Pre-launch production readiness checklist. Covers performance, security, observability, and operational readiness. Use when preparing to ship, doing pre-launch review, or checking production readiness.
Ship confidently. Check everything that matters before going live.
| Trigger | Example |
|---|---|
pre-launch | "run pre-launch checklist" |
production ready | "is this production ready?" |
ship it | "what do I need before I ship?" |
launch checklist | "launch checklist for my SaaS" |
go live | "checklist before we go live" |
Run through each section. Mark items as you go.
[ ] No secrets in code or git history
[ ] Environment variables for all config
[ ] HTTPS everywhere (no HTTP)
[ ] Auth on all protected endpoints
[ ] Input validation on all user input
[ ] SQL parameterized queries (no string concat)
[ ] CORS configured (not *)
[ ] Rate limiting on auth endpoints
[ ] Dependency audit (npm audit / govulncheck)
[ ] Error messages don't leak internals
[ ] Database backups configured and tested
[ ] Backup restore tested (actually restore one)
[ ] Migrations are reversible (down migrations exist)
[ ] Sensitive data encrypted at rest
[ ] PII handling documented
[ ] Data retention policy defined
[ ] Response times under 200ms p95 for core paths
[ ] Database queries have appropriate indexes
[ ] No N+1 queries in hot paths
[ ] Connection pooling configured
[ ] Static assets on CDN (if applicable)
[ ] Load tested at 2x expected traffic
[ ] Structured logging (JSON, not printf)
[ ] Request ID in all logs
[ ] Health check endpoint (/health or /healthz)
[ ] Key metrics exported (request count, latency, errors)
[ ] Error alerting configured (PagerDuty, Slack, email)
[ ] Log aggregation (stdout -> your log service)
[ ] Graceful shutdown implemented
[ ] Readiness vs liveness probes (if K8s)
[ ] Zero-downtime deployments
[ ] Rollback plan documented and tested
[ ] Circuit breakers on external dependencies
[ ] Timeout on all external calls
[ ] README with setup instructions
[ ] Runbook for common incidents
[ ] On-call rotation (even if just you)
[ ] Domain + DNS configured
[ ] SSL cert auto-renewal
[ ] Monitoring dashboard (Grafana, Datadog, etc.)
[ ] Terms of service / privacy policy
[ ] Payment processing tested (if applicable)
[ ] Analytics tracking (PostHog, Mixpanel, etc.)
[ ] Error tracking (Sentry, Bugsnag)
[ ] Customer support channel (email at minimum)
[ ] Status page (optional but professional)
For a quick pass, focus on:
Work through every section. Generate a report:
## Production Readiness Report: [Service Name]
Date: [date]
### Status: READY / NOT READY
### Passed: X/Y items
### Failed:
- [ ] Item 1 - [action needed]
- [ ] Item 2 - [action needed]
### Risk Acceptance:
- [Item skipped and why]