# Install Guide The Gateway is pre-launch. This install guide is a release gate skeleton until a fresh-machine install pass is documented. Do not treat this as a finished self-service installer yet. ## Before You Start - Confirm the deployment mode. - Confirm admin access and out-of-band recovery path. - Record the current DNS, route, firewall, and fallback state. - Save or document a known-good backup. - Read the rollback and recovery guide. - Read support bundle redaction rules. ## Deployment Modes - Primary gateway. - Embedded router. - Portable node. - Appliance candidate. - Relay or bridge path. - VPS node. ## Install Flow 1. Map interfaces and upstream constraints. 2. Prepare host operating system. 3. Install The Gateway components. 4. Start local service. 5. Open local control UI. 6. Create device group. 7. Configure DNS policy. 8. Configure route policy. 9. Configure fallback behavior. 10. Preview changes. 11. Confirm rollback path. 12. Apply. 13. Validate connectivity, DNS, routes, fallback, and privacy posture. 14. Save install transcript and remaining risks. ## Validation Required - Local admin access still works. - DNS queries follow intended resolver policy. - Routes follow intended policy. - Fallback behavior matches expectation. - Direct escape paths are blocked or documented. - Leak checks match intended privacy posture. - Public copy avoids internal development terms, tooling names, workspace paths, versioned deployment URLs, and provider-specific deployment endpoints. - Build output keeps `_site` free of workspace metadata, hidden workspace directories, dependency directories, and repository internals such as `AGENTS.md`, `MEMORY.md`, `SOUL.md`, `USER.md`, `node_modules`, and `.git`. - Recovery path is documented. ## Do Not Broad-Publish Until - The guide is tested on a fresh machine. - Rollback and recovery are tested. - Hardware matrix has at least one supported path. - Known limitations are documented. - Evidence links are attached. ## Next Action - Open the install readiness review before treating this as a release-ready install path. - Review rollback and recovery before any operator tries a broad rollout. - Open launch status before any public publication or launch claim. - Open publication review before any public publication or launch claim. - Open the production checklist once the install flow is documented and recovery is tested.