R2 quarantine intake
Uploads land in a quarantine path first, with metadata linking the file to its project, release, submission, and creator.
Trust & safety
Files are scanned, reviewed, and tied to accountable project pages.
The depot uses one upload intake path, scan metadata, review queues, and public safety signals so TF2C players can inspect what they are downloading before putting it on a client or server.
Scanner result
ClamAV or another scanner posts a signed result back to the API before the upload can be approved as clean.
Manual review
Staff review release context, license notes, install path, changelog, screenshots, dependencies, and reports before publishing.
Public trust signals
Approved projects expose scan status, SHA-256 hashes, compatibility, and license panels so users can make informed choices.
Review checklist
File integrity
Every downloadable release should keep a size, checksum, scan state, and version history.
Compatibility
Project pages should state TF2C branch, game version, client/server side, and dependency requirements.
Licensing
Creators should identify license, permissions, source links, and attribution where applicable.
Moderation
Reports and queue actions should update instantly and leave audit context for future staff review.