Production Checklist¶
Review this checklist before deploying AMP to production.
Security¶
Authentication¶
- Clerk production keys configured
- JWT secret is unique and secure (32+ characters)
- API keys use
amp_live_prefix - Test keys are not in production
Network¶
- HTTPS enabled on all public endpoints
- TLS 1.2+ enforced
- CORS origins restricted to your domains
- Internal services not exposed publicly
- Firewall rules configured
Secrets¶
- All secrets in secure storage (not .env files)
- Database passwords are strong
- Redis password configured
- API keys rotated from development
Infrastructure¶
Database¶
- PostgreSQL 12+ in production mode
- Connection pooling configured
- Backups scheduled and tested
- Point-in-time recovery enabled
- Monitoring in place
Redis¶
- Password authentication enabled
- Persistence configured
- Memory limits set
- Eviction policy defined
NATS¶
- JetStream enabled
- Data persistence configured
- Clustering for HA (if needed)
Application¶
Configuration¶
-
ENVIRONMENT=production -
LOG_LEVEL=info(not debug) -
LOG_FORMAT=json - Request timeouts configured
- Rate limits enabled
Scaling¶
- Multiple API instances behind load balancer
- Multiple worker instances
- Health checks configured
- Auto-scaling rules (if applicable)
Monitoring¶
- Application logs centralized
- Error tracking configured
- Metrics collection enabled
- Alerts configured for:
- High error rate
- High latency
- Database connection issues
- Queue backup
- Provider failures
Providers¶
AI Providers¶
- Production API keys configured
- At least one LLM provider active
- Fallback provider configured
- Rate limits understood
- Cost alerts configured
Metricool¶
- Production token configured
- All required platforms connected
- Test post successful
Testing¶
Functional¶
- API health check passing
- Ready check passing
- Authentication working
- Mission creation successful
- Content generation working
- Publishing successful
Load¶
- Load tested at expected traffic
- Database performance acceptable
- No memory leaks under load
- Queue processing keeps up
Security¶
- SQL injection testing
- Authentication bypass testing
- Rate limiting verified
- CORS restrictions verified
Operations¶
Runbooks¶
- Deployment procedure documented
- Rollback procedure documented
- Incident response documented
- On-call rotation defined
Backups¶
- Database backups tested
- Backup restoration tested
- Backup retention defined
- Off-site backups configured
Disaster Recovery¶
- RTO defined
- RPO defined
- DR plan documented
- DR tested
Compliance¶
Data¶
- Data retention policies defined
- PII handling documented
- GDPR compliance (if applicable)
- Data processing agreements in place
Legal¶
- Terms of Service published
- Privacy Policy published
- AI usage disclosed
Go-Live¶
Final Steps¶
- DNS configured
- SSL certificates installed
- Monitoring dashboards ready
- Support contact established
- Documentation accessible
Post-Launch¶
- Monitor error rates for 24h
- Review performance metrics
- Check provider costs
- Gather initial feedback