# Repository Readiness

The Gateway should not be promoted as a broad public open-source install until the repository can support early operators without ambiguity.

## Required Before Public Repository Launch

- License selected and committed.
- `README.md` explains product scope, pre-launch status, install path, and support boundaries.
- `SECURITY.md` explains disclosure and support evidence rules.
- `CONTRIBUTING.md` explains contribution scope and privacy boundaries.
- `SUPPORT.md` explains support scope and escalation path.
- Install [guide](./install-guide.html) and [rollback guide](./rollback-recovery.html) exist.
- Hardware matrix exists for primary, embedded, portable, appliance, and relay scenarios.
- Public evidence checklist links to screenshots, demo, test summary, recovery drill, and install transcript.
- Privacy posture checklist and support bundle redaction guide exist.
- Known limitations, contact privacy notes, and release notes template exist.
- Issue templates exist for bug report, hardware report, install report, documentation fix, and security contact links.
- Release checklist and [issue label guide](./issue-labels.md) exist.
- Public copy avoids internal development terms, tooling names, workspace paths, versioned deployment URLs, and provider-specific deployment endpoints.
- Screenshot handling is explicit: if assets were refreshed, they use redacted synthetic values and note the claim each image supports; if they were not refreshed, the release notes explain which public surface was reviewed and why the current set stayed sufficient.
- `npm audit --audit-level=high` reports no high-severity advisories before public repository launch.
- `npm run build` leaves `_site` free of workspace metadata, hidden workspace directories, dependency directories, and repository internals such as `AGENTS.md`, `SOUL.md`, `USER.md`, `MEMORY.md`, `node_modules`, and `.git`.

## Do Not Publish Without

- A selected license.
- A working contact address.
- A fresh-machine install pass.
- A documented rollback path.
- Clear anonymity and privacy limitations.
- Redaction guidance for logs, topology, and support bundles.
- Public issue routing that blocks blank issues and redirects vulnerability reports away from public issues.

## First Issue Labels

- `install`
- `hardware`
- `dns`
- `routing`
- `privacy-posture`
- `recovery`
- `documentation`
- `good first issue`
- `needs evidence`
- `security-boundary`

## Next action

- Open the [publication review](./site-qa.html) after the repository launch files are in place so publication checks cover metadata, noindex rules, support paths, and browser rendering.
- Open [launch status](./launch-status.html) so reviewers can confirm the public summary still matches the maintainer release gates.
- Review [issue labels](./issue-labels.md) before opening public issue intake so routing stays aligned with install, hardware, privacy, recovery, and security evidence.
- Review [contact privacy](./contact-privacy.html) before opening support intake so credential custody, remote access, vulnerability reports, and intake separation stay explicit.
- Open the [install guide](./install-guide.html) and [rollback recovery](./rollback-recovery.html) so operators can move from repository review into the first procedural paths without detouring through the docs map.