From ff6bf8f2036eaeda51a9c4901370db15e5fd18c1 Mon Sep 17 00:00:00 2001
From: shankar0123 <skreddy040@gmail.com>
Date: Wed, 6 May 2026 07:45:55 +0000
Subject: [PATCH] docs(README): add Status: Early-access disclosure block

Reddit posts and operator-facing copy describe certctl as alpha for
production, but the README's marketing-paragraph framing implied a
more polished maturity. Dual-positioning erodes credibility because
evaluators read both surfaces.

Adds a dedicated "Status: Early-access" blockquote between the
SC-081v3 paragraph and the existing "Actively maintained, shipping
weekly" callout. Calls out the production-quality core (Local CA,
ACME, agent deployment, CRUD, audit) versus the still-maturing
broader surface (intermediate CA hierarchy, ACME/SCEP/EST servers,
network appliances). Encourages lab/dev deployments and welcomes
production deployments with the customer-scale caveat.

The two consecutive blockquotes (Status + Actively maintained) read
as paired signals: the project is early-access AND actively
shipping, which is the honest joint position.
---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index b88c500..06f4649 100644
--- a/README.md
+++ b/README.md
@@ -13,6 +13,8 @@ certctl is a self-hosted platform that automates the entire TLS certificate life
 
 The CA/Browser Forum's [Ballot SC-081v3](https://cabforum.org/2025/04/11/ballot-sc081v3-introduce-schedule-of-reducing-validity-and-data-reuse-periods/) caps public TLS certificates at **200 days by March 2026**, **100 days by 2027**, and **47 days by 2029**. At 47-day lifespans, a team managing 100 certificates is processing 7+ renewals per week, every week, forever. Manual workflows stop being a choice.
 
+> **Status: Early-access.** Production-quality core (Local CA, ACME, agent deployment, CRUD, audit) with broader feature surface (intermediate CA hierarchy, ACME/SCEP/EST servers, network appliances) still maturing. Lab and dev deployments encouraged; production deployments welcome with the understanding that customer-scale battle-testing is in progress. File GitHub issues for any rough edges.
+
 > **Actively maintained, shipping weekly.** [Open an issue](https://github.com/certctl-io/certctl/issues) if something breaks. CI runs the full test suite with race detection, static analysis, and vulnerability scanning on every commit.
 
 **Ready to try it?** Jump to the [Quick Start](#quick-start). For the marketing site, see [certctl.io](https://certctl.io).