Project: XMRT Ecosystem
Database: vawouugtzwmejxqkeqqj.supabase.co
Frontend: Vercel (devgru-projects/v0-git-hub-sync-website)
- RLS policies enabled on
memory_contextstable - Function
search_pathset topublicfor all custom functions - Database linter warnings resolved
- Review all table RLS policies for completeness
- Test RLS policies with different user roles
- Verify no public access to sensitive user data
- Protected AI chat functions (deepseek, gemini, openai) require JWT
- Protected management functions (agent-manager, code-monitor) require JWT
- Public health/monitoring endpoints configured correctly
- Test authenticated endpoints with valid JWT
- Test authenticated endpoints reject invalid JWT
- Verify public endpoints remain accessible
- All API keys stored in Supabase secrets (not .env)
- Rotate any exposed API keys
- Verify CORS settings for production domain
- GitHub PAT has minimum required scopes
- OpenAI/Gemini/DeepSeek keys have rate limits set
- Production logger utility created (
src/utils/logger.ts) - Replace all
console.logwithlogger.debug(62 files) - Replace all
console.warnwithlogger.warn - Replace all
console.errorwithlogger.error - Test logging in development mode
- Test logging suppression in production mode
- Add UUID validation before database inserts
- Add JSON schema validation for edge function payloads
- Test session key generation (ensure proper UUID format)
- Verify no "invalid input syntax" errors in logs
- Review and address critical TODO/FIXME comments
- Remove unused imports and dead code
- Update TypeScript strict mode compliance
- Run ESLint and fix all errors/warnings
- Indexes created on
conversation_messagestable - Indexes created on
memory_contextstable - Indexes created on
eliza_activity_logtable - Indexes created on
webhook_logs,frontend_events,api_call_logs - Test query performance on large tables
- Verify index usage with
EXPLAIN ANALYZE - Schedule old data cleanup (>90 days)
- Rate limiting table created
-
increment_rate_limit()function created - Add rate limiting middleware to public edge functions
- Set appropriate rate limits per endpoint
- Test rate limiting with load tests
- Configure rate limit error responses
- Review edge function caching opportunities
- Add caching headers to static assets
- Configure CDN caching rules
- Test cache invalidation strategy
-
system_health_summaryview created -
check-frontend-healthfunction deployed - Configure uptime monitoring (UptimeRobot, Better Stack)
- Set up alerting for frontend downtime
- Test health check endpoints
- Integrate Sentry or similar error tracking
- Configure error alerting rules
- Test error capture in production
- Set up error dashboard
- Configure Vercel analytics
- Set up Supabase database monitoring
- Create custom dashboard for business metrics
- Configure slow query alerts
- Set up edge function performance monitoring
- Configure log aggregation (Supabase logs + Vercel logs)
- Set up log retention policy
- Create runbook for common errors
- Test log search and filtering
- Run full test suite
- Test on staging environment
- Verify environment variables in Vercel
- Verify secrets in Supabase
- Backup database before deployment
- Create rollback plan
- Deploy to Vercel production
- Verify all edge functions deployed
- Run smoke tests on production
- Monitor error rates for 1 hour
- Verify health checks passing
- Test critical user flows
- Monitor database performance
- Check error tracking dashboard
- Verify monitoring/alerting working
- Update documentation with production URLs
- Production deployment checklist created
- Update README with production architecture
- Create runbook for common issues
- Document environment variable requirements
- Create database schema documentation
- Document API endpoints and authentication
- Update user guides for production features
- Create FAQ for common issues
- Document support escalation process
- Database: Run
supabase db resetto rollback migrations - Code: Revert to previous Git commit and redeploy
- Edge Functions: Previous versions retained, can redeploy
- Maintenance Mode: Enable if critical issue detected
- Check health dashboard immediately
- Review error logs for root cause
- If data loss risk: enable read-only mode
- Notify stakeholders via status page
- Implement hotfix or rollback
- Post-mortem after resolution
- Database Issues: Supabase Support
- Frontend Issues: Vercel Support
- Security Issues: Escalate immediately
- Business Critical: [Define escalation path]
- ✅ Zero public access to user data without auth
- ✅ All linter errors resolved
- ⏳ Rate limiting active on all public endpoints
- ⏳ Zero UUID/JSON validation errors in logs
- ⏳ Database queries < 100ms (95th percentile)
- ⏳ Edge function cold start < 2s
- ⏳ Frontend uptime > 99.9%
- ⏳ No slow query alerts
- ⏳ Zero console.log in production
- ⏳ All critical TODOs addressed
- ⏳ ESLint passing with no warnings
- ⏳ Health dashboard operational
- ⏳ Error alerting configured
- ⏳ Daily automated health reports
Checklist Completed By: ________________
Date: ________________
Deployment Approved By: ________________
Date: ________________
- Supabase Dashboard
- Vercel Dashboard
- GitHub Repository
- Production Frontend
- Status Page (TODO: Create)
Last Updated: 2025-10-12
Version: 1.0.0