| name | production-readiness |
| description | Audit the project against its production/deploy checklist — required secrets, migrations, store/push config, security toggles, and the verification gate. Use before a release, a deploy, or when asked if the app is production-ready. |
Production readiness checklist
Walk these and report status (✅/⚠️/❌) with the file/setting for each gap.
Secrets & env (must be set, NOT the dev placeholders)
JWT_SECRET ≥ 32 chars high-entropy · ENCRYPTION_KEY real openssl rand -base64 32
(the .env.example value is an all-zero dev placeholder — must change).
DATABASE_URL, REDIS_URL (prod uses a password), S3_*.
CORS_ORIGIN = explicit allow-list (wildcard throws in production — intended).
- Apple IAP:
APPLE_ROOT_CA_CERTS (Apple Root CA - G3 PEM) or webhooks reject.
- Android IAP:
GOOGLE_PUBSUB_AUDIENCE + GOOGLE_PUBSUB_SERVICE_ACCOUNT_EMAIL
(Pub/Sub guard fails closed in prod without them) + GOOGLE_PLAY_PACKAGE_NAME.
- Firebase Admin creds for FCM send.
APPLE_IAP_SKIP_VERIFICATION must NOT be true (it throws in prod anyway).
Database
- Migrations applied:
bun run prisma:deploy (= prisma migrate deploy, applies
pending migrations in order). On an existing prod DB, baseline with
prisma migrate resolve --applied <name> rather than reset.
- Subscription packages seeded (
prisma db seed) or created via admin.
Mobile / store
- Dev build (not Expo Go).
EXPO_PUBLIC_API_URL points at prod /api.
- iOS push:
aps-environment = production (driven by EXPO_PUBLIC_ENV), APNs key
uploaded to Firebase, Push capability on the App ID.
- In-app account deletion wired in the UI (calls
DELETE /api/v1/auth/account)
— App Store requires it for apps that create accounts.
- Android 13+
POST_NOTIFICATIONS flow works.
Security / infra
- Docker image runs as non-root + healthcheck (Dockerfile) · throttler uses Redis
(multi-instance) · helmet on · Swagger disabled in production.
- Webhooks authenticated (Apple JWS chain, Google Pub/Sub OIDC) +
@SkipThrottle().
CI / quality gate
- Run
/verify (tsc + build + lint + test) for both packages — all green.
- GitHub Actions CI present (
.github/workflows/ci.yml).
Known deferred (decide per product)
PaymentTransaction.amount is Decimal and populated; verify store payloads
actually carry price in your config.
relationMode = "prisma" (no native FKs) — acceptable but note for data integrity.
- Apple/Google receipt re-verification depth on the
/subscription/upgrade path.