// Use before pushing to a deployed environment (staging or prod). Walks through env vars, migrations, secrets, build, and rollback prep.
Use when adding a new full-stack CRUD resource (e.g. "add a Comments resource"). Walks through Prisma model, Zod schema, tRPC router, and React page in order. Mirrors the patterns already used by Contact/Task/Project.
Use the first time an agent (or human) opens this repo. Installs deps, prepares the env, validates that the dev environment works, and points the agent at the right files.
Use when starting a real project from this template. Removes the CRM demo (Contact/Task/Project) cleanly so the repo is a blank slate without breaking guardrails.
Use on every commit. The pre-commit hooks run checks in parallel. If any fail, read ALL errors, fix them in one pass, and retry. NEVER use --no-verify.
| name | deploy-checklist |
| description | Use before pushing to a deployed environment (staging or prod). Walks through env vars, migrations, secrets, build, and rollback prep. |
Run through this before every deploy. Skipping it is how outages happen.
Every variable in example.env must exist in the deploy target with a real value:
DATABASE_URL — points at the production Postgres (not local!)PORT — matches what the platform expects (usually set by the platform itself)NODE_ENV=productionRun on your local machine pointing at the prod env (carefully):
# Confirm the deployed app can reach the prod DB.
DATABASE_URL="<prod url>" npx prisma db pull --print | head -20
If that errors, fix the connection string before deploying.
DATABASE_URL="<prod url>" npx prisma migrate deploy
migrate deploy is the only command safe for production — it never resets, never prompts. Never run migrate dev against prod.
npx gitleaks detect --no-banner
If gitleaks finds anything in history, stop. Rotate the leaked credential and force-push only after coordinating with the user. Hardcoded secrets are the #1 cause of preventable breaches.
Check .env is in .gitignore:
git check-ignore .env # must print ".env"
npm run build
Both the client (vite build) and server (tsc -p tsconfig.server.json) must build clean. If either errors, deploy fails — fix locally first.
npm run typecheck && npm run lint && npm run lint:unused && npm run test:run
CI does this too, but running locally first catches issues before they waste deploy time.
NODE_ENV=production node dist/server/index.js
# In another terminal:
curl http://localhost:3001/api/health
{ "status": "ok", "env": "production" } means the server started cleanly. Hit a tRPC endpoint too:
curl http://localhost:3001/trpc/contact.list
Know how you'll roll back before you deploy:
prisma migrate resolve --rolled-back <migration-name> if a migration corrupted stateprisma migrate deploy succeededgitleaks detect clean.env is in .gitignorenpm run build succeeds locallytypecheck, lint, lint:unused, test:run all pass