Deployment gate

Deploy only from evidence.

This page keeps preview, staging and production promotion separate. A green build is required, but it is not approval to expose live data, public hosting, domains or external sends.

Current rule

Release branchmain only for the private alpha scaffold
Required local gatenpm run gate on the exact promoted commit
Required remote gateCI green on the pushed commit before review
Data boundarySynthetic/demo records only unless explicitly approved
Send boundaryManual-copy only; no app-side sends

Stop if any blocker exists

  • Promoted commit, CI run, local gate result or rollback path is missing.
  • Live client records are enabled before auth, tenant isolation, backup/restore evidence and Alex approval.
  • External sends are enabled; private alpha remains manual-copy only.
  • Secrets appear in repo files, docs, fixtures, screenshots or browser-visible output.
  • The deploy changes domain, DNS, public hosting, database target or secret handling without explicit approval.

Preview promotion

  1. Clean working tree except the intended release commit.
  2. Run npm run gate locally on the exact commit being promoted.
  3. Push to origin/main and confirm CI is green for that commit.
  4. Record commit SHA, CI URL, gate result, previous green commit and rollback command in release notes.
  5. Review /alpha-status/, /settings/ and this checklist before inviting a private reviewer.

Staging checklist

  • Hosting target is documented.
  • Environment variables match .env.staging.example.
  • TRADE_OFFICE_OS_EXTERNAL_SENDS_ENABLED=0 remains set.
  • Demo or synthetic data only unless Alex approved a specific live-data window.
  • Rollback drill evidence identifies the previous green commit.
  • Incident support runbook owner and stop condition are visible.

Rollback minimum

If any answer is uncertain, do not deploy.

QuestionRequired before promotion
What exact commit is live?Recorded in the release notes / deployment pack
What exact commit is the previous green fallback?Recorded in the release notes / deployment pack
What command or platform action reverts it?Recorded in the release notes / deployment pack
What user-visible risk triggers immediate rollback?Recorded in the release notes / deployment pack
Who must be notified before repair resumes?Recorded in the release notes / deployment pack

Preview

Private reviewer workflow only after local gate and CI are green.

Staging

Requires documented hosting target, env contract, rollback drill and synthetic data boundary.

Production

Blocked until Alex approves hosting, domain, database and first live-data window.