Use this checklist before making the repository public or cutting a public release.
./scripts/oss-check.shThis validates:
- Typecheck and production build
- Runtime dependency audit (
pnpm audit --prod, moderate+ findings are surfaced for review) - Heuristic secret scan for common credential formats
- Tracked private-path guard (
.env*,.claude/,logs/, private notes) - Required community/legal files (
LICENSE,README.md,CONTRIBUTING.md,CODE_OF_CONDUCT.md,SECURITY.md,SUPPORT.md)
- Issue forms are enabled in
.github/ISSUE_TEMPLATE/ - PR template is present at
.github/pull_request_template.md - Security workflow runs from
.github/workflows/security.yml - Public branch guard runs from
.github/workflows/public-guard.yml
LICENSEmatches the intended open-source licenseSECURITY.mddocuments private vulnerability reportingCODE_OF_CONDUCT.mdandCONTRIBUTING.mdare current
When checks are green and docs are current:
- Open repository Settings
- Go to Danger Zone
- Select Change repository visibility
- Set visibility to Public