Skip to content

Production Readiness Checklist

Configuration

  • All required env vars set for prod (Supabase, Redis, CPM/External URLs)
  • Secrets managed via platform secrets (no plain text in code)
  • Feature flags configured (verification/onboarding, provider defaults)

Security

  • Email verification enforced (ENABLE_EMAIL_VERIFICATION=true)
  • RLS confirmed for all sensitive tables
  • API keys hashed & rotated; only prefixes logged
  • Security headers enabled in Next.js

Observability

  • Structured logging across services (correlation ID)
  • Metrics dashboards for latency, error rates, cache hit ratio
  • Alerts for 5xx spikes, Redis timeouts, build failures

Performance

  • Redis TTLs tuned (rate limit, cache, session)
  • CDN caching rules set for docs + marketing
  • Edge vs Node runtime reviewed for API routes

Runbooks

  • Incident response docs shared with on‑call team
  • Rollback procedures tested (docs versions, app releases)
  • Access revocation process tested