# Public Gitea Publish Verification Notes (2026-05) ## Context BOSS changed the publishing requirement from private to public for the portable `xianyu-hunter-hermes-skill` package. The repository was created on self-hosted Gitea and pushed as a public repo. Verified public repository shape: ```text https://gitea.chickliu.fun/Hermes/xianyu-hunter-hermes-skill ``` Package/repo contents: ```text README.md install.sh skill/xianyu-hunter-monitor/ project/xianyu-hunter/ releases/xianyu-hunter-hermes-skill.zip releases/xianyu-hunter-hermes-skill.tar.gz releases/SHA256SUMS.txt .gitignore ``` ## Recommended public publish sequence 1. Create or check the Gitea repo via API, explicitly setting `private:false`. 2. Build a clean staging worktree from the already-vetted portable package, not directly from the runtime project clone. 3. Add `.gitignore` that excludes runtime/sensitive state even if future work occurs in the published repo: ```gitignore node_modules/ browser-data/ data/tasks.json data/config.json data/notify-config.json reports/ *.log .runtime/ .DS_Store ``` 4. Commit and push to `main`. 5. If using an HTTPS token in the remote URL for push, immediately scrub the token after push: ```bash git remote set-url origin 'https://gitea.example.com/OWNER/REPO.git' git remote -v ``` ## Verification commands Use both API and unauthenticated/raw access checks where possible: ```bash GITEA_URL='https://gitea.example.com' OWNER='Hermes' REPO='xianyu-hunter-hermes-skill' TOKEN='...' curl -sS -H "Authorization: token $TOKEN" \ -o /tmp/gitea_repo_verify.json \ -w 'HTTP %{http_code} size=%{size_download}\n' \ "$GITEA_URL/api/v1/repos/$OWNER/$REPO" python3 - <<'PY' import json d=json.load(open('/tmp/gitea_repo_verify.json')) print('full_name:', d.get('full_name')) print('html_url:', d.get('html_url')) print('clone_url:', d.get('clone_url')) print('private:', d.get('private')) print('default_branch:', d.get('default_branch')) print('empty:', d.get('empty')) PY curl -sS -L -o /tmp/gitea_readme.md \ -w 'HTTP %{http_code} size=%{size_download}\n' \ "$GITEA_URL/$OWNER/$REPO/raw/branch/main/README.md" head -5 /tmp/gitea_readme.md git ls-remote "$GITEA_URL/$OWNER/$REPO.git" HEAD refs/heads/main ``` Expected checks: - API returns `HTTP 200`. - `private: False` for public repos. - `default_branch: main`. - `empty: False`. - Raw README returns `HTTP 200`. - `git ls-remote` prints `HEAD` and `refs/heads/main` hashes. ## Reporting to BOSS Keep the final response concise and include: - Repository URL. - Public/private status confirmation. - Main verification results. - Note that the local remote URL no longer contains the token if a token was used.