AI writes insecure code more often than you think. Use this 15-point checklist before every production deploy. This guide is written for vibe coders and AI-first developers who ship fast and need production to stay stable.
How to use this checklist
Work through each item sequentially before your next deploy. Some items are one-time setup, others are per-deploy checks. Mark each complete before moving on — don't ship with unchecked items unless you explicitly accept the risk.
The critical items (do these first)
- Error monitoring active — ProdFix or equivalent installed and capturing errors
- Alerts configured — at minimum, alert on new error types and rate spikes
- Rollback plan ready — you can revert in under 2 minutes if needed
- Auth flows tested — signup, login, and logout work from a fresh browser
- Payment flow tested — if you have payments, verify with a real card in production
The important items (do these before launch)
- HTTPS everywhere — including API endpoints and any subdomains
- Security headers set — CSP, HSTS, X-Frame-Options at minimum
- Input validation — all user-facing inputs validated and sanitized
- Rate limiting — on auth endpoints and any expensive operations
- Database queries indexed — no full table scans on frequently-hit queries
The good-to-have items
- Performance budget set and monitored
- Automated tests for critical paths (signup, checkout, core feature)
- Feature flags for risky changes
- Status page for user-facing incidents
After you've completed the checklist
Run through this list again 30 minutes after your next deploy. Catch anything that broke in production that dev didn't show. This habit catches 80% of deploy-related issues before they compound into real problems.
Stop flying blind in production.
ProdFix gives you error monitoring, performance tracking, security alerts, and AI-powered fixes — built for solo founders and vibe coders. One SDK, 2-minute setup, MCP for Cursor + Claude Code.