Public website and preview surface for ChipOS.
This repo contains the Next.js website for:
- product positioning
- architecture pages
- open-source portal pages
- contribution and governance surfaces
- the temporary preview gate
- live domain:
https://chipos.io - runtime: Next.js standalone container behind nginx and TLS
- current access model: preview gate only
- source posture: prepared for public release
Important:
- the preview gate is not product auth
- production secrets are not stored in this repo
- the legal open-source license still requires an explicit choice before calling the repo fully open source
- Next.js
- React
- TypeScript
- standalone Docker build
- nginx reverse proxy at the edge
Recommended runtime:
- Node
22
Install:
npm ciRun locally:
npm run devBuild:
npm run buildImportant note:
- local Node
25on this machine caused unstable lint/build behavior earlier - the reliable path is Node
22or Docker
The preview gate requires server-side environment variables:
SITE_GATE_PASSWORDSITE_GATE_SECRET
If those are missing, the app now fails closed.
Do not commit:
.env*- deployment keys
- SSH credentials
- registrar credentials
- production secrets of any kind
Current deployment model:
- app builds as a standalone Next.js container
- nginx terminates TLS
- nginx proxies the public domain to the local container
- raw app port is bound to
127.0.0.1only
See:
Current hardening already in place:
- signed preview gate cookie
- rate limiting on gate attempts
- baseline security headers
- hidden
X-Powered-By - public app port removed
Repo-level security hygiene now includes:
CODEOWNERS- CI build on Node
22 - CodeQL workflow
- Dependabot configuration
See:
Contribution flow is expected to use:
- issues
- discussions
- pull requests
Review ownership is defined in:
See:
Do not claim this repo is fully open source until the actual license file is chosen and committed.