Site QA gate

Do not publish until the site, claims, and release paths agree.

This noindex gate keeps The Gateway from shipping with broken metadata, unsupported claims, temporary contacts, or unclear privacy boundaries.

Validation

npm run validate passes locally and in CI, including links, sitemap, public/noindex map, structure, assets, and risky copy scans.

Browser smoke

Homepage, public docs, and 404.html render on mobile and desktop without horizontal overflow or clipped controls.

Runbook smoke

The first public runbook, install and provision, opens and its safe commands block still renders.

Public map

Public pages appear in sitemap.xml; release gates stay noindex until external dependencies and evidence are real.

Privacy copy

Copy says The Gateway can improve and verify privacy posture, not guarantee anonymity by itself.

Contact privacy

Contact copy keeps credential custody, remote access, vulnerability reports, and intake separation explicit.

Intake safety

Contact templates do not request secrets, private keys, tokens, full traffic captures, or unredacted topology.

Release blockers

License, security contact, install evidence, rollback evidence, and hardware evidence are complete before broad repository promotion.

Decision

Keep the gate closed while evidence is private.

Do not ship if a public claim depends on private evidence, temporary contacts, unsupported hardware, or untested rollback behavior. Redaction-first support and explicit operator boundaries should be ready before publication.

Open release checklist Open production checklist Open launch status Review support boundaries Review redaction guide

Next step after QA

Once the site checks pass, move straight to the production checklist so launch reviewers can confirm the public domain, proof artifacts, and operating surfaces before sending traffic live.