Supasheet.

Production Checklist

Essential checks before going live

Security

  • Environment Variables

    • All secrets configured in deployment platform
    • No hardcoded credentials in code
    • Service role key kept server-side only
  • Row Level Security

    • RLS enabled on all tables
    • Policies tested for all user roles
    • No public access without policies
  • HTTPS/SSL

    • SSL certificate active
    • All requests use HTTPS
    • Custom domain configured (if applicable)
  • Authentication

    • Auth providers configured
    • Email templates working
    • Password reset functional

Database

  • Migrations

    • All migrations pushed to production
    • Meta tables refreshed (select supasheet.refresh_metadata(); run after the last schema-affecting migration)
    • Seed data loaded (if needed)
  • Indexes

    • Indexes on frequently queried columns
    • Indexes on foreign keys
    • Performance tested
  • Backups

    • Automated backups enabled
    • Backup retention configured
    • Restore procedure tested
  • supasheet schema exposed via PostgREST ([api].schemas includes supasheet and every domain schema you use)

  • Permissions seeded for every table, view, chart, dashboard, report, and template

  • At least one user holds the x-admin role

  • Audit triggers attached to tables you want to track

  • :audit / :comment permissions granted where the audit / comment tabs should be visible

Application

  • Features Working

    • CRUD operations functional across every view type (Sheet, Kanban, Calendar, Gallery, List, Tree)
    • File uploads working (FILE, FILE_OBJECT, AVATAR)
    • Charts, dashboards, reports load
    • Templates apply and create the expected rows
    • Comments post and load with the right permissions
    • Notifications bell updates and mark all read works
    • SQL editor only accepts read-only queries
  • Responsive Design

    • Mobile, tablet, and desktop tested
  • Performance

    • Page load times acceptable
    • Images optimised, no console errors
    • Indexes on frequently filtered columns

Testing

  • Authentication flows
    • Sign up, sign in, password reset, MFA enrol/verify
    • OAuth identities link/unlink
  • Admin flows
    • Create / invite / update / delete users via Edge Functions
    • Assign / revoke roles
    • Permission matrix updates flow into the UI

Launch

Once all checks pass:

  1. Deploy to production
  2. Test critical features
  3. Monitor for first 24 hours
  4. Gather user feedback

Congratulations on launching! 🎉

On this page