Interactive checklist to set up the production environment on Railway from scratch. Run this when staging is verified and you're ready for real users.
You are helping the user launch Tandem to production for the first time. Walk through each step interactively — do not proceed to the next step until the user confirms the previous one is done.
Start by saying: "Before we begin: is staging fully working? Can you log in, detect a task from Slack, and see it scheduled in Google Calendar on staging? (yes/no)"
If the answer is no, stop and say: "Get staging working first. Production setup is pointless until staging is verified."
If yes, proceed through the steps below one at a time.
Say: "Go to your Railway dashboard and create a new project called 'tandem-production'.
Add the same services as staging:
Once created, Railway will give you two URLs — one for the backend, one for the frontend. Paste both here."
Wait for the user to paste the URLs. Save them as PROD_BACKEND_URL and PROD_FRONTEND_URL for use in later steps.
Say: "Now create a SEPARATE Slack App for production. Do not reuse the staging/dev app.
Go to api.slack.com/apps → Create New App → 'Tandem' (no 'Dev' in the name).
In the new app:
Once done, paste these three values:
Wait for the user to paste all three.
Say: "You can use the same Google Cloud project as staging — just add the production redirect URI.
Go to console.cloud.google.com → your project → APIs & Services → Credentials → your OAuth client → Edit.
Under 'Authorized redirect URIs', add: [PROD_BACKEND_URL]/api/connect/google/callback
Click Save.
Paste your Google Client ID and Client Secret (same as staging is fine):"
Wait for confirmation.
Say: "Now generate fresh secrets for production. Run these commands in your terminal and paste the output:
# JWT Secret
openssl rand -hex 64
# Encryption Key
openssl rand -hex 32
IMPORTANT: These must be different from your staging secrets. Never share secrets between environments.
Paste both values here (I will use them in the next step but will not store them):"
Wait for confirmation.
Say: "In Railway → tandem-production → backend service → Variables, set ALL of these:
NODE_ENV=production
DATABASE_URL=<auto-filled by Railway — check the PostgreSQL plugin>
REDIS_URL=<auto-filled by Railway — check the Redis plugin>
JWT_SECRET=<the JWT secret you just generated>
ENCRYPTION_KEY_CURRENT=<the encryption key you just generated>
ENCRYPTION_KEY_PREVIOUS=<leave empty for now>
SLACK_CLIENT_ID=<from the production Slack App>
SLACK_CLIENT_SECRET=<from the production Slack App>
SLACK_SIGNING_SECRET=<from the production Slack App>
GOOGLE_CLIENT_ID=<from Google Cloud>
GOOGLE_CLIENT_SECRET=<from Google Cloud>
GOOGLE_REDIRECT_URI=[PROD_BACKEND_URL]/api/connect/google/callback
OPENAI_API_KEY=<your OpenAI key>
FRONTEND_URL=[PROD_FRONTEND_URL]
Tell me when all variables are set."
Say: "Trigger a deploy in Railway → tandem-production → backend → Deploy.
The start command should run migrations automatically (pnpm db:migrate && pnpm start).
If migrations don't run automatically, open the Railway shell and run:
cd packages/backend && pnpm prisma migrate deploy
Confirm: did migrations run without errors? Paste the migration output."
Say: "Open this URL in your browser: [PROD_BACKEND_URL]/api/health
It should return something like: { 'status': 'ok', 'db': 'connected', 'redis': 'connected' }
Paste what you see."
If the health check fails, diagnose the error from Railway logs before proceeding.
Say: "Set up free uptime monitoring so you know immediately if production goes down.
Go to uptimerobot.com (free) → Add New Monitor:
Tell me when that's done."
Say: "Now install the production Slack App to your real workspace.
In the Slack App dashboard → OAuth & Permissions → Install to Workspace.
This gives you the production Bot Token. Add it to Railway production environment variables: SLACK_BOT_TOKEN=<the xoxb- token>
Redeploy the backend after adding this variable."
Say: "Final check. In your real Slack workspace:
Did all 7 steps work? (yes/no)"
If yes: "Production is live. A few things to do in the next 24 hours:
If no: "Tell me which step failed and paste the error from Railway logs. We'll diagnose before considering this done."