Why we open-sourced Jacpol.

Jacpol started as an internal package. Every NestJS service we ship sits behind it — roles, policies, resource-scoped access. We could have kept it. We chose not to.

Open source is not altruism. It is a discipline. A library you have to defend in public is a library that stops accumulating quiet debt. It gets cleaner names. It gets sharper abstractions. It loses the assumptions that only made sense inside our monorepo.

The version we run in production is now the version anyone can read. That is the commitment. Not "here is a sanitized fork" or "here is a library adjacent to what we use" — the actual code path a request takes when it hits our auth middleware.

The decision cost us. We spent three weeks pulling out the monorepo-specific bindings, writing a docs site, and rebuilding the test harness so contributors could run it locally. That is three weeks of product work we did not do. It was worth it.

What changed after we shipped: every code review got slower, and better. The question stopped being "does this work?" and became "would I want to explain this choice to a stranger reading the diff next Tuesday?" Turns out, if the answer is no, the code is usually wrong.

Open source does not make you faster. It makes you more honest about what fast means. That is the trade. If you are considering it for a library you actually run in production, our recommendation is simple: do it, and make peace with the slowdown. The debt you stop accumulating is worth more than the velocity you lose.