Governance
Production readiness
Production readiness combines runtime health checks, deploy validation, NEXUS AI backup evidence, integration smoke tests, security review, and release records.
Required launch gates
- Environment validation must pass before production startup.
- The public app URL and auth URL must use the production HTTPS origin.
- The health endpoint must report database and required environment checks as healthy.
- Robots and sitemap responses must use the public origin and must not contain localhost URLs.
- Production releases should include test, typecheck, build, and smoke-test evidence.
Operational verification
- Use the production smoke-test script after deploy to check public pages, health, robots, sitemap, and manifest.
- Verify alert channels, incident routing, GitHub webhooks, Stripe webhooks, OTLP ingest, and agent telemetry in a staging organization.
- Keep a current NEXUS AI backup and restore drill record with observed RTO and RPO.
- Monitor the platform itself with a synthetic check against the public site and health endpoint.
Security evidence
- Confirm secrets are stored in the deployment secret store and not committed to the repository.
- Review tenant isolation, RBAC, webhook signatures, SSRF controls, rate limits, and audit log coverage.
- Rotate any credential that was pasted into logs, chat, screenshots, or untrusted storage.
- Document known disabled features, accepted risks, and remediation owners before launch.
Related documentation
Trust and security
Understand RBAC, audit logs, key handling, private routes, operational records, and enterprise readiness controls.
Integrations
Connect AImonitoring to incident response, workflow, deployment, telemetry, and automation providers.
Audit log
Review access, configuration, API key, incident, review, and team-management events.
Tenant lifecycle
Request organization data export and deletion workflows with auditability, worker processing, and deletion tombstones.