Operate
Go-live Checklist
Product
- Mobile onboarding completes against the target environment.
- Login, refresh, logout, PIN reset, and session revocation work.
- Wallet home shows real API state, not stale mock state.
- Money-flow confirmation uses quote and idempotency.
- Savings, cards, beneficiaries, notifications, documents, and support have honest available/unavailable states.
API
- Health and readiness are green.
- CORS is limited to expected portal/mobile origins.
- Swagger/OpenAPI exposure is deliberate.
- Rate limits and idempotency are active for money mutation endpoints.
- Plane A and Plane B credentials are not interchangeable.
Operations
- ArgoCD apps are Synced and Healthy.
- Harbor image tags are immutable for deployments.
- Vault secrets are present and not copied into Git.
- Grafana/Loki dashboards show app errors, 5xx, pod restarts, and ingress status.
- Log retention and disk pressure alerts are configured.
Money movement
- Sandbox stays simulated.
- Staging uses live rails only for explicit validation.
- Manual approval and provider limits are documented before enabling production movement.
Last modified on