shipping-and-launchlisted

# Shipping and Launch ## Overview Ship with confidence. The goal is not just to deploy — it's to deploy safely, with monitoring in place, a rollback plan ready, and a clear understanding of what success looks like. Every launch should be reversible, observable, and incremental. ## When to Use - Deploying a feature to production for the first time - Releasing a significant change to users - Migrating data or infrastructure - Opening a beta or early access program - Any deployment that carries risk (all of them) ## The Pre-Launch Checklist ### Code Quality - [ ] All tests pass (unit, integration, e2e) - [ ] Build succeeds with no warnings - [ ] Lint and type checking pass - [ ] Code reviewed and approved - [ ] No TODO comments that should be resolved before launch - [ ] No `console.log` debugging statements in production code - [ ] Error handling covers expected failure modes ### Security - [ ] No secrets in code or version control - [ ] `npm audit` shows no critical or high vulnerabilities - [ ] Input validation on all user-facing endpoints - [ ] Authentication and authorization checks in place - [ ] Security headers configured (CSP, HSTS, etc.) - [ ] Rate limiting on authentication endpoints - [ ] CORS configured to specific origins (not wildcard) ### Performance - [ ] Core Web Vitals within "Good" thresholds - [ ] No N+1 queries in critical paths - [ ] Images optimized (compression, responsive sizes, lazy loading) - [ ] Bundle size within budget - [ ] Database que