Production Checklist
Use this checklist before deploying Artbase to production.
Environment
Environment Variables
- All required env vars set in Vercel/hosting
- Production Supabase project configured
- Production Stripe keys (not test keys)
- Resend production API key
- Webhook secrets configured
Domains
- Production domain configured
- SSL certificate active
- www redirect configured
- Custom domains for storefronts working
Database
Schema
- All migrations applied
- Seed data removed (if any)
- RLS policies enabled
- Indexes optimized
Security
- Service role key secured (not in client code)
- Anon key rate limited
- Connection pooling enabled
Backups
- Automated backups enabled
- Point-in-time recovery configured
- Backup restoration tested
Authentication
Supabase Auth
- Email templates customized
- Redirect URLs configured
- Rate limiting enabled
- Password requirements set
OAuth Providers (if used)
- Production OAuth credentials
- Callback URLs updated
- Scopes reviewed
Payments
Stripe
- Production API keys
- Webhook endpoints configured
- Webhook secret set
- Test webhooks received successfully
Stripe Connect
- Production Connect client ID
- OAuth redirect URIs updated
- Platform fees configured
Testing
- Test purchase completed
- Refund flow tested
- Subscription flow tested
- Connect payouts working
Email
Resend Configuration
- Domain verified
- SPF/DKIM configured
- From address set
Templates
- Welcome email reviewed
- Order confirmation reviewed
- Shipping notification reviewed
- Password reset reviewed
Security
Headers
- HTTPS enforced
- HSTS enabled
- CSP headers configured
- X-Frame-Options set
Rate Limiting
- API rate limits configured
- Auth rate limits enabled
- Form submission limits
Secrets
- No secrets in client code
- Environment variables in Vercel
- Webhook secrets rotated
Performance
Frontend
- Images optimized
- JS bundle analyzed
- Core Web Vitals passing
- Lighthouse score > 90
Backend
- Database queries optimized
- N+1 queries resolved
- Caching implemented
- Cold start times acceptable
CDN
- Static assets on CDN
- Cache headers correct
- Image CDN configured
Monitoring
Error Tracking
- Error tracking enabled (Sentry/etc)
- Error notifications configured
- Source maps uploaded
Logging
- Structured logging enabled
- Log retention configured
- Log levels appropriate
Uptime
- Uptime monitoring enabled
- Alert thresholds set
- Status page configured
Analytics
Web Analytics
- Analytics tracking code added
- Privacy policy updated
- Cookie consent implemented
Business Metrics
- Revenue tracking enabled
- User signups tracked
- Key events instrumented
Legal
Policies
- Privacy policy published
- Terms of service published
- Cookie policy published
- Refund policy published
Compliance
- GDPR compliance (EU users)
- CCPA compliance (CA users)
- Data deletion requests supported
Testing
Functional
- All user flows tested
- Payment flows tested
- Email delivery tested
- Mobile responsive tested
Cross-Browser
- Chrome tested
- Safari tested
- Firefox tested
- Mobile browsers tested
Load Testing
- Load tests run
- Performance acceptable under load
- Auto-scaling configured (if needed)
Backup & Recovery
Data
- Database backups scheduled
- Backup restoration tested
- Data export functionality
Configuration
- Environment documented
- Deployment process documented
- Rollback procedure defined
Go-Live
Pre-Launch
- Team notified
- Support channels ready
- Marketing materials ready
Launch
- DNS updated
- SSL verified
- Smoke tests passed
Post-Launch
- Monitor error rates
- Monitor performance
- Check email delivery
- Verify payments working
Quick Commands
# Check production build
pnpm build
# Run production locally
pnpm start
# Check environment
vercel env ls
# Deploy to production
vercel --prod