Skip to Content
InternalDocsRunbooksAssisted Public Launch Checklist

Assisted Public Launch Checklist

Source: docs/runbooks/assisted-public-launch-checklist.md

# Assisted Public Launch Checklist (A-Z)
 
Purpose: provide an executable checklist for getting a real customer from zero to first value in production using the current platform capabilities.
 
Scope:
- Assisted launch (founder/ops-led onboarding)
- Public API consumption by customer systems or AI agents
- Current billing operations (manual invoice lifecycle)
 
Out of scope:
- Self-serve signup
- Stripe checkout/subscriptions
 
---
 
## 1. Infrastructure Ready
 
- [ ] Render API service is deployed with pre-deploy migration command:
  - `cd apps/api && npx prisma migrate deploy`
- [ ] Render Postgres is attached and `DATABASE_URL` is set.
- [ ] Web app is deployed and points to API (`API_URL`).
- [ ] Required API env vars are present:
  - `DATABASE_URL`
  - `NODE_ENV=production`
  - `JWT_PRIVATE_KEY`
  - `JWT_PUBLIC_KEY`
  - `CLERK_SECRET_KEY`
  - `KEY_HASH_SECRET`
  - `ALLOW_API_KEY_FALLBACK=false`
- [ ] `GET /health` returns:
  - HTTP 200
  - `status` is `ok` or `degraded`
  - `checks.migrations.pending` is `0` before launch
 
---
 
## 2. Security and Auth Ready
 
- [ ] Integration token path verified in target environment:
  - `POST /api/auth/token/integration` with valid key returns bearer token.
- [ ] Revoked key path verified:
  - revoked key returns `401`.
- [ ] Missing/invalid key path verified:
  - invalid key returns `401`.
- [ ] Tenant route auth enforcement verified for high-risk routes:
  - `/api/sima/*`
  - `/api/jobs/*`
  - `/api/upload`, `/api/catalog/upload`, `/api/ship/upload`, `/api/orders/upload`
 
---
 
## 3. Customer Onboarding Complete
 
- [ ] Tenant created (`POST /api/admin/tenants`) or via CLI fallback.
- [ ] Integration key issued (`POST /api/admin/tenants/:id/integration-keys`).
- [ ] Detector config confirmed (`POST /api/admin/tenants/:id/detectors`) or defaults accepted.
- [ ] Onboarding status captured (`GET /api/admin/tenants/:id/onboarding-status`).
- [ ] Customer received:
  - integration key secret (one-time reveal),
  - minimal API usage guide,
  - first-upload template.
 
---
 
## 4. First-Value API Flow Validated
 
- [ ] Customer exchanges key for token:
  - `POST /api/auth/token/integration`.
- [ ] Customer enqueues at least one job:
  - TRADE: `POST /api/upload` (or `/api/sima/batch`)
  - SHIP: `POST /api/ship/upload`
  - ORDERS: `POST /api/orders/upload`
- [ ] Customer can poll job status:
  - `GET /api/jobs/:id`
- [ ] Customer can read results:
  - TRADE: `GET /api/sima/results`
  - SHIP: `GET /api/ship/findings`
- [ ] One successful end-to-end artifact captured (request IDs/job IDs + timestamp).
 
---
 
## 5. Operational Guardrails Active
 
- [ ] `api-contract-gate` is configured as required branch protection status check on `main`.
- [ ] Branch protection review policy matches team size:
  - Solo maintainer mode: required approvals = `0`
  - Multi-maintainer mode: required approvals >= `1`
- [ ] Branch protection conversation-resolution policy matches team size:
  - Solo maintainer mode: "Require conversation resolution before merging" = disabled
  - Multi-maintainer mode: enabled
- [ ] Staging FORCE-RLS checks are green.
- [ ] Nightly self-hosted validation has at least one successful run in last 36 hours.
- [ ] Alert routing is configured for staging checks and nightly failures.
- [ ] Rollback levers are confirmed:
  - tenant detector disable,
  - `TRADE_DETECTOR_MODE=legacy` global fallback for trade pipeline.
 
---
 
## 6. Billing Reality Confirmed
 
- [ ] Billing model for customer is confirmed (gain-share/platform fee/manual terms).
- [ ] Invoice generation path is tested:
  - `POST /api/admin/billing/invoices/generate`
- [ ] Issue/mark-paid/cancel paths are tested:
  - `POST /api/admin/billing/invoices/:id/issue`
  - `POST /api/admin/billing/invoices/:id/mark-paid`
  - `POST /api/admin/billing/invoices/:id/cancel`
- [ ] Payment collection owner/process is documented externally.
 
Important:
- No Stripe automation exists in current API.
- Treat invoice lifecycle endpoints as internal billing operations.
 
---
 
## 7. Launch Decision Record
 
- [ ] Named owner signs off on technical readiness.
- [ ] Known gaps are listed with owners and dates.
- [ ] Rollback authority is explicit.
- [ ] Customer-facing support channel and response SLA are defined.
 
---
 
## Exit Criteria
 
The assisted launch is complete when all sections above are checked and one customer has completed token -> enqueue -> poll -> results in production.
 
For full public self-serve/API-agent GA, follow `P11-B` through `P11-H` in the execution plan.
API Release Notes TemplateCorridor Rollout Trigger Checklist