Loading
Preparing your service workspace
We are restoring your account context, Guild member access, service basket, and trust status.
Qubictry Docs
Production readiness checklist
Operational checklist for moving Qubictry from demo state into live production use.
# Production Readiness Checklist Qubictry is already a live production application. This checklist exists to protect the current operating model, not to graduate a demo. ## 1. Canonical ownership - [ ] Keep Guild member public profile ownership in Qubictry. - [ ] Keep `/guild-members` as the canonical public directory route. - [ ] Preserve direct compatibility redirects from legacy public aliases to `/guild-members`. ## 2. Identity and session posture - [ ] Keep Quorum as the canonical identity authority. - [ ] Use `/api/auth/ecosystem/start` and callback routes for primary sign-in handoff. - [ ] Treat legacy `/api/auth/sso/*` routes as compatibility-only. ## 3. Environment and contract gates - [ ] Run `pnpm run check:env` before deploys. - [ ] Run `pnpm run check:contract` before deploys. - [ ] Keep production secrets in the deployment platform only. ## 4. Data and trust operations - [ ] Keep Guild member profile writes canonical-first. - [ ] Preserve trust badge, dispute, payment-protection, and fraud-sync integrations. - [ ] Keep signed internal routes and operator shared-secret posture intact. ## 5. Runtime behaviour - [ ] Verify `/api/health` reports the expected commit and deployment. - [ ] Verify canonical public routes and compatibility redirects behave correctly. - [ ] Verify the homepage, directory, request-service, and trust-centre surfaces after any IA or copy change. - [ ] Verify operator overview SLO health through `/admin/guild-ops` and `/api/cron/operator-overview-health`. - [ ] Confirm the `Operator Overview SLO Rehearsal` workflow has a recent passing run and evidence artefact. - [ ] Confirm the Production Smoke Monitor has a recent passing run and failure alerts route through `MONITOR_ALERTS_WEBHOOK_URL`, `ALERTS_WEBHOOK_URL`, `TRUST_BADGE_ALERT_SLACK_WEBHOOK`, `INCIDENT_SLACK_WEBHOOK`, or `SLACK_WEBHOOK_URL`. - [ ] Confirm Cloudinary evidence smoke is either credential-only by design or running upload/delete through a dedicated smoke folder. - [ ] Follow `docs/runbooks/operator-overview-slo-incidents.md` for warning or critical operator overview SLO alerts. - [ ] Follow `docs/runbooks/qubictry-operational-launch-readiness.md` for payment, evidence, dispute, failed transfer, Curator commission, and monitor launch checks. ## 6. Testing and deployment - [ ] Run the existing focused Vitest suites for changed public surfaces. - [ ] Run `pnpm run build` before pushing production-facing changes. - [ ] Apply committed database migrations in the guarded production flow only. ## 7. Documentation discipline - [ ] Keep public vocabulary aligned across nav, homepage, directory, and onboarding surfaces. - [ ] Update repo docs when canonical ownership, auth posture, or public IA changes. - [ ] Do not reintroduce demo-era guidance that contradicts the live production model. For Verified Supply Network releases, use `docs/runbooks/verified-supply-network-production-migration-runbook.md` so migration status is reviewed before production deploys.