-ci.yml: fork-PR guard on bothtwo-host-logicalandthree-host-real-modeljobsupdate_homebrew_formula.yml: new workflow (port fromlablup/all-smi) that updatesFormula/mlxcel.rbonlablup/homebrew-tapafter each Release completes — workflow_run + workflow_dispatch, gnu-sed in-place version/url/sha256 replace, single macOS Apple Silicon artifact, 1 MB undersized-download abort, idempotent commit (no empty commit on re-run), uses org-wideHOMEBREW_TAP_TOKENGitHub project setup
packagingdeployment environment created onlablup/mlxcelpackagingenv deployment branch policy restricted tov*tags +mainbranchpackagingenv:DEV_ID_CERT_P12,DEV_ID_CERT_PASSWORD(verified)TEAMS_RELEASE_NOTIFICATION_WORKFLOW_URLadded to org-level secret access list forlablup/mlxcelHomebrew tap
lablup/homebrew-tapplaceholder commit (5304231) —Formula/mlxcel.rbwritten withdepends_on macos: :sonoma,depends_on arch: :arm64,libexec.install \"mlxcel\", \"mlxcel-server\", \"mlx.metallib\"+bin.write_exec_scripttwice (mlxdevice.cpp:106colocation pattern)Public flip
lablup/mlxcelvisibility flipped to PUBLICv0.0.27published as stable (isPrerelease: false) — first public releaseRemaining work
A. Required before fully trusting the release pipeline
packagingenvironment required reviewers —inureyesregistered as required reviewer on 2026-05-18 withprevent_self_review: false(verified viagh api repos/lablup/mlxcel/environments/packaging). Current configuration provides an "abort window" before deployment proceeds rather than a true 4-eyes gate — self-trigger + self-approve is possible by design while release tooling is being automated. Follow-up (deferred): hardening to a real 4-eyes gate tracked in chore: harden packaging environment to enforce 4-eyes review on signed releases #6 — triggered once release tooling is fully automated.lablup/mlxcelis included in the runner group's Repository access list and "Allow public repositories" is enabled on the group containingself-hosted-macos-26-arm64andGB10runners. Static API verification (gh api orgs/lablup/actions/runner-groups) requiresadmin:orgscope and was not re-run; the UI change is trusted.mainbranch protection — applied via Repository Rulesetmain protection(ruleset ID16521084, enforcement: active, target~DEFAULT_BRANCH, bypass actors empty). Rules:deletion(deletion blocked) +non_fast_forward(force-push blocked). Required PR review and required status checks were deliberately not included in this initial scope — the ruleset focuses on preventing accidental destructive operations.TEAMS_RELEASE_NOTIFICATION_WORKFLOW_URLstatic verification — verified via GitHub UI on 2026-05-18 (org settings → Actions secrets →TEAMS_RELEASE_NOTIFICATION_WORKFLOW_URL→ Repository access).lablup/mlxcelis present in the "Selected repositories" list.B. Community health files (50% → 100% community profile health after PR #3)
All B-section items shipped in PR #3 (squash-merged as
cb2002b):CONTRIBUTING.md— entry-level contributor guide, points toAGENTS.mdfor the deep working contractSECURITY.md— 90-day coordinated disclosure, severity-based timelines, mlxcel-specific in/out-of-scope sections.github/ISSUE_TEMPLATE/bug_report.yml— structured form.github/ISSUE_TEMPLATE/feature_request.yml— structured form.github/ISSUE_TEMPLATE/config.yml— disables blank issues; routes security to private advisory, questions to Discussions, upstream MLX bugs toml-explore/mlx.github/PULL_REQUEST_TEMPLATE.md— summary + test plan + conventional-commit checklistCITATION.cff— Citation File Format v1.2.0, Apache-2.0, v0.0.27C. Homebrew end-to-end verification
update_homebrew_formula.ymlforv0.0.27viaworkflow_dispatch, or wait for the next release) and confirm the placeholder SHA256 inlablup/homebrew-tap/Formula/mlxcel.rbis replaced with the real hash ofmlxcel-macos-aarch64.zip.brew tap lablup/tap && brew install mlxcelworks end-to-end on a clean macOS Sonoma+ Apple Silicon machine — bothmlxcelandmlxcel-serverinvocable,mlx.metallibcolocated, GPU inference works.D. Security / quality posture for PUBLIC repo
gitleaks detectagainst the now-public history —gitleaks 8.30.1on 2026-05-18, 564 commits / 16.43 MB scanned in 3.31s → no leaks found,.gitleaksignorein effect.gh api repos/lablup/mlxcel --jq .security_and_analysison 2026-05-18).github/dependabot.ymlmerged in PR chore: add OSS security automation and community health files #3 (cb2002b): cargo (root,mlxcel-core,mlxcel-surgery) +github-actions, weekly Monday 09:00 KST. First run: next Monday 09:00 KST.gh api repos/lablup/mlxcel --jq .security_and_analysis.dependabot_security_updates.status→enabled); auto-PRs will fire for new RUSTSEC/CVE advisories independent of the weekly version-updates schedulecargo-deny(advisories + licenses + sources) in PR chore: add OSS security automation and community health files #3 — Rust CodeQL is beta-tier with low signal for cargo cratesgh api repos/lablup/mlxcel/private-vulnerability-reporting→enabled: true); GitHub Security Advisories channel referenced inSECURITY.md(PR chore: add OSS security automation and community health files #3)cargo-denygate via.github/workflows/ci.yml— merged in PR chore: add OSS security automation and community health files #3 (cb2002b): runscargo deny checkon every Rust-touching push/PR via theEmbarkStudios/cargo-deny-action@v2action onubuntu-latest. Originally not listed in the issue (gap discovered while writing PR chore: add OSS security automation and community health files #3 — mlxcel had no general PR-time audit gate); closes the "external PR can land without security audit" risk surface. Self-verified — PR chore: add OSS security automation and community health files #3's own push triggered the workflow and the cargo-deny job passed before merge.E. Documentation polish for external readers
README.md(license, latest release, CI status) — merged in PR chore: add OSS security automation and community health files #3 (cb2002b). Homebrew badge omitted becauselablup/tapis a third-party tap and shields.io'shomebrew/vbadge only resolves against homebrew-core.docs/resolve in the rendered PUBLIC view — nodocs_internal/references found indocs/,README.md,CONTRIBUTING.md,SECURITY.md, orAGENTS.md(verified viagrep -rn docs_internalon 2026-05-18).README.mdtoCONTRIBUTING.md— merged in PR chore: add OSS security automation and community health files #3 (cb2002b): Contributing section now links toCONTRIBUTING.mdfor the contributor workflow +SECURITY.mdfor vulnerability reports.Out of scope (tracked elsewhere)
v0.0.27live functional verification (Gemma 4 MTP / Qwen 3.5 DFlash byte-equality,/v1/responsescancel-in-flight, downloader progress bars, APC partial cache adoption) → test: v0.0.27 live verification (post-OSS-release) #2cargo fmtdrift cleanup (214 violations) + fmt CI gate → chore: reformat tree with cargo fmt and add fmt to CI gate #4cargo clippy+cargo testPR-level gate (self-hosted macOS arm64) → ci: add clippy and cargo test gates to ci.yml via self-hosted macOS runner #5packagingenvironment 4-eyes hardening (deferred until release tooling is fully automated) → chore: harden packaging environment to enforce 4-eyes review on signed releases #6mlxcel-core/mlxcel-surgeryworkspace member conversion (unifies Cargo.lock + simplifies Dependabot) → refactor: convert mlxcel-core and mlxcel-surgery into workspace members #7bincode1.x migration to a maintained alternative (RUSTSEC-2025-0141, currently indeny.tomlignore list with justification) → refactor: migrate mlxcel-core off unmaintained bincode 1.x #8References
b948e79(OSS-release metadata),de64cb8(README benchmark refresh),bbc5777(release pipeline + homebrew bump workflow),cb2002b(PR chore: add OSS security automation and community health files #3 — security automation + community health + ci.yml + README polish)