Deployment Checklist

DigitalOcean, GitHub, and live-gate readiness checklist for safe paper-first operations.

PAPER FIRST

Runtime Readiness

/ready endpointBlocked

Waiting for readiness payload.

PostgreSQLBlocked

Database connection is required for orders, audit logs, and risk settings.

Redis execution queueBlocked

Redis is required for BullMQ order execution.

Order execution workerNot required

Worker heartbeat is mandatory only when live trading is enabled.

Live Readiness Audit

Live LockedWaiting for audit payload.

Loading live readiness audit.

Live readiness auditLoading

Waiting for audit payload.

Live Readiness Gates

Environment live switchLocked

Default-safe mode: live trading is disabled.

Admin/API session loadedLoaded

Dashboard-only live gates loaded from /risk.

App secrets hardenedBlocked

Admin password, session, CSRF, and encryption secrets must not use defaults.

IG credential rotation metadataBlocked

Exposed credentials must be revoked/rotated after the latest exposure cutoff.

Credential reuse denylist guardBlocked

Retired IG credential-set fingerprints are recorded after known exposure, forbidden fingerprints are clear, and the current credentials do not match them.

IG live account scopeMissing

IG_ALLOWED_LIVE_ACCOUNT_ID must pin live trading to one expected account.

Persisted risk settingsBlocked

Revision: missing.

Local IG live order stateBlocked

Active or unknown IG live local orders must be completed or reconciled first.

Dashboard live unlockLocked

Unlock is intentionally short-lived and scoped to the live account, risk-settings revision, and credential scope.

First live order confirmationMissing

The first live IG order requires a second confirmation phrase for the same account, risk revision, and credential scope.

Global live lockLocked

This should remain locked until every live prerequisite is intentionally satisfied.

Manual Deployment Tasks

GitHub push protection enabledManual

Enable repository secret scanning and push protection before publishing.

Broker keys stored in managed secretsManual

Use local env or DigitalOcean managed secrets only; never commit broker credentials.

Production smoke passedManual

Run pnpm deploy:preflight, then APP_URL=https://... API_URL=https://.../api pnpm prod:smoke. Rerun with PRODUCTION_SMOKE_REQUIRE_AUTH=true and rotated admin credentials before changing live gates.

Backups configuredManual

Enable Managed PostgreSQL backups and test restore before live trading.

Emergency key revocation procedure reviewedManual

Know how to revoke IG, Trading 212, and app secrets before enabling live gates.

This page is a readiness dashboard, not live order approval. Live orders still require deterministic risk checks, fresh dashboard unlock, first-order confirmation, manual per-order approval, and worker-side broker validation.