# Commercial Hardening Checklist

## Packaging

- Customer package contains compiled artifacts, installer and production static assets only.
- No readable team-authored Rust, Python, Node, TypeScript or debug source ships to customers.
- No `.env`, SSH key, signing key, database dump, SQLite file or source map ships in the archive.

## License

- All launch licenses are fixed to 30 days.
- Admin tooling rejects longer periods and lifetime licenses.
- Plaintext license keys are printed only once and not stored on the license server.
- Working tokens are short-lived and signed.
- Active lease takeover and suspicious session thrashing are visible to operators.

## Download

- Release metadata is signed.
- Artifact URL uses HTTPS.
- Artifact size and SHA-256 are verified.
- Latest installer reads signed metadata before install/update.

## Runtime

- Customer service runs with the commercial license enforcement mode.
- License key is not persisted by default after successful activation.
- Device private key remains local to the customer installation.

## Launch Gate

Do not widen sales until each item above is automated or manually verified for the release being shipped.
