North Ark
← All resources

Free download · 25 items

Production Readiness Checklist

25 items before you launch an AI-built app to real customers

Built with Cursor, Lovable, or Bolt? Use this checklist to find the gaps between demo mode and production — security, hosting, data, and ops.

Download PDFBook a Discovery Call

No email required. By downloading you agree to our privacy policy.

Checklist preview

Work through each section before you invite real users or enterprise customers.

Security & authentication

  • Secrets and API keys are not in source control or client-side code
  • Authentication flows tested for signup, login, logout, and password reset
  • Row-level security or equivalent access rules enforced on every data path
  • Admin routes and privileged actions require explicit role checks
  • HTTPS enforced; HTTP redirects to TLS everywhere

Infrastructure & hosting

  • Production environment separate from development and staging
  • Domain, DNS, and SSL certificates configured and auto-renewing
  • Hosting region chosen for latency and data residency requirements
  • Static assets and uploads served from durable storage — not the app server
  • Backup and restore procedure documented and tested once

Database & data

  • Database migrations version-controlled and repeatable
  • Automated backups scheduled with retention policy defined
  • PII identified; collection limited to what the product actually needs
  • Data export and deletion path exists for customer requests
  • Connection pooling and query timeouts configured for production load

CI/CD & environments

  • Deploy pipeline runs tests or lint before production promotion
  • Environment variables documented — no manual prod-only config drift
  • Rollback plan exists if a deploy breaks production
  • Feature flags or staged rollout for high-risk changes
  • Build artifacts reproducible from a tagged release

Monitoring, ops & launch

  • Error tracking captures unhandled exceptions with useful context
  • Uptime or health checks alert someone when the app is down
  • Logging excludes passwords, tokens, and unnecessary PII
  • Runbook covers deploy, restart, and common incident steps
  • Launch smoke test checklist completed on production URL

Email me the PDF

Optional — direct download stays available above.

Want a second pair of eyes before launch?

Book a free discovery call