Skip to main content
🚀

Phase 1 Launch Readiness

Pre-launch checklist covering auth, legal, AI features, integrations, and environment configuration.

Phase 1 Launch Verdict

🚫 NO-GO

1 critical issue must be resolved before launch.

Score

66%

Readiness Score

66%

19 of 29 checks pass

Passing

19

checks confirmed

Warnings

3

need attention

Failing

1

must fix before launch

🗄️ Database Backup Status

Supabase Auto-Backup✓ Enabled (Daily)
Point-in-Time Recovery✓ Available
Migrations Applied✓ 22 migrations
RLS Policies✓ Active on all tables

Supabase Pro/Team plans include automated daily backups with 7-day retention.

💳 Payment Flow Status

Stripe Publishable Key✓ Configured
Stripe Secret Key✗ Placeholder
Webhook Secret✗ Placeholder
PaymentIntent Flow⚠ Blocked (no secret key)
Subscription Billing UI✓ Built

Add STRIPE_SECRET_KEY + STRIPE_WEBHOOK_SECRET to enable end-to-end payment flow.

Action Required Before Launch

RESEND_API_KEY — Email delivery broken

All invitation and notification emails will silently fail. Set your key at resend.com/api-keys

STRIPE_SECRET_KEY + STRIPE_WEBHOOK_SECRET — Billing non-functional

Payments will not process. Get keys at dashboard.stripe.com/apikeys

✓ Pass
Password Reset Flow→ View

Forgot password → email link → reset password pages

/forgot-password and /reset-password routes implemented with Supabase auth

✓ Pass
Email Verification→ View

Post-signup email verification screen and flow

/verify-email page implemented with resend verification link support

✓ Pass
Two-Factor Authentication (2FA)→ View

TOTP-based 2FA with QR code and backup codes

TwoFactorSettings component in /settings with TOTP setup, QR code, backup codes, and /api/auth/2fa/setup + /verify routes

✓ Pass
Auth Middleware & Route Protection

Protected routes redirect unauthenticated users to login

src/middleware.ts enforces auth on all protected routes

✓ Pass
AI Governance Assistant→ View

Floating GPT-4 chat panel on all screens

Route implemented with tier gating + rate limiting. OPENAI_API_KEY is configured.

✓ Pass
AI Risk Auto-Assessment

Auto-generates risk assessments from use case descriptions

Route implemented, tier gating + audit logging active. OPENAI_API_KEY configured.

✓ Pass
AI Policy Generator→ View

Generates governance policy documents (Professional+)

Route implemented, tier_1 blocked with 403. OPENAI_API_KEY configured.

✓ Pass
AI Use Case Classifier

Classifies AI systems by risk tier and EU AI Act category

Route implemented with tier gating + audit logging. OPENAI_API_KEY configured.

✓ Pass
AI Compliance Checker

Checks documents against compliance frameworks (Enterprise only)

Route implemented, tier_1 + tier_2 blocked with 403. OPENAI_API_KEY configured.

✓ Pass
Supabase (Database + Auth)

PostgreSQL database with RLS policies and auth

NEXT_PUBLIC_SUPABASE_URL and keys configured. Migrations applied.

⚠ Warn
Stripe (Billing)→ View

Subscription billing and payment processing

Publishable key configured. STRIPE_SECRET_KEY and STRIPE_WEBHOOK_SECRET are placeholders — billing will not process payments until set.

✗ Fail
Resend (Email)

Transactional email for invitations and notifications

RESEND_API_KEY is a placeholder. All email sends will silently fail until configured.

✓ Pass
Google Analytics 4

User behavior and funnel tracking

G-69ZS4E6559 configured. GA only fires in production (NODE_ENV=production) and respects cookie consent.

⚠ Warn
Redis (Caching)

Query result caching for performance

REDIS_URL is a placeholder. App works without it — caching is disabled. Skipped in development mode.

⚠ Warn
Sentry (Error Tracking)

Production error monitoring and alerting

NEXT_PUBLIC_SENTRY_DSN is a placeholder. Error tracking disabled until configured.

— Pending
Database Tables (40+ required)

All 28+ core tables deployed via migrations

Run /api/health to verify — requires organizations, profiles, ai_use_cases, risk_assessments, controls_library, certifications, audit_logs, and 21+ more tables

— Pending
RLS Policies Active

Row-level security enabled on all tables (min 3 per table)

Run /api/health to verify — minimum 84 policies required (28 tables × 3: SELECT/INSERT/UPDATE)

— Pending
Controls Library Seeded (28+ controls)

ISO 42001, EU AI Act, GDPR, NIST controls seeded

Run /api/health to verify — controls_library must have ISO 42001, EU AI Act, GDPR, and NIST framework controls

— Pending
Pricing Tiers Seeded

Basic, Professional, Enterprise tiers configured

Run /api/health to verify — organizations table must have Basic/Professional/Enterprise tier data

— Pending
Database Functions Deployed

calculate_certification_audit_readiness, calculate_cmri_score

Run /api/health to verify — both PostgreSQL functions must exist for CMRI scoring and certification readiness

— Pending
Performance Indexes (45+ required)

Query performance indexes created from migrations

Run /api/health to verify — minimum 45 indexes required for production query performance

🤖 AI Feature Tier Gating — Alpha / Beta / Gamma

Alpha = Basic (tier_1) · Beta = Professional (tier_2) · Gamma = Enterprise (tier_3)

FeatureEndpointAlpha (tier_1)Beta (tier_2)Gamma (tier_3)Rate Limits
AI Governance Assistant
All Tiers		/api/ai/governance-chat✓ Available✓ Available✓ Available
Basic: 100/day
Pro: 500/day
Enterprise: Unlimited
AI Risk Auto-Assessment
All Tiers		/api/ai/auto-assess✓ Available✓ Available✓ Available
Basic: 100/day
Pro: 500/day
Enterprise: Unlimited
AI Document Analyzer
Professional+		/api/ai/analyze-document⊘ Gated (403)✓ Available✓ Available
Basic: Blocked (403)
Pro: 10/month
Enterprise: Unlimited
AI Use Case Classifier
All Tiers		/api/ai/classify-use-case✓ Available✓ Available✓ Available
Basic: 100/day
Pro: 500/day
Enterprise: Unlimited
AI Compliance Checker
Enterprise Only		/api/ai/compliance-check⊘ Gated (403)⊘ Gated (403)✓ Available
Basic: Blocked (403)
Pro: Blocked (403)
Enterprise: Unlimited

✓ Note: OPENAI_API_KEY is now configured. All AI features are active and responding.

🔑 Environment Variables

6 of 14 configured

Configured (6)Placeholder (8)
Configured
NEXT_PUBLIC_SUPABASE_URLSupabase URL
Configured
NEXT_PUBLIC_SUPABASE_ANON_KEYSupabase Anon Key
Configured
SUPABASE_SERVICE_ROLE_KEYSupabase Service Role Key
Configured
OPENAI_API_KEYOpenAI API Key

Primary provider: document analysis, compliance check, auto-assess, use case classifier

Configured
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEYStripe Publishable Key
Placeholder
STRIPE_SECRET_KEYStripe Secret Key

Required for billing — get from dashboard.stripe.com/apikeys

Placeholder
STRIPE_WEBHOOK_SECRETStripe Webhook Secret

Required for webhook verification — get from Stripe dashboard

Placeholder
ANTHROPIC_API_KEYAnthropic Claude 3 Key

Secondary provider: governance chat, policy generation — enables automatic fallback

Placeholder
PERPLEXITY_API_KEYPerplexity API Key

Optional: web-grounded queries — get from perplexity.ai/settings/api

Placeholder
RESEND_API_KEYResend API Key

Required for email delivery — get from resend.com/api-keys

Configured
NEXT_PUBLIC_GA_MEASUREMENT_IDGoogle Analytics ID

G-69ZS4E6559 — real value set

Placeholder
REDIS_URLRedis URL

Optional — caching disabled without it. Use Upstash or Redis Cloud

Placeholder
NEXT_PUBLIC_SENTRY_DSNSentry DSN

Optional — error tracking disabled without it. Get from sentry.io

Placeholder
SENTRY_AUTH_TOKENSentry Auth Token

Optional — needed for source maps upload

🔗 Quick Navigation

Integration ValidatorFinal VerificationTesting DashboardAI Policy GeneratorSettings & 2FASubscription & BillingSupportTerms of Service