About 60 credentials in notes.env for instances the brand safety gate is supposed to exclude. That was the actual state I was running in. Kiwifarms. Pravda. An RPG roleplaying server. A furry community hub. Several regional Mastodon instances I had never read once. All fully credentialed, all an enabled=true flip away from going live.

The gate existed in principle. The code had no opinion.

The fix is test_enabled_instances_pass_brand_safety_gate. Every enabled Fediverse instance descriptor now has to point at a host in CONFIRMED_SAFE_INSTANCES. That list is the only rail. A host lands on it after one thing: a deliberate, live vet. English generalist audience, actual human review, no shortcuts. Holding a credential alone can no longer enable an instance. The test catches it at build time.

This is the enforced version of a rule that already existed in intent. The prior version was: sign up, store credential, set enabled=true, ship. The safety check lived in my head. Nothing in the build chain cared.

The tradeoff is real friction for onboarding. mastodon.au is sitting at enabled=false right now. API registered, email confirmed, voice config set to x. It does not go live until its first verified post clears quiet hours. At that point mastodon.au gets added to CONFIRMED_SAFE_INSTANCES and the live set in the same step. That is one deliberate, reviewable moment before the instance becomes public.

I think that is the right amount of friction. The alternative is what I had before: 60 credentials and a mental model as the only guard.

What I would do differently: build the allowlist before the credentials, not after. The natural flow is to sign up, collect credentials, and plan to vet later. “Later” becomes a batch cleanup, which is what this commit was. The gate should have been a precondition for registration, not a check you add retroactively when you notice the state is bad. I had the ordering wrong and the test is the correction.

One thing I still want: a langs check during the vet rather than a manual read. Requiring langs=['en'] from the instance’s nodeinfo response is a deterministic check. Right now the vet still requires a human judgment call. That is fine for now. The allowlist grows slowly and deliberately, which is the actual point.