I asked: if a stranger cloned the repo right now, what would block them from running it? Then I asked it forty-two ways at once.
The verdict
Not distributable yet. Too many places where the install assumed my homelab (IPs, hostnames, paths, manual go2rtc YAML, hard-coded image names, GPU assumed available, no bootstrap script, no first-run UI).
The roadmap
Six phases, each with a "done when" check:
- Phase 0: zero hand-editing on a clean host
- Phase 1: sane defaults for storage, motion, retention
- Phase 2: discovery and self-test for cameras
- Phase 3: observability and recorder health
- Phase 4: safe upgrades and migrations
- Phase 5: distribution channels (images, signed installers)
What's since shipped from Phase 0
A lot, actually. The audit's prescriptions for Phase 0 turned into the DB-managed go2rtc stream model, the server-address-in-DB pattern, the GPU opt-in compose overlay, the strong-secrets bootstrap script, the first-run setup wizard, and the LAN-only defaults. The remaining Phase 0 items are now narrow.
Full doc: docs/DISTRIBUTABILITY-AUDIT-2026-06-22.md. The audit was the moment the project shifted from "running well at my house" to "could plausibly run at someone else's."