Architecture

A NOME Build Cloud pipeline runs as ordered stages: build → test → review → sign → gate → deploy → observe → rollback-on-failure. Each stage emits typed receipts attached to a canonical work item, so you can see exactly what ran, on which host, under which route, and at what cost.

The build stage runs your image and artifact builds with a warm BuildKit cache scoped to the project. Unchanged layers are reused from content-addressed cache; only changed work executes. Build runs on the runner you select — owner-edge or NOME cloud. See BuildKit cache.

The test stage shards the suite across available runners to cut wall-clock time, then applies smart reruns to flaky or failed tests instead of re-running the whole matrix. Per-shard results roll up into one verdict per commit.

NOME Review reads the diff for each pull or merge request and produces structured findings — correctness, security, and reuse/simplification — with one-click apply where the patch stays on-diff. It runs through NOME's canonical reasoning path and never silently falls back to a different route. The review verdict is one signal in the gate, surfaced as a commit status alongside the build status. CodeRabbit, if you use it, is read as an additional external signal — see CodeRabbit.

Before anything is promotable, artifacts are signed, an SBOM is attached, and build provenance is recorded. Unsigned or unverifiable artifacts fail closed at the gate. See Artifact signing.

The deploy gate is a set of conditions: tests green, review signals resolved, artifacts signed and verifiable, branch protection satisfied, and a human approval where promotion is risky. The gate fails closed — if a condition is missing, the deploy does not proceed and the reason is reported. It never fakes a green.

Deploys run on protected, deploy-scoped runners only. A canary deploy can take no traffic, an observe step checks health and projections, and the production traffic shift is manual by default — the human is the production gate. Build and test runners are tagged so they can never run a deploy.

Every deploy carries a rollback plan. If the observe step or post-deploy smoke checks fail, NOME can revert to the last known-good signed artifact and report what happened. Rollback uses the same signed-artifact and receipt chain as the forward deploy.

GPU and other accelerator workloads — model builds, CUDA compiles, inference smoke tests — run on dedicated lanes with the same run contract, receipts, and cost tracking as CPU lanes. You select an accelerator runner per job; if none is available the job fails closed rather than silently dropping to CPU.