Production Checklist
Essential checks before going live
Security
-
Environment Variables
- All secrets configured in deployment platform
- No hardcoded credentials in code
- Service role key kept server-side only
-
Row Level Security
- RLS enabled on all tables
- Policies tested for all user roles
- No public access without policies
-
HTTPS/SSL
- SSL certificate active
- All requests use HTTPS
- Custom domain configured (if applicable)
-
Authentication
- Auth providers configured
- Email templates working
- Password reset functional
Database
-
Migrations
- All migrations pushed to production
- Meta tables refreshed (
select supasheet.refresh_metadata();run after the last schema-affecting migration) - Seed data loaded (if needed)
-
Indexes
- Indexes on frequently queried columns
- Indexes on foreign keys
- Performance tested
-
Backups
- Automated backups enabled
- Backup retention configured
- Restore procedure tested
-
supasheetschema exposed via PostgREST ([api].schemasincludessupasheetand every domain schema you use) -
Permissions seeded for every table, view, chart, dashboard, report, and template
-
At least one user holds the
x-adminrole -
Audit triggers attached to tables you want to track
-
:audit/:commentpermissions granted where the audit / comment tabs should be visible
Application
-
Features Working
- CRUD operations functional across every view type (Sheet, Kanban, Calendar, Gallery, List, Tree)
- File uploads working (
FILE,FILE_OBJECT,AVATAR) - Charts, dashboards, reports load
- Templates apply and create the expected rows
- Comments post and load with the right permissions
- Notifications bell updates and
mark all readworks - SQL editor only accepts read-only queries
-
Responsive Design
- Mobile, tablet, and desktop tested
-
Performance
- Page load times acceptable
- Images optimised, no console errors
- Indexes on frequently filtered columns
Testing
- Authentication flows
- Sign up, sign in, password reset, MFA enrol/verify
- OAuth identities link/unlink
- Admin flows
- Create / invite / update / delete users via Edge Functions
- Assign / revoke roles
- Permission matrix updates flow into the UI
Launch
Once all checks pass:
- Deploy to production
- Test critical features
- Monitor for first 24 hours
- Gather user feedback
Congratulations on launching! 🎉