Use this checklist before publishing the website, creating an updated-files archive, or enabling a new paid/AI/runtime feature. It is deliberately operational: it does not ask you to change product behavior, only to keep secrets out of source artifacts and make risky config states visible.
Reusable archive command
The project folder includes a helper script for the updated-after-date archives used during this release pass:
powershell -ExecutionPolicy Bypass -File tools/Build-UpdatedArchives.ps1 `
-Root D:\Projects\javascriptobfuscator `
-Cutoff 2026年05月28日 `
-ReportPath _temp/archive-hygiene.json
The script excludes Web.config, zip files, local scratch folders such as _temp, generated temp folders, build outputs, package dependencies, and timestamp-only desktop download binaries. It prints a verification table after creating the website and full-project archives, then fails the command if a blocked deployment file appears in either zip.
When -ReportPath is supplied, the script also writes a machine-readable hygiene report for source-free release handoff. The JSON includes the cutoff date, archive sizes, missing required files, blocked entries, the exclusion policy used for zip verification, and an operator checklist with before-sharing steps, rotation triggers, and a reminder not to attach secrets or host-specific deployment transforms.
Before sharing the updated-files zip, convert that JSON into a reviewer packet:
jso-protector --deployment-hygiene-evidence _temp/archive-hygiene.json `
--deployment-hygiene-output reports/deployment-hygiene.md
The packet summarizes archive names, entry counts, byte sizes, missing or blocked entries, blocked category booleans, the exclusion policy, the operator checklist, rotation triggers, and the hygiene-report SHA-256. It also includes a source-free Deployment Hygiene Review Assistant for BYO AI or internal reviewers. Do not add Web.config contents, raw secrets, provider keys, webhook signing secrets, database strings, host-specific deployment transforms, customer data, or source code. If the archive builder reported blocked deployment files or missing required entries, the command writes the failed packet and exits nonzero so the handoff can stop before external sharing.