P19 C Go Live Evidence 2026 03 03

Source: docs/operations/p19-c-go-live-evidence-2026-03-03.md

# P19-C Go-Live Evidence (2026-03-03)
 
Status: **NO-GO (blocked)**  
Prepared: 2026-03-04T00:30:37Z (UTC)
 
## Scope
 
This evidence package validates full-launch readiness after merge of P17/P18/P19 delivery PRs:
 
- P17-A/B/C: public signup + abuse controls + docs package (`#539`)
- P18-A/B/C: Stripe foundation + invoice mapping + dunning controls (`#540`)
- P19-A/B: production website pages + docs readiness (`#541`)
 
Launch-closure updates included in this checkpoint:
 
- Pricing doc alignment and launch-policy hardening (`#549`)
 
## Deployed Baseline
 
Latest `main` merge used by green CI/launch checks:
 
- Commit: `09d3b81881b13903af7a9d4166d48e54201e4605`
- PR: [#549](https://github.com/rgl8r/platform/pull/549)
- Merge timestamp: 2026-03-03T22:20:20Z
 
Merged feature delivery commits:
 
- `#539` -> `165d6e2cd6c71885aaa9ea11b55651d85e79c66b`
- `#540` -> `3a1c2d07a150d35b2f5edd8b7446a63b81066243`
- `#541` -> `5579724f433c8827732ab79b31ddeb8f316f209f`
- `#549` -> `09d3b81881b13903af7a9d4166d48e54201e4605`
 
## Control Plane Evidence (CI / Monitoring)
 
- CI Pipeline (main): [22645333311](https://github.com/rgl8r/platform/actions/runs/22645333311) — success
- Launch Sync Gate (main): [22645333312](https://github.com/rgl8r/platform/actions/runs/22645333312) — success
- Production Health Checks: [22648262772](https://github.com/rgl8r/platform/actions/runs/22648262772) — success
- Production API Canary: [22648262806](https://github.com/rgl8r/platform/actions/runs/22648262806) — success
 
## Gate Results
 
| Gate | Check | Result | Evidence |
|---|---|---|---|
| G0 (site) | `https://rgl8r.com` + `/pricing` + `/terms` + `/privacy` + `/security` + `/contact` return `200` | PASS | Probed 2026-03-04T00:29Z; all six endpoints returned `200` |
| G0 (docs public) | `https://docs.rgl8r.com` returns `200` with valid TLS | **FAIL** | 2026-03-04T00:29Z probe returned `000` (host unresolved) |
| G0 (docs internal) | `https://docs-internal.rgl8r.com` enforces auth with valid TLS | **FAIL** | 2026-03-04T00:29Z probe returned `000` (host unresolved) |
| Backend health | API + web health endpoints return `200` | PASS | 2026-03-04T00:29Z: production API + app web health both `200` |
| Signup flag-off contract | `/api/public/signup/*` returns `503 FEATURE_DISABLED` with `retryAfterSeconds` while disabled | PASS | 2026-03-04T00:29Z: `POST /api/public/signup/sessions` returned `503`, `Retry-After: 300`, body includes `retryAfterSeconds=300` |
| Signup enabled canary | Full synthetic create -> verify -> provision -> get session under enabled flag | **NOT RUN** | Blocked pending production flag enable window |
| OTP delivery proof | Resend confirms delivery for canary OTP | **NOT RUN** | Dependent on signup-enabled canary |
| Billing setup-session auth surface | Endpoint exists and rejects unauthenticated caller | PASS | 2026-03-04T00:30Z: `POST /api/public/billing/setup-session` returned `401` |
| Billing setup-session success path | Valid integration token returns `201` setup payload | **NOT RUN** | Blocked pending integration token for production validation |
| Stripe webhook contract | Signature verification + idempotent duplicate handling | **NOT RUN (prod)** | Planned same-day validation after GO (soft blocker policy) |
| Full autopay/dunning validation | Success + payment-failed + operator recovery verified | **NOT RUN (prod)** | Planned same-day validation after GO (soft blocker policy) |
 
## Endpoint Probe Snapshot
 
| Endpoint | Status |
|---|---:|
| `https://rgl8r.com` | 200 |
| `https://rgl8r.com/pricing` | 200 |
| `https://rgl8r.com/terms` | 200 |
| `https://rgl8r.com/privacy` | 200 |
| `https://rgl8r.com/security` | 200 |
| `https://rgl8r.com/contact` | 200 |
| `https://docs.rgl8r.com` | 000 |
| `https://docs-internal.rgl8r.com` | 000 |
| `https://app.rgl8r.com/api/health` | 200 |
| `https://rgl8r-production-api.onrender.com/health` | 200 |
| `POST /api/public/signup/sessions` (flag off) | 503 |
| `POST /api/public/billing/setup-session` (unauthenticated) | 401 |
 
## Rollback Authority and Actions
 
Rollback authority: **Dan**
 
Immediate rollback actions:
 
1. Signup safety rollback
- Set `SELF_SERVE_SIGNUP_ENABLED=false` in production API env.
- Redeploy API service.
- Verify `POST /api/public/signup/sessions` returns `503 FEATURE_DISABLED`.
 
2. Billing safety rollback
- Set `STRIPE_AUTOPAY_ENABLED=false` in production API env.
- Keep webhook endpoint enabled for event ingestion and reconciliation.
- Redeploy API service.
 
3. Website/docs comms rollback
- Keep onboarding in assisted mode using `docs/runbooks/assisted-public-launch-checklist.md`.
- Do not announce self-serve launch until docs domain and Stripe production validation are complete.
 
## Launch Decision
 
Decision: **NO-GO** for full launch at this checkpoint.
 
Blocking items:
 
1. `docs.rgl8r.com` is not yet published/reachable.
2. `docs-internal.rgl8r.com` is not yet published/reachable.
3. Signup enabled canary path (including OTP delivery proof) has not been executed in production.
 
Non-blocking same-day validation (must complete after GO):
 
1. Stripe setup-session success path with integration token (`201`).
2. Stripe webhook signature/idempotency production replay.
3. Autopay success + failure/recovery smoke.
 
## Exit Criteria to Flip to GO
 
1. Publish `docs.rgl8r.com` (200 + TLS) with required launch docs discoverable.
2. Publish `docs-internal.rgl8r.com` and verify auth enforcement.
3. Run and record production signup enabled canary (create -> verify -> provision -> status) including Resend OTP delivery proof.
4. Run and record production Stripe validation (same day after GO):
- setup-session 201 using integration token,
- webhook signature valid/invalid checks,
- invoice paid + payment_failed handling,
- autopay rollback lever tested.
5. Update this document with evidence timestamps and mark decision **GO**.